| |
| |||||||
Log-Analyse und Auswertung: Monstermarketplace und Scareware sowie seltsame WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.09.2013, 20:20
| #1 |
| |  Monstermarketplace und Scareware sowie seltsame Werbung Hallo, mein Laptop hat sich am 27.08.2013 eine fette "Grippe" aus dem Netz geholt. Die Deltasearch-Toolbar hab ich noch mit Hilfe des Semper-Videos "Delta Search entfernen" auf YouTube weggekriegt. Einfach Programme über Systemsteuerung deinstallieren und die Browser neu einstellen. Was blieb waren die unterstrichenen und farbig markierten Wörter auf den Web-Seiten, die auf den Monstermarketplace umleiten, dann die ständigen "Angstmeldungen", dass das System Fehler aufweist, keine Resourcen mehr hat und dies und das fehlt, alles blickende pseudo Warnmeldungen, der Rechner müsste eigentlich gleich expoldieren....und zuletzt noch die komische Werbung, hauptsächlich für Spiele und hässliche Mädels. Aber jetzt hört mein Latein auf und mehr trau ich mich am Rechner auch nicht ohne Fachrat zu tun. Hätte mir dann fast noch den SpyHunter angetan, doch dann hab ich Euch entdeckt  . Mein Virenscaner AVG (freeware) hat nichts gefunden. Ich habe jetzt die angegeben Schritte befolgt und die Logfiles wie beschrieben der Reihe nach erstellt erstellt. Vielen Dank.Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:50 on 18/09/2013 (PapasBuero)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by PapasBuero (administrator) on PAPASBUERO-PC on 18-09-2013 16:55:12
Running from C:\Users\PapasBuero\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0EC4028037EC0200&affID=119357&tsp=4987
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default
FF user.js: detected! => C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] - C:\Program Files (x86)\LyriXeeker\130.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\130.xpi
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-11] (SurfRight B.V.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S2 rimsptsk; \SystemRoot\system32\DRIVERS\rimssn64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:53 - 2013-09-18 16:53 - 01950524 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-11 15:20 - 2013-09-12 15:01 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:20 - 2013-09-11 15:52 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-10 22:08 - 2013-09-10 22:08 - 00008488 _____ C:\Windows\DPINST.LOG
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 13:10 - 2013-09-18 16:37 - 00000560 _____ C:\Windows\setupact.log
2013-08-30 12:37 - 2013-08-30 12:44 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-27 18:40 - 2013-08-27 18:40 - 00003262 _____ C:\Windows\System32\Tasks\DSite
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\DSite
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Babylon
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\ProgramData\Babylon
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-27 18:33 - 2013-08-27 18:34 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:44 - 2013-09-10 22:08 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:39 - 2013-08-27 17:41 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-23 19:44 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-23 19:44 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-23 19:44 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-23 19:44 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-23 19:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-23 19:44 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-23 19:44 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-23 19:44 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-23 19:44 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-23 19:44 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-23 19:44 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-21 14:45 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 14:45 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 14:45 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 14:45 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 14:45 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 14:45 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 14:45 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 14:45 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 14:45 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 14:45 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 14:45 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 14:45 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 14:45 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 14:45 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 10:08 - 2013-08-27 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 09:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 09:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 09:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 09:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 09:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 09:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:53 - 2013-09-18 16:53 - 01950524 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-18 16:51 - 2013-06-09 22:20 - 01262622 _____ C:\Windows\WindowsUpdate.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:50 - 2013-06-09 22:28 - 00000000 ____D C:\Users\PapasBuero
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-18 16:45 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 16:45 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 16:37 - 2013-08-30 13:10 - 00000560 _____ C:\Windows\setupact.log
2013-09-18 16:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 16:34 - 2013-08-01 17:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 16:34 - 2013-06-24 23:06 - 00000988 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-18 16:34 - 2013-06-24 23:02 - 00000000 ____D C:\ProgramData\MFAData
2013-09-12 16:24 - 2013-06-17 07:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Bewerbung
2013-09-12 15:01 - 2013-09-11 15:20 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:52 - 2013-09-11 15:20 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:35 - 2013-08-01 17:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 15:34 - 2013-08-01 17:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 15:34 - 2013-08-01 17:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-10 22:08 - 2013-09-10 22:08 - 00008488 _____ C:\Windows\DPINST.LOG
2013-09-10 22:08 - 2013-08-27 17:44 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-10 22:08 - 2013-03-26 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-09 10:36 - 2009-07-14 19:58 - 00643866 _____ C:\Windows\system32\perfh007.dat
2013-09-09 10:36 - 2009-07-14 19:58 - 00126394 _____ C:\Windows\system32\perfc007.dat
2013-09-09 10:36 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 12:44 - 2013-08-30 12:37 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-30 10:07 - 2013-07-25 16:29 - 00000000 ____D C:\Windows\Minidump
2013-08-27 18:40 - 2013-08-27 18:40 - 00003262 _____ C:\Windows\System32\Tasks\DSite
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\DSite
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Babylon
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\ProgramData\Babylon
2013-08-27 18:40 - 2013-08-27 18:40 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-27 18:40 - 2013-08-20 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 18:34 - 2013-08-27 18:33 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:41 - 2013-08-27 17:39 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-26 11:57 - 2013-06-25 22:03 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-08-22 09:15 - 2013-06-25 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 15:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 14:44 - 2013-08-09 20:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-21 14:43 - 2013-07-08 21:00 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\PapasBuero\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 17:03
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by PapasBuero at 2013-09-18 16:55:58
Running from C:\Users\PapasBuero\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 210 Scanner Driver
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
HitmanPro.Alert (Version: 2.0.10.45)
HP Quick Launch Buttons (x32 Version: 6.50.17.1)
Intel(R) Management Engine Interface
Intel® Active Management Technology
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
QLBCASL (x32 Version: 6.40.17.2)
Samsung Universal Print Driver 2 (x32 Version: 2.50.02.00)
Sony Ericsson Update Engine (x32 Version: 2.13.9.201308081522)
Sony PC Companion 2.10.173 (x32 Version: 2.10.173)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
==================== Restore Points =========================
20-07-2013 15:52:34 Geplanter Prüfpunkt
05-08-2013 18:06:01 Geplanter Prüfpunkt
09-08-2013 18:55:05 Windows Update
21-08-2013 12:42:11 Windows Update
23-08-2013 18:51:34 Windows Update
27-08-2013 15:44:11 Sony PC Companion
27-08-2013 15:51:06 Sony PC Companion
27-08-2013 15:56:00 Uninstalled Sony Ericsson Drivers
27-08-2013 15:56:16 Installed Sony Ericsson Drivers
30-08-2013 08:13:05 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {33391FE2-33EC-4C30-A223-D01EE8B6A935} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {42AEE440-532B-43E9-A995-EF7FC849EEF2} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {78BCC9B1-9608-4329-8AB4-F99E79D28B6C} - System32\Tasks\DSite => C:\Users\PAPASB~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {7F64E9F7-5977-496B-BD3C-128025DB902D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {8AE82FB8-AC63-48E6-9A2D-D9D4AE2A4679} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-11 15:20 - 2013-09-11 15:52 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-08-27 17:43 - 2013-05-21 08:57 - 00593920 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\NewUI.dll
2013-08-27 17:43 - 2013-02-05 12:49 - 00701952 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\bvrpctln.dll
2013-08-27 17:43 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-08-27 17:43 - 2013-08-27 09:26 - 00920064 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Device.dll
2013-08-27 17:43 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-08-27 17:43 - 2011-04-04 14:14 - 00113664 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\WUNPACLN.dll
2013-08-27 17:43 - 2013-07-24 11:10 - 00991232 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.dll
2013-08-27 17:43 - 2012-12-26 15:44 - 00287744 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PluginManager.dll
2013-08-27 17:43 - 2013-04-23 17:27 - 00342528 _____ (TODO: <Company name>) C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdateTools.dll
2013-08-27 17:43 - 2012-07-11 17:39 - 00329728 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\DownloadManager.dll
2013-05-14 09:36 - 2013-05-14 09:36 - 00913408 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\BackupRestore.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-08-27 17:43 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-05-27 12:22 - 2013-05-27 12:22 - 00339456 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\CrashDump.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-08-27 17:43 - 2013-06-10 17:46 - 00285696 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Statistics.dll
2013-08-27 17:43 - 2013-06-07 11:38 - 00183296 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\WebServices.dll
2013-06-25 21:43 - 2010-04-08 13:43 - 00032768 _____ (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\DE\CNSELANG.dll
2013-08-20 10:08 - 2013-08-20 10:09 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 15:34 - 2013-09-11 15:34 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
Name: Ricoh Memory Stick Controller
Description: Ricoh Memory Stick Host Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Ricoh Company
Service: rimsptsk
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/18/2013 04:38:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/18/2013 04:38:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/18/2013 10:03:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/18/2013 10:03:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2013 08:20:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2013 08:20:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 10:04:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 10:04:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/13/2013 11:29:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/13/2013 11:29:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (09/18/2013 04:37:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/18/2013 04:37:50 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (09/18/2013 04:37:50 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/18/2013 04:36:46 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/18/2013 04:05:06 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (09/18/2013 11:44:00 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (09/18/2013 11:02:47 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (09/18/2013 10:02:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/18/2013 10:02:39 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (09/18/2013 10:02:39 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Microsoft Office Sessions:
=========================
Error: (09/18/2013 04:38:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/18/2013 04:38:30 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/18/2013 10:03:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/18/2013 10:03:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/17/2013 08:20:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/17/2013 08:20:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/16/2013 10:04:40 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/16/2013 10:04:40 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/13/2013 11:29:58 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
Error: (09/13/2013 11:29:58 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2013-09-18 16:21:45.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-18 16:05:54.799
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-18 11:44:10.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-18 11:03:41.993
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-18 10:09:33.613
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 23:07:30.647
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-16 22:18:51.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-16 22:10:25.068
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-13 11:41:11.843
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-12 18:03:35.097
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4027.27 MB
Available physical RAM: 2250.43 MB
Total Pagefile: 8052.71 MB
Available Pagefile: 6257.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:143.19 GB) (Free:107.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: B8EB550D)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-18 17:28:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS723216L9A360 rev.FC2OC60A 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PAPASB~1\AppData\Local\Temp\awtyipob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002bb5000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff80002bb5042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atieclxx.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\atieclxx.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\atieclxx.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\atieclxx.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\svchost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\svchost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\svchost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\spoolsv.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\System32\spoolsv.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\System32\spoolsv.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\System32\spoolsv.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1948] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1948] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1948] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\AMT\LMS.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Intel\AMT\LMS.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Intel\AMT\LMS.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Intel\AMT\LMS.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Intel\AMT\LMS.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\taskhost.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\taskhost.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\taskhost.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\Dwm.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\Dwm.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\Dwm.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\Dwm.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000760f51dd 7 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 00000000760f610b 7 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 00000000760fc6c1 7 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 000000007613fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 000000007613fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 000000007613fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3400] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3400] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[3412] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[3412] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[3412] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3648] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3648] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3648] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3668] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3668] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3668] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\wbem\wmiprvse.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\wbem\wmiprvse.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\wbem\wmiprvse.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[5596] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[5596] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[5596] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[5644] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077511430 5 bytes JMP 0000000077670010
.text C:\Windows\system32\SearchIndexer.exe[5644] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077511490 5 bytes JMP 0000000077670028
.text C:\Windows\system32\SearchIndexer.exe[5644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000775117b0 1 byte JMP 0000000077670040
.text C:\Windows\system32\SearchIndexer.exe[5644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 00000000775117b2 3 bytes {JMP 0x15e890}
.text C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776bfac0 5 bytes JMP 000000017397f6f0
.text C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776bfb58 5 bytes JMP 000000017397f830
.text C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776c0038 5 bytes JMP 000000017397f750
.text C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076261465 2 bytes [26, 76]
.text C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762614bb 2 bytes [26, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e1a158c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e1a158c (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
18.09.2013, 20:52
| #2 |
| /// the machine /// TB-Ausbilder    | Monstermarketplace und Scareware sowie seltsame Werbung Downloade Dir bitte
__________________ Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
19.09.2013, 10:55
| #3 |
| | Monstermarketplace und Scareware sowie seltsame Werbung Hallo Schrauber,
__________________vielen Dank für die schnelle Antwort. Bin gut klar gekommen. Hier die Ergebnis-Log-Files nacheinander: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 PapasBuero :: PAPASBUERO-PC [Administrator] Schutz: Aktiviert 19.09.2013 10:57:36 mbam-log-2013-09-19 (10-57-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195463 Laufzeit: 2 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\PapasBuero\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 18 C:\Users\PapasBuero\AppData\Local\Temp\96812B44-BAB0-7891-A92A-C30C22B0B89E\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PapasBuero\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\00.crx (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\00.xpi (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\01.crx (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\01.xpi (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\02.crx (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\02.xpi (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\130.crx (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\130.dat (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\130.xpi (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\crx.dat (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\crx.db (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\Uninstall.exe (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\xpi.dat (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\xpi.db (PUP.Optional.Lyrixeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2013/09/19 10:55:46 +0200 PAPASBUERO-PC PapasBuero MESSAGE Starting protection
2013/09/19 10:55:46 +0200 PAPASBUERO-PC PapasBuero MESSAGE Protection started successfully
2013/09/19 10:55:46 +0200 PAPASBUERO-PC PapasBuero MESSAGE Starting IP protection
2013/09/19 10:56:10 +0200 PAPASBUERO-PC PapasBuero MESSAGE IP Protection started successfully
2013/09/19 10:56:42 +0200 PAPASBUERO-PC PapasBuero MESSAGE Starting database refresh
2013/09/19 10:56:42 +0200 PAPASBUERO-PC PapasBuero MESSAGE Stopping IP protection
2013/09/19 10:56:49 +0200 PAPASBUERO-PC PapasBuero MESSAGE IP Protection stopped successfully
2013/09/19 10:56:52 +0200 PAPASBUERO-PC PapasBuero MESSAGE Database refreshed successfully
2013/09/19 10:56:52 +0200 PAPASBUERO-PC PapasBuero MESSAGE Starting IP protection
2013/09/19 10:56:56 +0200 PAPASBUERO-PC PapasBuero MESSAGE IP Protection started successfully
2013/09/19 11:07:00 +0200 PAPASBUERO-PC (null) MESSAGE Starting protection
2013/09/19 11:07:00 +0200 PAPASBUERO-PC (null) MESSAGE Protection started successfully
2013/09/19 11:07:00 +0200 PAPASBUERO-PC (null) MESSAGE Starting IP protection
2013/09/19 11:07:04 +0200 PAPASBUERO-PC (null) MESSAGE IP Protection started successfully
Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 19/09/2013 um 11:16:05
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : PapasBuero - PAPASBUERO-PC
# Gestartet von : C:\Users\PapasBuero\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\PapasBuero\AppData\Roaming\DSite
Datei Gelöscht : C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default\\invalidprefs.js
Datei Gelöscht : C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\5b538dddb76fb849
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "27");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "C02C98022E3BB7DC4C44912688FABE40");
Zeile gelöscht : user_pref("extensions.delta.id", "0ec43cd8000000000000028037ec0200");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15944");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.618:40:46");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.618:40:46");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4987");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[R0].txt - [3914 octets] - [19/09/2013 11:14:39]
AdwCleaner[S0].txt - [3559 octets] - [19/09/2013 11:16:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3619 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Professional x64
Ran by PapasBuero on 19.09.2013 at 11:23:53,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1575396066-308305055-3711947489-1000\Software\SweetIM
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\PapasBuero\AppData\Roaming\mozilla\firefox\profiles\j9siuzce.default\invalidprefs.js
Emptied folder: C:\Users\PapasBuero\AppData\Roaming\mozilla\firefox\profiles\j9siuzce.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2013 at 11:30:18,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by PapasBuero (administrator) on PAPASBUERO-PC on 19-09-2013 11:37:16
Running from C:\Users\PapasBuero\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] - C:\Program Files (x86)\LyriXeeker\130.xpi
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-11] (SurfRight B.V.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S2 rimsptsk; \SystemRoot\system32\DRIVERS\rimssn64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-19 11:30 - 2013-09-19 11:30 - 00001079 _____ C:\Users\PapasBuero\Desktop\JRT.txt
2013-09-19 11:23 - 2013-09-19 11:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 11:19 - 2013-09-19 11:19 - 00003699 _____ C:\Users\PapasBuero\Desktop\AdwCleaner[S0].txt
2013-09-19 11:14 - 2013-09-19 11:16 - 00000000 ____D C:\AdwCleaner
2013-09-19 10:55 - 2013-09-19 10:55 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 10:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-19 10:51 - 2013-09-19 10:51 - 01029675 _____ (Thisisu) C:\Users\PapasBuero\Downloads\JRT.exe
2013-09-19 10:50 - 2013-09-19 10:50 - 01039554 _____ C:\Users\PapasBuero\Downloads\adwcleaner.exe
2013-09-19 10:48 - 2013-09-19 10:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PapasBuero\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 10:36 - 2013-09-19 11:06 - 00010652 _____ C:\Windows\PFRO.log
2013-09-19 10:31 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-19 10:31 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-19 10:31 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-19 10:31 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-19 10:31 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-19 10:31 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-19 10:31 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-19 10:31 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-19 10:31 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-19 10:31 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-19 10:31 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-19 10:31 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 17:28 - 2013-09-18 17:28 - 00029456 _____ C:\Users\PapasBuero\Downloads\Gmer.txt
2013-09-18 17:02 - 2013-09-18 17:02 - 00377856 _____ C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe
2013-09-18 16:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-18 16:57 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-18 16:57 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-18 16:57 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-18 16:57 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-18 16:57 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-18 16:57 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-18 16:57 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-18 16:57 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-18 16:57 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-18 16:57 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-18 16:57 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-18 16:56 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-18 16:55 - 2013-09-18 16:56 - 00021646 _____ C:\Users\PapasBuero\Downloads\Addition.txt
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:53 - 2013-09-18 16:53 - 01950524 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-18 16:42 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-18 16:42 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-18 16:42 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-18 16:42 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:20 - 2013-09-12 15:01 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:20 - 2013-09-11 15:52 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-10 22:08 - 2013-09-19 10:29 - 00016974 _____ C:\Windows\DPINST.LOG
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 13:10 - 2013-09-19 11:18 - 00000840 _____ C:\Windows\setupact.log
2013-08-30 12:37 - 2013-08-30 12:44 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-27 18:33 - 2013-08-27 18:34 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:44 - 2013-09-19 10:29 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:39 - 2013-08-27 17:41 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-20 10:08 - 2013-08-27 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 09:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 09:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 09:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 09:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 09:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 09:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-19 11:34 - 2013-08-01 17:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 11:30 - 2013-09-19 11:30 - 00001079 _____ C:\Users\PapasBuero\Desktop\JRT.txt
2013-09-19 11:25 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 11:25 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 11:23 - 2013-09-19 11:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 11:19 - 2013-09-19 11:19 - 00003699 _____ C:\Users\PapasBuero\Desktop\AdwCleaner[S0].txt
2013-09-19 11:18 - 2013-08-30 13:10 - 00000840 _____ C:\Windows\setupact.log
2013-09-19 11:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 11:17 - 2013-06-09 22:20 - 01961846 _____ C:\Windows\WindowsUpdate.log
2013-09-19 11:16 - 2013-09-19 11:14 - 00000000 ____D C:\AdwCleaner
2013-09-19 11:06 - 2013-09-19 10:36 - 00010652 _____ C:\Windows\PFRO.log
2013-09-19 10:55 - 2013-09-19 10:55 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 10:51 - 2013-09-19 10:51 - 01029675 _____ (Thisisu) C:\Users\PapasBuero\Downloads\JRT.exe
2013-09-19 10:50 - 2013-09-19 10:50 - 01039554 _____ C:\Users\PapasBuero\Downloads\adwcleaner.exe
2013-09-19 10:49 - 2013-09-19 10:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PapasBuero\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 10:37 - 2013-06-09 22:28 - 00000000 ___RD C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-19 10:37 - 2013-06-09 22:28 - 00000000 ___RD C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-19 10:36 - 2009-07-14 06:45 - 00342240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-19 10:31 - 2013-06-24 23:02 - 00000000 ____D C:\ProgramData\MFAData
2013-09-19 10:30 - 2013-08-09 20:55 - 00000000 ____D C:\Windows\system32\MRT
2013-09-19 10:29 - 2013-09-10 22:08 - 00016974 _____ C:\Windows\DPINST.LOG
2013-09-19 10:29 - 2013-08-27 17:44 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 10:29 - 2013-07-08 21:00 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-19 10:29 - 2013-06-12 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-19 10:29 - 2013-03-26 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-18 17:28 - 2013-09-18 17:28 - 00029456 _____ C:\Users\PapasBuero\Downloads\Gmer.txt
2013-09-18 17:02 - 2013-09-18 17:02 - 00377856 _____ C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe
2013-09-18 16:56 - 2013-09-18 16:55 - 00021646 _____ C:\Users\PapasBuero\Downloads\Addition.txt
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:53 - 2013-09-18 16:53 - 01950524 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:50 - 2013-06-09 22:28 - 00000000 ____D C:\Users\PapasBuero
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-18 16:34 - 2013-06-24 23:06 - 00000988 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 16:24 - 2013-06-17 07:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Bewerbung
2013-09-12 15:01 - 2013-09-11 15:20 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:52 - 2013-09-11 15:20 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:35 - 2013-08-01 17:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 15:34 - 2013-08-01 17:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 15:34 - 2013-08-01 17:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-09 10:36 - 2009-07-14 19:58 - 00643866 _____ C:\Windows\system32\perfh007.dat
2013-09-09 10:36 - 2009-07-14 19:58 - 00126394 _____ C:\Windows\system32\perfc007.dat
2013-09-09 10:36 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 12:44 - 2013-08-30 12:37 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-30 10:07 - 2013-07-25 16:29 - 00000000 ____D C:\Windows\Minidump
2013-08-27 18:40 - 2013-08-20 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 18:34 - 2013-08-27 18:33 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:41 - 2013-08-27 17:39 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-26 11:57 - 2013-06-25 22:03 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-08-22 09:15 - 2013-06-25 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 15:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\PapasBuero\AppData\Local\Temp\Quarantine.exe
C:\Users\PapasBuero\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 17:03
==================== End Of Log ============================
--- --- --- Ist die Sache bereits ausgestanden? Herzlichen Dank. Grüsse BASStata |
|
19.09.2013, 16:53
| #4 |
| /// the machine /// TB-Ausbilder | Monstermarketplace und Scareware sowie seltsame Werbung Noch nen Onlinescan und wir sollten durch sein  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2013, 22:50
| #5 |
| | Monstermarketplace und Scareware sowie seltsame Werbung Ok. Hier die Log-Files des Online Scans. Er hat wohl noch was gefunden. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f6745cb2fe91c94ca432267ce6b143b6
# engine=15192
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 09:25:03
# local_time=2013-09-19 11:25:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 19768 66759887 0 0
# compatibility_mode=5893 16776574 66 85 6185442 131255753 0 0
# scanned=106757
# found=1
# cleaned=0
# scan_time=2001
sh=66F5E290B4DCF3FE9C19F42C12318D17E67D457A ft=1 fh=7efba37045ff7653 vn="multiple threats" ac=I fn="C:\Users\PapasBuero\AppData\Local\Temp\is357113909\4161610_Setup.EXE"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
aktueller FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by PapasBuero (administrator) on PAPASBUERO-PC on 19-09-2013 23:39:05
Running from C:\Users\PapasBuero\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\PapasBuero\AppData\Roaming\Mozilla\Firefox\Profiles\j9siuzce.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] - C:\Program Files (x86)\LyriXeeker\130.xpi
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-11] (SurfRight B.V.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-09-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S2 rimsptsk; \SystemRoot\system32\DRIVERS\rimssn64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-19 23:38 - 2013-09-19 23:38 - 01950622 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-19 23:33 - 2013-09-19 23:33 - 00000041 _____ C:\Users\PapasBuero\Desktop\checkup.txt
2013-09-19 23:28 - 2013-09-19 23:28 - 00891144 _____ C:\Users\PapasBuero\Downloads\SecurityCheck.exe
2013-09-19 22:30 - 2013-09-19 22:30 - 02347384 _____ (ESET) C:\Users\PapasBuero\Downloads\esetsmartinstaller_enu.exe
2013-09-19 11:39 - 2013-09-19 11:39 - 00037462 _____ C:\Users\PapasBuero\Desktop\FRST.txt
2013-09-19 11:30 - 2013-09-19 11:30 - 00001079 _____ C:\Users\PapasBuero\Desktop\JRT.txt
2013-09-19 11:23 - 2013-09-19 11:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 11:19 - 2013-09-19 11:19 - 00003699 _____ C:\Users\PapasBuero\Desktop\AdwCleaner[S0].txt
2013-09-19 11:14 - 2013-09-19 11:16 - 00000000 ____D C:\AdwCleaner
2013-09-19 10:55 - 2013-09-19 10:55 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 10:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-19 10:51 - 2013-09-19 10:51 - 01029675 _____ (Thisisu) C:\Users\PapasBuero\Downloads\JRT.exe
2013-09-19 10:50 - 2013-09-19 10:50 - 01039554 _____ C:\Users\PapasBuero\Downloads\adwcleaner.exe
2013-09-19 10:48 - 2013-09-19 10:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PapasBuero\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 10:36 - 2013-09-19 11:06 - 00010652 _____ C:\Windows\PFRO.log
2013-09-19 10:31 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-19 10:31 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-19 10:31 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-19 10:31 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-19 10:31 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-19 10:31 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-19 10:31 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-19 10:31 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-19 10:31 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-19 10:31 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-19 10:31 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-19 10:31 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-19 10:31 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-19 10:31 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 17:28 - 2013-09-18 17:28 - 00029456 _____ C:\Users\PapasBuero\Downloads\Gmer.txt
2013-09-18 17:02 - 2013-09-18 17:02 - 00377856 _____ C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe
2013-09-18 16:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-18 16:57 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-18 16:57 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-18 16:57 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-18 16:57 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-18 16:57 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-18 16:57 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-18 16:57 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-18 16:57 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-18 16:57 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-18 16:57 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-18 16:57 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-18 16:57 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-18 16:57 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-18 16:57 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-18 16:57 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-18 16:56 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-18 16:55 - 2013-09-18 16:56 - 00021646 _____ C:\Users\PapasBuero\Downloads\Addition.txt
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-18 16:42 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-18 16:42 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-18 16:42 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-18 16:42 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:20 - 2013-09-12 15:01 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:20 - 2013-09-11 15:52 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:20 - 2013-09-11 15:52 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-10 22:08 - 2013-09-19 10:29 - 00016974 _____ C:\Windows\DPINST.LOG
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 13:10 - 2013-09-19 11:18 - 00000840 _____ C:\Windows\setupact.log
2013-08-30 12:37 - 2013-08-30 12:44 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-27 18:33 - 2013-08-27 18:34 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:44 - 2013-09-19 10:29 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:39 - 2013-08-27 17:41 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-20 10:08 - 2013-09-19 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 09:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 09:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 09:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 09:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 09:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 09:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 09:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 09:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 09:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-19 23:38 - 2013-09-19 23:38 - 01950622 _____ (Farbar) C:\Users\PapasBuero\Downloads\FRST64.exe
2013-09-19 23:34 - 2013-08-01 17:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 23:33 - 2013-09-19 23:33 - 00000041 _____ C:\Users\PapasBuero\Desktop\checkup.txt
2013-09-19 23:28 - 2013-09-19 23:28 - 00891144 _____ C:\Users\PapasBuero\Downloads\SecurityCheck.exe
2013-09-19 22:48 - 2013-06-09 22:20 - 02061000 _____ C:\Windows\WindowsUpdate.log
2013-09-19 22:30 - 2013-09-19 22:30 - 02347384 _____ (ESET) C:\Users\PapasBuero\Downloads\esetsmartinstaller_enu.exe
2013-09-19 17:55 - 2013-06-24 23:02 - 00000000 ____D C:\ProgramData\MFAData
2013-09-19 11:44 - 2013-08-20 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 11:39 - 2013-09-19 11:39 - 00037462 _____ C:\Users\PapasBuero\Desktop\FRST.txt
2013-09-19 11:30 - 2013-09-19 11:30 - 00001079 _____ C:\Users\PapasBuero\Desktop\JRT.txt
2013-09-19 11:25 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 11:25 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 11:23 - 2013-09-19 11:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 11:19 - 2013-09-19 11:19 - 00003699 _____ C:\Users\PapasBuero\Desktop\AdwCleaner[S0].txt
2013-09-19 11:18 - 2013-08-30 13:10 - 00000840 _____ C:\Windows\setupact.log
2013-09-19 11:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 11:16 - 2013-09-19 11:14 - 00000000 ____D C:\AdwCleaner
2013-09-19 11:06 - 2013-09-19 10:36 - 00010652 _____ C:\Windows\PFRO.log
2013-09-19 10:55 - 2013-09-19 10:55 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Users\PapasBuero\AppData\Roaming\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 10:55 - 2013-09-19 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 10:51 - 2013-09-19 10:51 - 01029675 _____ (Thisisu) C:\Users\PapasBuero\Downloads\JRT.exe
2013-09-19 10:50 - 2013-09-19 10:50 - 01039554 _____ C:\Users\PapasBuero\Downloads\adwcleaner.exe
2013-09-19 10:49 - 2013-09-19 10:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PapasBuero\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 10:37 - 2013-06-09 22:28 - 00000000 ___RD C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-19 10:37 - 2013-06-09 22:28 - 00000000 ___RD C:\Users\PapasBuero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-19 10:36 - 2009-07-14 06:45 - 00342240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-19 10:31 - 2013-08-09 20:55 - 00000000 ____D C:\Windows\system32\MRT
2013-09-19 10:29 - 2013-09-10 22:08 - 00016974 _____ C:\Windows\DPINST.LOG
2013-09-19 10:29 - 2013-08-27 17:44 - 00002033 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 10:29 - 2013-07-08 21:00 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-19 10:29 - 2013-06-12 21:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-19 10:29 - 2013-03-26 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-18 17:28 - 2013-09-18 17:28 - 00029456 _____ C:\Users\PapasBuero\Downloads\Gmer.txt
2013-09-18 17:02 - 2013-09-18 17:02 - 00377856 _____ C:\Users\PapasBuero\Downloads\gmer_2.1.19163.exe
2013-09-18 16:56 - 2013-09-18 16:55 - 00021646 _____ C:\Users\PapasBuero\Downloads\Addition.txt
2013-09-18 16:54 - 2013-09-18 16:54 - 00000000 ____D C:\FRST
2013-09-18 16:50 - 2013-09-18 16:50 - 00000482 _____ C:\Users\PapasBuero\Downloads\defogger_disable.log
2013-09-18 16:50 - 2013-09-18 16:50 - 00000000 _____ C:\Users\PapasBuero\defogger_reenable
2013-09-18 16:50 - 2013-06-09 22:28 - 00000000 ____D C:\Users\PapasBuero
2013-09-18 16:46 - 2013-09-18 16:46 - 00050477 _____ C:\Users\PapasBuero\Downloads\Defogger.exe
2013-09-18 16:34 - 2013-06-24 23:06 - 00000988 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 16:24 - 2013-06-17 07:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Bewerbung
2013-09-12 15:01 - 2013-09-11 15:20 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-09-11 15:52 - 2013-09-11 15:20 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-11 15:52 - 2013-09-11 15:20 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-11 15:35 - 2013-08-01 17:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 15:34 - 2013-08-01 17:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 15:34 - 2013-08-01 17:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 15:20 - 2013-09-11 15:20 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-11 15:19 - 2013-09-11 15:19 - 01752488 _____ (SurfRight B.V.) C:\Users\PapasBuero\Downloads\hmpalert.exe
2013-09-09 10:36 - 2009-07-14 19:58 - 00643866 _____ C:\Windows\system32\perfh007.dat
2013-09-09 10:36 - 2009-07-14 19:58 - 00126394 _____ C:\Windows\system32\perfc007.dat
2013-09-09 10:36 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-08-30 12:44 - 2013-08-30 12:37 - 00007602 _____ C:\Users\PapasBuero\AppData\Local\resmon.resmoncfg
2013-08-30 10:07 - 2013-07-25 16:29 - 00000000 ____D C:\Windows\Minidump
2013-08-27 18:34 - 2013-08-27 18:33 - 00000000 ____D C:\Users\PapasBuero\Documents\Bedienungsanleitungen
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-08-27 18:07 - 2013-08-27 18:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-08-27 17:56 - 2013-08-27 17:56 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-08-27 17:56 - 2013-08-27 17:56 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2013-08-27 17:56 - 2013-08-27 17:56 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-08-27 17:55 - 2013-08-27 17:55 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\Documents\Sony
2013-08-27 17:51 - 2013-08-27 17:51 - 00000000 ____D C:\Users\PapasBuero\AppData\Local\Sony
2013-08-27 17:49 - 2013-08-27 17:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\ProgramData\Sony
2013-08-27 17:43 - 2013-08-27 17:43 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-27 17:41 - 2013-08-27 17:39 - 27723672 _____ (Sony Mobile Communications ) C:\Users\PapasBuero\Downloads\Sony PC Companion_2.10.165_Web.exe
2013-08-26 11:57 - 2013-06-25 22:03 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-08-22 09:15 - 2013-06-25 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 15:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\PapasBuero\AppData\Local\Temp\Quarantine.exe
C:\Users\PapasBuero\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 17:03
==================== End Of Log ============================
Vielen Dank. Gruß BASStata |
|
20.09.2013, 11:19
| #6 |
| /// the machine /// TB-Ausbilder | Monstermarketplace und Scareware sowie seltsame Werbung Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Monstermarketplace und Scareware sowie seltsame Werbung |
|
21.09.2013, 21:07
| #7 |
| | Monstermarketplace und Scareware sowie seltsame Werbung Hallo Schrauber, vielen Dank  für die erstklassige Hilfe  . Ich bin soweit durch  Auf meinem anderen Rechner hab ich so einen Registry Cleaner drauf. RegClean Pro (gekauft wohl in geistiger Umnachtung). Wird soweit ich jetzt weiß auch als Malware eingestuft (ist das korrekt?), wobei das System bisher ohne Probleme läuft...aber das ist eine andere Baustelle... herzliche Grüße BASStata |
|
21.09.2013, 21:29
| #8 |
| /// the machine /// TB-Ausbilder | Monstermarketplace und Scareware sowie seltsame Werbung Das is Malware 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Monstermarketplace und Scareware sowie seltsame Werbung |
| administrator, browser, canon, desktop, device driver, entfernen, explorer, farbar, farbar recovery scan tool, firefox, flash player, installation, launch, monitor, programme, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.installcore.a, pup.optional.lyrixeeker.a, services.exe, software, svchost.exe, taskhost.exe, umleiten, warnmeldungen, werbung, winlogon.exe |
Linear-Darstellung
