|
Log-Analyse und Auswertung: Windows 8: MBAM blockiert IP's 82.98.97.XXXWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.09.2013, 13:30 | #1 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Hallo, nachdem mir einiges komisch vorkam (Firefox stürzt häufig ab, kein Aufbau der Website telekom.de) hab ich mir MBAM runtergeladen und einen Scan durchgeführt. Mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.28.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 admi :: HTPC [Administrator] Schutz: Aktiviert 28.09.2013 14:21:39 mbam-log-2013-09-28 (14-21-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473790 Laufzeit: 32 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\admi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PR9JLGS\chrome-setup.exe (PUP.Optional.Freemium.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\admi\AppData\Local\Temp\is1135169017\6246765_stp.EXE (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Der als Testversion enthaltene Echtzeitschutz blockiert allerdings ca. aller 5 Minuten den Zugriff auf IP's wie 82.98.97.XXX: Code:
ATTFilter 2013/09/29 07:07:48 +0200 HTPC (null) MESSAGE Starting protection 2013/09/29 07:07:48 +0200 HTPC (null) MESSAGE Protection started successfully 2013/09/29 07:07:48 +0200 HTPC (null) MESSAGE Starting IP protection 2013/09/29 07:07:50 +0200 HTPC (null) MESSAGE IP Protection started successfully 2013/09/29 07:08:30 +0200 HTPC (null) IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49213, Process: gfiltersvc.exe) 2013/09/29 07:08:30 +0200 HTPC (null) IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49214, Process: gfiltersvc.exe) 2013/09/29 07:08:30 +0200 HTPC (null) IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49215, Process: gfiltersvc.exe) 2013/09/29 07:08:30 +0200 HTPC (null) IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49216, Process: gfiltersvc.exe) 2013/09/29 07:09:18 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49308, Process: autoplby.exe) 2013/09/29 07:09:18 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49309, Process: autoplby.exe) 2013/09/29 07:09:18 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49310, Process: autoplby.exe) 2013/09/29 07:09:18 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49311, Process: autoplby.exe) 2013/09/29 07:12:01 +0200 HTPC (null) MESSAGE Starting protection 2013/09/29 07:12:01 +0200 HTPC (null) MESSAGE Protection started successfully 2013/09/29 07:12:01 +0200 HTPC (null) MESSAGE Starting IP protection 2013/09/29 07:12:02 +0200 HTPC (null) MESSAGE IP Protection started successfully 2013/09/29 07:13:29 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49340, Process: autoplby.exe) 2013/09/29 07:13:29 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49341, Process: autoplby.exe) 2013/09/29 07:13:29 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49342, Process: autoplby.exe) 2013/09/29 07:13:29 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49343, Process: autoplby.exe) 2013/09/29 07:22:49 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49803, Process: gfiltersvc.exe) 2013/09/29 07:22:49 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49804, Process: gfiltersvc.exe) 2013/09/29 07:22:49 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49805, Process: gfiltersvc.exe) 2013/09/29 07:22:49 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49806, Process: gfiltersvc.exe) 2013/09/29 07:24:33 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49881, Process: autoplby.exe) 2013/09/29 07:24:33 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49882, Process: autoplby.exe) 2013/09/29 07:24:33 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49883, Process: autoplby.exe) 2013/09/29 07:24:33 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49884, Process: autoplby.exe) 2013/09/29 07:32:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50309, Process: gfiltersvc.exe) 2013/09/29 07:32:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50310, Process: gfiltersvc.exe) 2013/09/29 07:32:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50311, Process: gfiltersvc.exe) 2013/09/29 07:32:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50312, Process: gfiltersvc.exe) 2013/09/29 07:35:30 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50408, Process: autoplby.exe) 2013/09/29 07:35:30 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50409, Process: autoplby.exe) 2013/09/29 07:35:30 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50410, Process: autoplby.exe) 2013/09/29 07:35:30 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50411, Process: autoplby.exe) 2013/09/29 07:42:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50739, Process: gfiltersvc.exe) 2013/09/29 07:42:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50740, Process: gfiltersvc.exe) 2013/09/29 07:42:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50741, Process: gfiltersvc.exe) 2013/09/29 07:42:50 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50742, Process: gfiltersvc.exe) 2013/09/29 07:46:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50809, Process: autoplby.exe) 2013/09/29 07:46:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50810, Process: autoplby.exe) 2013/09/29 07:46:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50811, Process: autoplby.exe) 2013/09/29 07:46:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50812, Process: autoplby.exe) 2013/09/29 07:52:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50934, Process: gfiltersvc.exe) 2013/09/29 07:52:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50935, Process: gfiltersvc.exe) 2013/09/29 07:52:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50936, Process: gfiltersvc.exe) 2013/09/29 07:52:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50937, Process: gfiltersvc.exe) 2013/09/29 07:57:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50976, Process: autoplby.exe) 2013/09/29 07:57:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50977, Process: autoplby.exe) 2013/09/29 07:57:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50978, Process: autoplby.exe) 2013/09/29 07:57:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50979, Process: autoplby.exe) 2013/09/29 08:02:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50983, Process: gfiltersvc.exe) 2013/09/29 08:02:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50984, Process: gfiltersvc.exe) 2013/09/29 08:02:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50985, Process: gfiltersvc.exe) 2013/09/29 08:02:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50986, Process: gfiltersvc.exe) 2013/09/29 08:08:35 +0200 HTPC Ben02 IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 50993, Process: autoplby.exe) 2013/09/29 08:12:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51000, Process: gfiltersvc.exe) 2013/09/29 08:12:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51001, Process: gfiltersvc.exe) 2013/09/29 08:12:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51002, Process: gfiltersvc.exe) 2013/09/29 08:12:51 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51003, Process: gfiltersvc.exe) 2013/09/29 08:19:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51009, Process: autoplby.exe) 2013/09/29 08:19:31 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51010, Process: autoplby.exe) 2013/09/29 08:19:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51011, Process: autoplby.exe) 2013/09/29 08:19:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51012, Process: autoplby.exe) 2013/09/29 08:22:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51014, Process: gfiltersvc.exe) 2013/09/29 08:22:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51015, Process: gfiltersvc.exe) 2013/09/29 08:22:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51016, Process: gfiltersvc.exe) 2013/09/29 08:22:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51017, Process: gfiltersvc.exe) 2013/09/29 08:30:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51035, Process: autoplby.exe) 2013/09/29 08:30:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51036, Process: autoplby.exe) 2013/09/29 08:30:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51037, Process: autoplby.exe) 2013/09/29 08:30:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51038, Process: autoplby.exe) 2013/09/29 08:32:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51040, Process: gfiltersvc.exe) 2013/09/29 08:32:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51041, Process: gfiltersvc.exe) 2013/09/29 08:32:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51042, Process: gfiltersvc.exe) 2013/09/29 08:32:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51043, Process: gfiltersvc.exe) 2013/09/29 08:41:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51046, Process: autoplby.exe) 2013/09/29 08:41:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51047, Process: autoplby.exe) 2013/09/29 08:41:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51048, Process: autoplby.exe) 2013/09/29 08:41:32 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51049, Process: autoplby.exe) 2013/09/29 08:42:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51053, Process: gfiltersvc.exe) 2013/09/29 08:42:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51054, Process: gfiltersvc.exe) 2013/09/29 08:42:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51055, Process: gfiltersvc.exe) 2013/09/29 08:42:44 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51056, Process: gfiltersvc.exe) 2013/09/29 08:52:37 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51063, Process: autoplby.exe) 2013/09/29 08:52:37 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51064, Process: autoplby.exe) 2013/09/29 08:52:37 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51065, Process: autoplby.exe) 2013/09/29 08:52:37 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51066, Process: autoplby.exe) 2013/09/29 08:52:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51067, Process: gfiltersvc.exe) 2013/09/29 08:52:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51068, Process: gfiltersvc.exe) 2013/09/29 08:52:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51069, Process: gfiltersvc.exe) 2013/09/29 08:52:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51070, Process: gfiltersvc.exe) 2013/09/29 09:02:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51256, Process: gfiltersvc.exe) 2013/09/29 09:02:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51257, Process: gfiltersvc.exe) 2013/09/29 09:02:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51258, Process: gfiltersvc.exe) 2013/09/29 09:02:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51259, Process: gfiltersvc.exe) 2013/09/29 09:03:33 +0200 HTPC Ben02 IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51278, Process: autoplby.exe) 2013/09/29 09:12:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51349, Process: gfiltersvc.exe) 2013/09/29 09:12:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51350, Process: gfiltersvc.exe) 2013/09/29 09:12:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51351, Process: gfiltersvc.exe) 2013/09/29 09:12:45 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51352, Process: gfiltersvc.exe) 2013/09/29 09:14:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51363, Process: autoplby.exe) 2013/09/29 09:14:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51364, Process: autoplby.exe) 2013/09/29 09:14:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51365, Process: autoplby.exe) 2013/09/29 09:14:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51366, Process: autoplby.exe) 2013/09/29 09:22:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51399, Process: gfiltersvc.exe) 2013/09/29 09:22:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51400, Process: gfiltersvc.exe) 2013/09/29 09:22:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51401, Process: gfiltersvc.exe) 2013/09/29 09:22:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51402, Process: gfiltersvc.exe) 2013/09/29 09:25:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51403, Process: autoplby.exe) 2013/09/29 09:25:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51404, Process: autoplby.exe) 2013/09/29 09:25:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51405, Process: autoplby.exe) 2013/09/29 09:25:34 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51406, Process: autoplby.exe) 2013/09/29 09:32:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51522, Process: gfiltersvc.exe) 2013/09/29 09:32:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51523, Process: gfiltersvc.exe) 2013/09/29 09:32:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51524, Process: gfiltersvc.exe) 2013/09/29 09:32:46 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51525, Process: gfiltersvc.exe) 2013/09/29 09:36:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51744, Process: autoplby.exe) 2013/09/29 09:36:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51745, Process: autoplby.exe) 2013/09/29 09:36:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51746, Process: autoplby.exe) 2013/09/29 09:36:38 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51747, Process: autoplby.exe) 2013/09/29 09:42:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51862, Process: gfiltersvc.exe) 2013/09/29 09:42:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51863, Process: gfiltersvc.exe) 2013/09/29 09:42:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51864, Process: gfiltersvc.exe) 2013/09/29 09:42:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51865, Process: gfiltersvc.exe) 2013/09/29 09:47:35 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51954, Process: autoplby.exe) 2013/09/29 09:47:35 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51955, Process: autoplby.exe) 2013/09/29 09:47:35 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51956, Process: autoplby.exe) 2013/09/29 09:47:35 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51957, Process: autoplby.exe) 2013/09/29 09:52:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52082, Process: gfiltersvc.exe) 2013/09/29 09:52:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52083, Process: gfiltersvc.exe) 2013/09/29 09:52:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52084, Process: gfiltersvc.exe) 2013/09/29 09:52:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52085, Process: gfiltersvc.exe) 2013/09/29 09:58:39 +0200 HTPC Ben02 IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52171, Process: autoplby.exe) 2013/09/29 10:02:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52213, Process: gfiltersvc.exe) 2013/09/29 10:02:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52214, Process: gfiltersvc.exe) 2013/09/29 10:02:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52215, Process: gfiltersvc.exe) 2013/09/29 10:02:47 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52216, Process: gfiltersvc.exe) 2013/09/29 10:09:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52316, Process: autoplby.exe) 2013/09/29 10:09:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52317, Process: autoplby.exe) 2013/09/29 10:09:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52318, Process: autoplby.exe) 2013/09/29 10:09:36 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52319, Process: autoplby.exe) 2013/09/29 10:12:48 +0200 HTPC Ben02 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52369, Process: gfiltersvc.exe) 2013/09/29 10:12:48 +0200 HTPC Ben02 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52370, Process: gfiltersvc.exe) 2013/09/29 10:12:48 +0200 HTPC Ben02 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52371, Process: gfiltersvc.exe) 2013/09/29 10:12:48 +0200 HTPC Ben02 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52372, Process: gfiltersvc.exe) 2013/09/29 10:20:32 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52487, Process: autoplby.exe) 2013/09/29 10:20:32 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52488, Process: autoplby.exe) 2013/09/29 10:20:32 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52489, Process: autoplby.exe) 2013/09/29 10:20:32 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52490, Process: autoplby.exe) 2013/09/29 10:22:48 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52565, Process: gfiltersvc.exe) 2013/09/29 10:22:48 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52566, Process: gfiltersvc.exe) 2013/09/29 10:22:48 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52567, Process: gfiltersvc.exe) 2013/09/29 10:22:48 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52568, Process: gfiltersvc.exe) 2013/09/29 10:32:49 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52909, Process: gfiltersvc.exe) 2013/09/29 10:32:49 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52910, Process: gfiltersvc.exe) 2013/09/29 10:32:49 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52911, Process: gfiltersvc.exe) 2013/09/29 10:32:49 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52912, Process: gfiltersvc.exe) 2013/09/29 10:42:33 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53026, Process: autoplby.exe) 2013/09/29 10:42:33 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53027, Process: autoplby.exe) 2013/09/29 10:42:33 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53028, Process: autoplby.exe) 2013/09/29 10:42:33 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53029, Process: autoplby.exe) 2013/09/29 10:42:49 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53030, Process: gfiltersvc.exe) 2013/09/29 10:42:49 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53031, Process: gfiltersvc.exe) 2013/09/29 10:42:49 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53032, Process: gfiltersvc.exe) 2013/09/29 10:42:49 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53033, Process: gfiltersvc.exe) 2013/09/29 10:52:49 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53037, Process: gfiltersvc.exe) 2013/09/29 10:52:49 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53038, Process: gfiltersvc.exe) 2013/09/29 10:52:49 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53039, Process: gfiltersvc.exe) 2013/09/29 10:52:49 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53040, Process: gfiltersvc.exe) 2013/09/29 10:53:37 +0200 HTPC admi IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 53044, Process: autoplby.exe) 2013/09/29 11:02:50 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53053, Process: gfiltersvc.exe) 2013/09/29 11:02:50 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53054, Process: gfiltersvc.exe) 2013/09/29 11:02:50 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53055, Process: gfiltersvc.exe) 2013/09/29 11:02:50 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53056, Process: gfiltersvc.exe) 2013/09/29 11:04:34 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53058, Process: autoplby.exe) 2013/09/29 11:04:34 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53059, Process: autoplby.exe) 2013/09/29 11:04:34 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53060, Process: autoplby.exe) 2013/09/29 11:04:34 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53061, Process: autoplby.exe) 2013/09/29 11:12:50 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53075, Process: gfiltersvc.exe) 2013/09/29 11:12:50 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53076, Process: gfiltersvc.exe) 2013/09/29 11:12:50 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53077, Process: gfiltersvc.exe) 2013/09/29 11:12:50 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53078, Process: gfiltersvc.exe) 2013/09/29 11:15:38 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53080, Process: autoplby.exe) 2013/09/29 11:15:38 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53081, Process: autoplby.exe) 2013/09/29 11:15:38 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53082, Process: autoplby.exe) 2013/09/29 11:15:38 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53083, Process: autoplby.exe) 2013/09/29 11:22:50 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53087, Process: gfiltersvc.exe) 2013/09/29 11:22:50 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53088, Process: gfiltersvc.exe) 2013/09/29 11:22:50 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53089, Process: gfiltersvc.exe) 2013/09/29 11:22:50 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53090, Process: gfiltersvc.exe) 2013/09/29 11:26:35 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53092, Process: autoplby.exe) 2013/09/29 11:26:35 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53093, Process: autoplby.exe) 2013/09/29 11:26:35 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53094, Process: autoplby.exe) 2013/09/29 11:26:35 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53095, Process: autoplby.exe) 2013/09/29 11:32:51 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53104, Process: gfiltersvc.exe) 2013/09/29 11:32:51 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53105, Process: gfiltersvc.exe) 2013/09/29 11:32:51 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53106, Process: gfiltersvc.exe) 2013/09/29 11:32:51 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53107, Process: gfiltersvc.exe) 2013/09/29 11:37:39 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53109, Process: autoplby.exe) 2013/09/29 11:37:39 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53110, Process: autoplby.exe) 2013/09/29 11:37:39 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53111, Process: autoplby.exe) 2013/09/29 11:37:39 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53112, Process: autoplby.exe) 2013/09/29 11:42:51 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53127, Process: gfiltersvc.exe) 2013/09/29 11:42:51 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53128, Process: gfiltersvc.exe) 2013/09/29 11:42:51 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53129, Process: gfiltersvc.exe) 2013/09/29 11:42:51 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53130, Process: gfiltersvc.exe) 2013/09/29 11:48:35 +0200 HTPC admi IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 53135, Process: autoplby.exe) 2013/09/29 11:52:52 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53137, Process: gfiltersvc.exe) 2013/09/29 11:52:52 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53138, Process: gfiltersvc.exe) 2013/09/29 11:52:52 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53139, Process: gfiltersvc.exe) 2013/09/29 11:52:52 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53140, Process: gfiltersvc.exe) 2013/09/29 11:59:40 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53146, Process: autoplby.exe) 2013/09/29 11:59:40 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53147, Process: autoplby.exe) 2013/09/29 11:59:40 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53148, Process: autoplby.exe) 2013/09/29 11:59:40 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53149, Process: autoplby.exe) 2013/09/29 12:02:44 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53151, Process: gfiltersvc.exe) 2013/09/29 12:02:44 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53152, Process: gfiltersvc.exe) 2013/09/29 12:02:44 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53153, Process: gfiltersvc.exe) 2013/09/29 12:02:44 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53154, Process: gfiltersvc.exe) 2013/09/29 12:10:36 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53158, Process: autoplby.exe) 2013/09/29 12:10:36 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53159, Process: autoplby.exe) 2013/09/29 12:10:36 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53160, Process: autoplby.exe) 2013/09/29 12:10:36 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53161, Process: autoplby.exe) 2013/09/29 12:12:44 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53182, Process: gfiltersvc.exe) 2013/09/29 12:12:44 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53183, Process: gfiltersvc.exe) 2013/09/29 12:12:44 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53184, Process: gfiltersvc.exe) 2013/09/29 12:12:44 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53185, Process: gfiltersvc.exe) 2013/09/29 12:21:41 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53189, Process: autoplby.exe) 2013/09/29 12:21:41 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53190, Process: autoplby.exe) 2013/09/29 12:21:41 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53191, Process: autoplby.exe) 2013/09/29 12:21:41 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53192, Process: autoplby.exe) 2013/09/29 12:22:45 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53193, Process: gfiltersvc.exe) 2013/09/29 12:22:45 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53194, Process: gfiltersvc.exe) 2013/09/29 12:22:45 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53195, Process: gfiltersvc.exe) 2013/09/29 12:22:45 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53196, Process: gfiltersvc.exe) 2013/09/29 12:32:37 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53204, Process: autoplby.exe) 2013/09/29 12:32:37 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53205, Process: autoplby.exe) 2013/09/29 12:32:37 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53206, Process: autoplby.exe) 2013/09/29 12:32:37 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53207, Process: autoplby.exe) 2013/09/29 12:32:45 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53208, Process: gfiltersvc.exe) 2013/09/29 12:32:45 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53209, Process: gfiltersvc.exe) 2013/09/29 12:32:45 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53210, Process: gfiltersvc.exe) 2013/09/29 12:32:45 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53211, Process: gfiltersvc.exe) 2013/09/29 12:42:45 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53230, Process: gfiltersvc.exe) 2013/09/29 12:42:45 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53231, Process: gfiltersvc.exe) 2013/09/29 12:42:45 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53232, Process: gfiltersvc.exe) 2013/09/29 12:42:45 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53233, Process: gfiltersvc.exe) 2013/09/29 12:43:41 +0200 HTPC admi IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 53237, Process: autoplby.exe) 2013/09/29 12:52:46 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53257, Process: gfiltersvc.exe) 2013/09/29 12:52:46 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53258, Process: gfiltersvc.exe) 2013/09/29 12:52:46 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53259, Process: gfiltersvc.exe) 2013/09/29 12:52:46 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53260, Process: gfiltersvc.exe) 2013/09/29 12:54:38 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53274, Process: autoplby.exe) 2013/09/29 12:54:38 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53275, Process: autoplby.exe) 2013/09/29 12:54:38 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53276, Process: autoplby.exe) 2013/09/29 12:54:38 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53277, Process: autoplby.exe) 2013/09/29 13:02:46 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53550, Process: gfiltersvc.exe) 2013/09/29 13:02:46 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53551, Process: gfiltersvc.exe) 2013/09/29 13:02:46 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53552, Process: gfiltersvc.exe) 2013/09/29 13:02:46 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53553, Process: gfiltersvc.exe) 2013/09/29 13:05:42 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53646, Process: autoplby.exe) 2013/09/29 13:05:42 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53647, Process: autoplby.exe) 2013/09/29 13:05:42 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53648, Process: autoplby.exe) 2013/09/29 13:05:42 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53649, Process: autoplby.exe) 2013/09/29 13:12:47 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53811, Process: gfiltersvc.exe) 2013/09/29 13:12:47 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53812, Process: gfiltersvc.exe) 2013/09/29 13:12:47 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53813, Process: gfiltersvc.exe) 2013/09/29 13:12:47 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53814, Process: gfiltersvc.exe) 2013/09/29 13:16:39 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53820, Process: autoplby.exe) 2013/09/29 13:16:39 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53821, Process: autoplby.exe) 2013/09/29 13:16:39 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53822, Process: autoplby.exe) 2013/09/29 13:16:39 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53823, Process: autoplby.exe) 2013/09/29 13:22:47 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53872, Process: gfiltersvc.exe) 2013/09/29 13:22:47 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53873, Process: gfiltersvc.exe) 2013/09/29 13:22:47 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53874, Process: gfiltersvc.exe) 2013/09/29 13:22:47 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53875, Process: gfiltersvc.exe) 2013/09/29 13:27:43 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53886, Process: autoplby.exe) 2013/09/29 13:27:43 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53887, Process: autoplby.exe) 2013/09/29 13:27:43 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53888, Process: autoplby.exe) 2013/09/29 13:27:43 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53889, Process: autoplby.exe) 2013/09/29 13:32:47 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54017, Process: gfiltersvc.exe) 2013/09/29 13:32:47 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54018, Process: gfiltersvc.exe) 2013/09/29 13:32:47 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54019, Process: gfiltersvc.exe) 2013/09/29 13:32:47 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54020, Process: gfiltersvc.exe) 2013/09/29 13:38:40 +0200 HTPC admi IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 54093, Process: autoplby.exe) 2013/09/29 13:42:48 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54139, Process: gfiltersvc.exe) 2013/09/29 13:42:48 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54140, Process: gfiltersvc.exe) 2013/09/29 13:42:48 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54141, Process: gfiltersvc.exe) 2013/09/29 13:42:48 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54142, Process: gfiltersvc.exe) 2013/09/29 13:49:44 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54177, Process: autoplby.exe) 2013/09/29 13:49:44 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54178, Process: autoplby.exe) 2013/09/29 13:49:44 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54179, Process: autoplby.exe) 2013/09/29 13:49:44 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54180, Process: autoplby.exe) 2013/09/29 13:52:48 +0200 HTPC admi IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54196, Process: gfiltersvc.exe) 2013/09/29 13:52:48 +0200 HTPC admi IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54197, Process: gfiltersvc.exe) 2013/09/29 13:52:48 +0200 HTPC admi IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54198, Process: gfiltersvc.exe) 2013/09/29 13:52:48 +0200 HTPC admi IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54199, Process: gfiltersvc.exe) 2013/09/29 13:58:41 +0200 HTPC admi MESSAGE Stopping protection 2013/09/29 13:58:41 +0200 HTPC admi MESSAGE Protection stopped successfully 2013/09/29 13:58:41 +0200 HTPC admi MESSAGE Stopping IP protection 2013/09/29 13:58:41 +0200 HTPC admi MESSAGE IP Protection stopped successfully 2013/09/29 13:58:42 +0200 HTPC admi MESSAGE Protection stopped 2013/09/29 14:05:25 +0200 HTPC admi MESSAGE Starting protection 2013/09/29 14:05:25 +0200 HTPC admi MESSAGE Protection started successfully 2013/09/29 14:05:25 +0200 HTPC admi MESSAGE Starting IP protection 2013/09/29 14:05:26 +0200 HTPC admi MESSAGE IP Protection started successfully Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:49 on 29/09/2013 (admi) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by admi (administrator) on HTPC on 29-09-2013 13:51:12 Running from C:\Users\admi\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CM & V) C:\Program Files (x86)\DVBViewer\DVBVservice.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe () C:\Windows\system32\autoplby.exe () C:\Windows\System32\GFilterSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (AMD) C:\Windows\system32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Oliver Frietsch) C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe (CM&V Hackbart) C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (CM&V Hackbart) C:\Program Files (x86)\DVBViewer\dvbviewer.exe () C:\Program Files (x86)\DVBViewer\Plugins\Display\IMONPlugin.exe (CM&V Hackbart) C:\Program Files (x86)\DVBViewer\HTTPServer.exe () C:\Program Files (x86)\DVBViewer\GreenButtonEx\GreenButtonEx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\wwahost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKCU\...\Run: [WTVIRBridge] - C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe [522240 2012-12-30] (Oliver Frietsch) HKCU\...\Run: [DVBV Service Ctrl] - C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe [87552 2012-04-11] (CM&V Hackbart) HKCU\...\Run: [Facebook Update] - C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-20] (Facebook Inc.) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MountPoints2: {380d6491-80fc-11e2-bee6-001f3f028894} - "I:\pushinst.exe" HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [iMON] - C:\Program Files (x86)\SoundGraph\iMON\iMON.exe [3833856 2011-12-02] (SoundGraph, Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1461896 2012-11-22] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKU\Katja\...\Run: [WTVIRBridge] - C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe [522240 2012-12-30] (Oliver Frietsch) HKU\Katja\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.) Startup: C:\Users\admi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\admi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\admi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.bat - Verknüpfung.lnk ShortcutTarget: Start.bat - Verknüpfung.lnk -> C:\Program Files (x86)\DVBViewer\Start.bat () Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk ShortcutTarget: Start - Verknüpfung.lnk -> C:\Program Files (x86)\DVBViewer\Start.bat () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8F3D197F4E4CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {444B9A39-C17A-4A76-B550-0981E1393564} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {5CC57BB4-98E5-4E0E-94C6-ADEEC1F2C9D4} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {AEAB8E93-D92F-44CF-AA81-756AB30365ED} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {DFEBEAB4-349A-4EB0-A807-1185CBF58569} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default FF Homepage: hxxp://www.web.de FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/22a8c7d16ba12462e1572c56bf587e29/proxy.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\admi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\admi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\Extensions\firejump_1028.zip FF Extension: No Name - C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\extensions\firejump@firejump.net Chrome: ======= CHR HomePage: hxxp://www.web.de/ CHR RestoreOnStartup: "hxxp://www.web.de/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\admi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\admi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 DVBVRecorder; C:\Program Files (x86)\DVBViewer\DVBVservice.exe [866944 2013-05-21] (CM & V) R2 Fondue32; C:\Windows\system32\autoplby.exe [117760 2013-07-12] () R2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [121856 2013-07-10] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) S3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MTSBDA; C:\Windows\System32\Drivers\MtsBda.sys [344592 2010-09-15] (TechniSat Provide) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2010-09-15] (TechniSat Provide) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-25] (Acronis) R3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [527632 2012-12-29] (TechniSat Digital S.A.) R3 UDST7000HID; C:\Windows\system32\drivers\UDST7000HID.sys [27664 2012-12-29] (TechniSat Digital S.A.) S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.) S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.) R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-29 13:51 - 2013-09-29 13:51 - 00000000 ____D C:\FRST 2013-09-29 13:49 - 2013-09-29 13:49 - 00000470 _____ C:\Users\admi\Desktop\defogger_disable.log 2013-09-29 13:49 - 2013-09-29 13:49 - 00000000 _____ C:\Users\admi\defogger_reenable 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Downloads\of84r3ec.exe 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Desktop\gmer_2.1.19163.exe 2013-09-29 13:43 - 2013-09-29 13:43 - 01953880 _____ (Farbar) C:\Users\admi\Desktop\FRST64.exe 2013-09-29 13:42 - 2013-09-29 13:42 - 00050477 _____ C:\Users\admi\Desktop\Defogger.exe 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Users\admi\AppData\Roaming\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-28 14:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-28 14:19 - 2013-09-28 14:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\admi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-25 21:29 - 2013-09-25 21:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Google 2013-09-24 21:15 - 2013-09-29 13:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-24 21:15 - 2013-09-29 10:18 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-24 21:15 - 2013-09-24 21:15 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-24 21:15 - 2013-09-24 21:15 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Users\admi\AppData\Local\Deployment 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-24 21:13 - 2013-09-25 18:18 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-09-24 21:13 - 2013-09-25 17:24 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-24 21:13 - 2013-09-24 21:13 - 00041216 _____ C:\Users\admi\Downloads\chrome-en-t.zip 2013-09-24 21:13 - 2013-09-24 21:13 - 00000000 ____D C:\Users\admi\AppData\Local\BonanzaDealsLive 2013-09-24 21:13 - 2013-09-24 21:13 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\admi\AppData\Roaming\OpenOffice 2013-09-20 20:07 - 2013-09-20 20:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-20 20:03 - 2013-09-20 20:06 - 162401424 _____ C:\Users\admi\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iTunes 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iPod 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-16 20:46 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2013-09-15 10:31 - 2013-09-15 22:22 - 00000000 ____D C:\ProgramData\my_scripts 2013-09-15 10:28 - 2013-09-15 10:28 - 05648594 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(2).exe 2013-09-13 18:44 - 2013-09-13 18:44 - 00000000 ____D C:\Users\admi\Documents\Green Button Ex 2013-09-13 17:49 - 2013-09-13 19:38 - 00000000 ____D C:\Users\admi\Downloads\Green Button Ex 2013-09-13 17:48 - 2013-09-13 17:49 - 00470631 _____ C:\Users\admi\Downloads\Green Button Ex.zip 2013-09-13 15:04 - 2013-09-21 07:42 - 00309944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-13 04:25 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-13 04:25 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-12 17:51 - 2013-09-12 17:51 - 00000513 _____ C:\Users\Katja\Desktop\movieplay.lnk 2013-09-12 16:54 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 16:51 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 16:51 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 16:51 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 16:51 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 16:51 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys 2013-09-12 16:51 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll 2013-09-12 16:51 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-09-12 16:51 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2013-09-12 16:51 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2013-09-12 16:51 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-09-12 16:51 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2013-09-12 16:51 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-09-12 16:51 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2013-09-12 16:51 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll 2013-09-12 16:51 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll 2013-09-12 16:50 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 16:50 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 16:50 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 16:50 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 16:50 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 16:50 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 16:50 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-12 16:50 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 16:50 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-09-12 16:50 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys 2013-09-12 16:50 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2013-09-12 16:50 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2013-09-12 16:50 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll 2013-09-12 16:50 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll 2013-09-12 16:50 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-09-12 16:50 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-09-12 16:50 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll 2013-09-12 16:50 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2013-09-12 16:50 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-09-12 16:50 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-09-12 16:50 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-09-12 16:50 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2013-09-12 16:50 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml 2013-09-12 16:50 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe 2013-09-12 16:50 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe 2013-09-12 16:50 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2013-09-12 16:50 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2013-09-12 16:50 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2013-09-12 16:50 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-09-12 16:50 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2013-09-12 16:50 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2013-09-12 16:50 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-09-12 16:50 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll 2013-09-12 16:50 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll 2013-09-12 16:50 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll 2013-09-12 16:50 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2013-09-12 16:50 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll 2013-09-12 16:50 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2013-09-12 16:50 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2013-09-12 16:50 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2013-09-12 16:50 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-09-12 16:50 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-09-12 16:50 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-09-12 16:50 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-09-12 16:50 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-09-12 16:50 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-09-12 16:50 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-09-12 16:50 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6 2013-09-09 17:51 - 2013-09-09 18:22 - 00000000 ____D C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0 2013-09-09 17:47 - 2013-09-09 17:50 - 730450857 _____ C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0.zip 2013-09-09 17:47 - 2013-09-09 17:47 - 00000000 ____D C:\Users\admi\Downloads\sf 2013-09-09 17:46 - 2013-09-09 17:46 - 00271698 _____ C:\Users\admi\Downloads\Smartflashxpr0nx.rar 2013-09-09 17:46 - 2013-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-09-09 17:46 - 2013-06-28 11:45 - 00036352 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00034816 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00028160 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys 2013-09-09 17:46 - 2013-04-18 16:14 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys 2013-09-09 17:46 - 2013-04-18 16:12 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys 2013-09-09 17:46 - 2011-07-18 06:03 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01005.dll 2013-09-09 17:45 - 2013-09-09 17:45 - 11412680 _____ (LG Electronics) C:\Users\admi\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe 2013-09-09 17:27 - 2013-09-09 17:31 - 427401773 _____ C:\Users\admi\Downloads\DjangoManoucheX1.3_30A.zip 2013-09-09 17:25 - 2013-09-09 17:25 - 08755085 _____ C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6.zip 2013-09-08 14:18 - 2013-09-08 14:19 - 00000000 ____D C:\Users\admi\Downloads\nvflash 2013-09-08 14:18 - 2013-09-08 14:18 - 11371856 _____ C:\Users\admi\Downloads\2x-nvflashdrivers.zip 2013-09-08 14:16 - 2013-09-08 14:16 - 00000000 ____D C:\Users\admi\Downloads\rooted_system V30A 2013-09-08 14:15 - 2013-09-08 14:16 - 247849994 _____ C:\Users\admi\Downloads\rooted_system+V30A.rar 2013-09-08 13:21 - 2013-09-08 13:46 - 00000000 ____D C:\Users\admi\Desktop\Bilder Katja Handy 2013-09-02 18:07 - 2013-09-02 18:07 - 20128896 _____ (CM&V ) C:\Users\admi\Downloads\Mheg5Setup.exe 2013-09-02 17:50 - 2013-09-02 17:50 - 00730346 _____ C:\Users\admi\Downloads\TransEdit_4_0_3.zip 2013-09-02 17:28 - 2013-09-02 17:28 - 05654871 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(1).exe ==================== One Month Modified Files and Folders ======= 2013-09-29 13:51 - 2013-09-29 13:51 - 00000000 ____D C:\FRST 2013-09-29 13:49 - 2013-09-29 13:49 - 00000470 _____ C:\Users\admi\Desktop\defogger_disable.log 2013-09-29 13:49 - 2013-09-29 13:49 - 00000000 _____ C:\Users\admi\defogger_reenable 2013-09-29 13:49 - 2012-12-28 14:00 - 00000000 ____D C:\Users\admi 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Downloads\of84r3ec.exe 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Desktop\gmer_2.1.19163.exe 2013-09-29 13:43 - 2013-09-29 13:43 - 01953880 _____ (Farbar) C:\Users\admi\Desktop\FRST64.exe 2013-09-29 13:42 - 2013-09-29 13:42 - 00050477 _____ C:\Users\admi\Desktop\Defogger.exe 2013-09-29 13:32 - 2013-04-20 16:27 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001UA.job 2013-09-29 13:32 - 2012-12-28 14:00 - 01486670 _____ C:\Windows\WindowsUpdate.log 2013-09-29 13:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-09-29 13:20 - 2013-09-24 21:15 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-29 13:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2013-09-29 10:18 - 2013-09-24 21:15 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 10:13 - 2013-01-22 22:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Skype 2013-09-29 07:18 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat 2013-09-29 07:18 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat 2013-09-29 07:18 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-29 07:17 - 2013-01-02 16:52 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-226450521-3467199563-867659190-1002 2013-09-29 07:11 - 2013-05-30 17:37 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-29 07:11 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-28 17:15 - 2012-12-28 14:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-226450521-3467199563-867659190-1001 2013-09-28 16:32 - 2013-04-20 16:27 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001Core.job 2013-09-28 14:57 - 2012-12-28 13:53 - 00090032 _____ C:\Windows\PFRO.log 2013-09-28 14:56 - 2012-07-26 07:26 - 00786432 ___SH C:\Windows\system32\config\BBI 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Users\admi\AppData\Roaming\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-28 14:19 - 2013-09-28 14:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\admi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-25 21:30 - 2013-06-21 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-09-25 21:30 - 2013-01-22 15:05 - 00000000 ____D C:\ProgramData\Skype 2013-09-25 21:29 - 2013-09-25 21:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Google 2013-09-25 20:41 - 2013-01-02 14:29 - 00000000 ____D C:\Users\admi\AppData\Roaming\Dropbox 2013-09-25 20:39 - 2013-01-02 14:31 - 00000000 ___RD C:\Users\admi\Dropbox 2013-09-25 18:18 - 2013-09-24 21:13 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-09-25 17:33 - 2013-01-19 17:05 - 00000000 ____D C:\ProgramData\SaveByclick 2013-09-25 17:33 - 2013-01-19 17:05 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-25 17:24 - 2013-09-24 21:13 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-24 21:15 - 2013-09-24 21:15 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-24 21:15 - 2013-09-24 21:15 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Users\admi\AppData\Local\Deployment 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-24 21:15 - 2013-02-19 17:53 - 00000000 ____D C:\Users\admi\AppData\Local\Apps\2.0 2013-09-24 21:15 - 2013-01-19 17:05 - 00000000 ____D C:\Users\admi\AppData\Local\Google 2013-09-24 21:13 - 2013-09-24 21:13 - 00041216 _____ C:\Users\admi\Downloads\chrome-en-t.zip 2013-09-24 21:13 - 2013-09-24 21:13 - 00000000 ____D C:\Users\admi\AppData\Local\BonanzaDealsLive 2013-09-24 21:13 - 2013-09-24 21:13 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-09-21 07:42 - 2013-09-13 15:04 - 00309944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\admi\AppData\Roaming\OpenOffice 2013-09-20 20:07 - 2013-09-20 20:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-20 20:06 - 2013-09-20 20:03 - 162401424 _____ C:\Users\admi\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe 2013-09-19 17:22 - 2013-01-09 19:27 - 00000000 ____D C:\Users\admi\Documents\WISO Mein Geld 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iTunes 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iPod 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-19 01:26 - 2013-09-13 04:25 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 01:26 - 2013-09-13 04:25 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-16 20:15 - 2013-01-09 20:38 - 00000600 _____ C:\Users\admi\AppData\Local\PUTTY.RND 2013-09-15 22:22 - 2013-09-15 10:31 - 00000000 ____D C:\ProgramData\my_scripts 2013-09-15 10:29 - 2012-12-29 11:48 - 00000000 ____D C:\Program Files (x86)\DVBViewer 2013-09-15 10:28 - 2013-09-15 10:28 - 05648594 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(2).exe 2013-09-15 10:27 - 2012-12-29 11:46 - 00000000 ____D C:\ProgramData\CMUV 2013-09-15 09:43 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-09-13 19:38 - 2013-09-13 17:49 - 00000000 ____D C:\Users\admi\Downloads\Green Button Ex 2013-09-13 18:44 - 2013-09-13 18:44 - 00000000 ____D C:\Users\admi\Documents\Green Button Ex 2013-09-13 17:49 - 2013-09-13 17:48 - 00470631 _____ C:\Users\admi\Downloads\Green Button Ex.zip 2013-09-12 21:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-09-12 21:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-12 21:50 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe 2013-09-12 19:38 - 2012-07-26 09:21 - 00046864 _____ C:\Windows\setupact.log 2013-09-12 17:52 - 2013-08-15 21:08 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 17:51 - 2013-09-12 17:51 - 00000513 _____ C:\Users\Katja\Desktop\movieplay.lnk 2013-09-12 17:50 - 2012-12-29 00:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6 2013-09-09 18:22 - 2013-09-09 17:51 - 00000000 ____D C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0 2013-09-09 17:50 - 2013-09-09 17:47 - 730450857 _____ C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0.zip 2013-09-09 17:47 - 2013-09-09 17:47 - 00000000 ____D C:\Users\admi\Downloads\sf 2013-09-09 17:46 - 2013-09-09 17:46 - 00271698 _____ C:\Users\admi\Downloads\Smartflashxpr0nx.rar 2013-09-09 17:46 - 2013-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-09-09 17:46 - 2012-12-29 11:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-09 17:45 - 2013-09-09 17:45 - 11412680 _____ (LG Electronics) C:\Users\admi\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe 2013-09-09 17:31 - 2013-09-09 17:27 - 427401773 _____ C:\Users\admi\Downloads\DjangoManoucheX1.3_30A.zip 2013-09-09 17:25 - 2013-09-09 17:25 - 08755085 _____ C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6.zip 2013-09-08 14:19 - 2013-09-08 14:18 - 00000000 ____D C:\Users\admi\Downloads\nvflash 2013-09-08 14:18 - 2013-09-08 14:18 - 11371856 _____ C:\Users\admi\Downloads\2x-nvflashdrivers.zip 2013-09-08 14:16 - 2013-09-08 14:16 - 00000000 ____D C:\Users\admi\Downloads\rooted_system V30A 2013-09-08 14:16 - 2013-09-08 14:15 - 247849994 _____ C:\Users\admi\Downloads\rooted_system+V30A.rar 2013-09-08 13:46 - 2013-09-08 13:21 - 00000000 ____D C:\Users\admi\Desktop\Bilder Katja Handy 2013-09-02 20:43 - 2013-07-28 17:26 - 00000000 ____D C:\Users\admi\Desktop\Urlaub 2013 2013-09-02 18:11 - 2013-03-26 08:21 - 00000000 ____D C:\ProgramData\Package Cache 2013-09-02 18:07 - 2013-09-02 18:07 - 20128896 _____ (CM&V ) C:\Users\admi\Downloads\Mheg5Setup.exe 2013-09-02 17:50 - 2013-09-02 17:50 - 00730346 _____ C:\Users\admi\Downloads\TransEdit_4_0_3.zip 2013-09-02 17:28 - 2013-09-02 17:28 - 05654871 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(1).exe 2013-08-31 16:47 - 2012-12-28 14:00 - 00000000 ____D C:\Users\admi\AppData\Local\Packages Some content of TEMP: ==================== C:\Users\admi\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\admi\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\admi\AppData\Local\Temp\i4jdel0.exe C:\Users\admi\AppData\Local\Temp\npp.6.3.2.Installer.exe C:\Users\admi\AppData\Local\Temp\npp.6.4.3.Installer.exe C:\Users\admi\AppData\Local\Temp\npp.6.4.5.Installer.exe C:\Users\admi\AppData\Local\Temp\unrar.dll C:\Users\admi\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\admi\AppData\Local\Temp\xmlUpdater.exe C:\Users\Katja\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-28 17:15 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02 Ran by admi at 2013-09-29 13:51:55 Running from C:\Users\admi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AC3Filter 1.63b (x32 Version: 1.63b) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168) AMD Catalyst Install Manager (Version: 8.0.877.0) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6) AVM FRITZ!WLAN (x32) Bonjour (Version: 3.0.0.10) Bouquet Editor Suite v1.22 Uninstall (x32 Version: 1.2.2.0) Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190) D3DX10 (x32 Version: 15.4.2368.0902) Desktop Icon für Amazon (Version: 1.0.1 (de)) Dropbox (HKCU Version: 2.0.22) DVBViewer Pro (x32 Version: 5.2.8) DVBViewer Recording Service (x32 Version: 1.26.0) EITitor (x32 Version: 1.6.0) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2) FireJump (x32 Version: 1.0.2.7) Fotogalerie (x32 Version: 16.4.3505.0912) FRITZ!Powerline (x32 Version: 01.00.41) G-Filter (HKCU) Google Chrome (x32 Version: 29.0.1547.76) Google Update Helper (x32 Version: 1.3.23.0) Hauppauge WinTV 7 (x32 Version: v7.0.30312 (CD 2.6c)) iMON (x32 Version: 8.12) IP Camera Adapter (x32 Version: 1.0.0) iTunes (Version: 11.1.0.126) Java 7 Update 17 (64-bit) (Version: 7.0.170) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 7 Update 10 (64-bit) (Version: 1.7.0.100) JDownloader 0.9 (x32 Version: 0.9) JDownloader 2 (x32 Version: 2) LG United Mobile Driver (x32 Version: 3.10.1.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MHEG-5/HbbTV for DVBViewer Pro (x32 Version: 2.0.0.3) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Corporation (Version: 11.0.50727.0) Microsoft Corporation (x32 Version: 11.0.50727.0) Microsoft LifeCam (Version: 4.25.512.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) Mp3tag v2.54 (x32 Version: v2.54) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Notepad++ (x32 Version: 6.4.3) NVIDIA 3D Vision Controller-Treiber 314.16 (Version: 314.16) NVIDIA 3D Vision Treiber 314.16 (Version: 314.16) NVIDIA Grafiktreiber 314.16 (Version: 314.16) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1416) NVIDIA Systemsteuerung 314.16 (Version: 314.16) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenOffice 4.0.0 (x32 Version: 4.00.9702) PDF Architect (x32 Version: 1.0.52.8917) PDFCreator (x32 Version: 1.6.2) Photo Gallery (x32 Version: 16.4.3505.0912) PlayReady PC Runtime amd64 (Version: 1.3.10) QuickTime (x32 Version: 7.74.80.86) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0) Skype™ 6.7 (x32 Version: 6.7.102) TechniSat DVB-PC TV Star (x32 Version: 1.0.0) True Image 2013 (x32 Version: 16.0.5551) Unity Web Player (HKCU Version: ) VLC media player 2.0.4 (Version: 2.0.4) VLC media player 2.0.8 (x32 Version: 2.0.8) WEB.DE MailCheck für Internet Explorer (x32 Version: 1.9.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WISO Mein Geld 2013 Professional (x32 Version: 15.0.0.1) WISO Mein Geld 2013 Professional (x32) WISO Steuer-Sparbuch 2013 (x32 Version: 20.02.8171) ==================== Restore Points ========================= 28-09-2013 15:15:19 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {42F01567-84C4-4226-899E-FD7B1EC863C8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001UA => C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-20] (Facebook Inc.) Task: {4EF471DC-3FBD-4D00-AA55-5576DE500A1F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5BE2C7B2-ED2C-41DC-AB06-3C0A516733A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.) Task: {652B0398-B309-4F44-A1D6-326D27A626E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001Core => C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-20] (Facebook Inc.) Task: {B1ED697D-3815-4851-9A7B-14D2A457782E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {D6C18A84-5696-481C-A052-C107FF3F0F81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001Core.job => C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001UA.job => C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-29 11:48 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\DVBViewer\sqlite3.dll 2012-12-29 12:47 - 2010-12-31 14:34 - 00980992 _____ () C:\Program Files (x86)\DVBViewer\Plugins\Plugins1\ACamd.dll 2012-12-29 12:47 - 2010-12-31 14:34 - 00980992 _____ () C:\Program Files (x86)\DVBViewer\Plugins\Plugins2\ACamd.dll 2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2012-08-23 04:35 - 2012-08-23 04:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2012-08-23 04:31 - 2012-08-23 04:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll 2012-07-24 15:48 - 2012-07-24 15:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2012-12-29 12:47 - 2010-12-31 14:34 - 00980992 _____ () C:\Program Files (x86)\DVBViewer\Plugins\ACamd.dll 2012-12-29 12:47 - 2012-01-05 20:22 - 01136128 _____ () C:\Program Files (x86)\DVBViewer\Plugins\Online.dll 2012-12-29 12:47 - 2007-01-16 11:35 - 00080384 _____ () C:\Program Files (x86)\DVBViewer\Plugins\SoftCSA.dll 2013-09-02 18:10 - 2012-04-26 15:38 - 00239616 _____ () C:\Program Files (x86)\DVBViewer\libGLESv2.dll 2012-12-29 12:47 - 2008-06-25 08:22 - 00089600 _____ () C:\Program Files (x86)\DVBViewer\Plugins\UniStreaming.dll 2012-12-29 12:47 - 2010-11-16 19:43 - 01617920 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vplug.dll 2012-12-29 12:47 - 2009-12-20 16:19 - 00159744 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vHelper.mdl 2012-12-29 12:47 - 2008-08-30 09:54 - 00260639 _____ () C:\Program Files (x86)\DVBViewer\Plugins\sqlite.mdl 2012-12-29 12:47 - 2009-12-14 19:24 - 00019968 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\Cryptoworks.mdl 2012-12-29 12:47 - 2010-04-09 09:16 - 00009216 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\Irdeto.mdl 2012-12-29 12:47 - 2010-08-08 22:10 - 00054784 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\nagra.mdl 2012-12-29 12:47 - 2009-12-14 19:28 - 00006144 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\NDS.mdl 2012-12-29 12:47 - 2010-01-03 13:54 - 00095232 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\Seca.mdl 2012-12-29 12:47 - 2010-11-16 19:56 - 00016384 _____ () C:\Program Files (x86)\DVBViewer\Plugins\vModules\Viaccess.mdl 2013-09-02 18:10 - 2013-03-29 21:53 - 20758016 _____ () C:\Program Files (x86)\DVBViewer\libcef.dll 2013-09-02 18:10 - 2012-04-26 15:38 - 01094158 _____ () C:\Program Files (x86)\DVBViewer\avcodec-53.dll 2013-09-02 18:10 - 2012-04-26 15:38 - 00117262 _____ () C:\Program Files (x86)\DVBViewer\avutil-51.dll 2013-09-02 18:10 - 2012-04-26 15:38 - 00183822 _____ () C:\Program Files (x86)\DVBViewer\avformat-53.dll 2013-09-02 18:10 - 2012-04-26 15:38 - 00048128 _____ () C:\Program Files (x86)\DVBViewer\libegl.dll 2012-11-27 20:26 - 2013-01-04 20:11 - 00238528 _____ () C:\Users\admi\Downloads\LAVFilters-0.54.1\avutil-lav-52.dll 2012-11-27 20:26 - 2013-01-04 20:11 - 07871432 _____ () C:\Users\admi\Downloads\LAVFilters-0.54.1\avcodec-lav-54.dll 2012-11-27 20:26 - 2013-01-04 20:11 - 00382120 _____ () C:\Users\admi\Downloads\LAVFilters-0.54.1\swscale-lav-2.dll 2012-11-27 20:26 - 2013-01-04 20:11 - 00167728 _____ () C:\Users\admi\Downloads\LAVFilters-0.54.1\avfilter-lav-3.dll 2012-12-29 11:50 - 2009-08-11 22:19 - 00797184 _____ () C:\Program Files (x86)\AC3Filter\ac3filter.ax 2012-12-29 11:50 - 2009-08-11 22:21 - 01021440 _____ () C:\Program Files (x86)\AC3Filter\ac3filter_intl.dll 2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-09-24 21:16 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll 2013-09-24 21:16 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll 2013-09-24 21:16 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll 2013-09-24 21:16 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll 2013-09-24 21:16 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/29/2013 01:20:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 00:20:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 11:20:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 10:20:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 10:18:52 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 5.2.8.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: FFDecsa_64_MMX.mdl, Version: 0.0.0.0, Zeitstempel: 0x41951f4a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000090e0 ID des fehlerhaften Prozesses: 0x97d0 Startzeit der fehlerhaften Anwendung: 0xdvbviewer.exe0 Pfad der fehlerhaften Anwendung: dvbviewer.exe1 Pfad des fehlerhaften Moduls: dvbviewer.exe2 Berichtskennung: dvbviewer.exe3 Vollständiger Name des fehlerhaften Pakets: dvbviewer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dvbviewer.exe5 Error: (09/29/2013 10:18:51 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/29/2013 09:20:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 08:56:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/29/2013 08:20:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi Error: (09/29/2013 07:20:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi System errors: ============= Error: (09/29/2013 07:11:58 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/29/2013 07:11:56 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 29.09.2013 um 07:07:41 unerwartet heruntergefahren. Error: (09/29/2013 07:07:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/29/2013 07:07:41 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 28.09.2013 um 22:17:28 unerwartet heruntergefahren. Error: (09/28/2013 02:57:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/28/2013 09:05:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/28/2013 06:15:20 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/27/2013 02:24:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/27/2013 04:13:46 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (09/26/2013 05:13:03 PM) (Source: DCOM) (User: HTPC) Description: {03E64E17-B220-4052-9B9B-155F9CB8E016} Microsoft Office Sessions: ========================= Error: (09/29/2013 01:20:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 00:20:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 11:20:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 10:20:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 10:18:52 AM) (Source: Application Error)(User: ) Description: dvbviewer.exe5.2.8.02a425e19FFDecsa_64_MMX.mdl0.0.0.041951f4ac0000005000090e097d001cebcec870455a9C:\Program Files (x86)\DVBViewer\dvbviewer.exeC:\Program Files (x86)\DVBViewer\Plugins\csa\FFDecsa_64_MMX.mdlc5b91813-28df-11e3-80be-001fc6893ef4 Error: (09/29/2013 10:18:51 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\DVBViewer\mheg_decoder.dll Error: (09/29/2013 09:20:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 08:56:42 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\DVBViewer\mheg_decoder.dll Error: (09/29/2013 08:20:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/29/2013 07:20:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.21.153\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 4095.11 MB Available physical RAM: 2028.34 MB Total Pagefile: 4799.11 MB Available Pagefile: 1894.63 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Volume) (Fixed) (Total:111.79 GB) (Free:52.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:424.38 GB) NTFS Drive y: (Harddisk) (Network) (Total:1862.44 GB) (Free:690.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 3461EE6C) Partition 1: (Not Active) - (Size=466 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 00880088) Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-29 14:04:36 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-9 OCZ-VERTEX3 rev.2.25 111,79GB Running: gmer_2.1.19163.exe; Driver: C:\Users\admi\AppData\Local\Temp\ugloipog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001f9200 7 bytes [40, 3B, 82, 01, 00, 53, F2] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001f9208 7 bytes [01, 63, C0, FF, 00, 17, DB] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[500] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\atiesrxx.exe[500] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Windows\System32\GFilterSvc.exe[2132] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\System32\GFilterSvc.exe[2132] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[2472] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[2472] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\dwm.exe[34460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\dwm.exe[34460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\atieclxx.exe[52300] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\atieclxx.exe[52300] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\atieclxx.exe[52300] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007fd422f1b32 4 bytes [2F, 42, FD, 07] .text C:\Windows\system32\atieclxx.exe[52300] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007fd422f1b3a 4 bytes [2F, 42, FD, 07] .text C:\Windows\Explorer.EXE[33020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\Explorer.EXE[33020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Windows\Explorer.EXE[33020] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd41cb1532 4 bytes [CB, 41, FD, 07] .text C:\Windows\Explorer.EXE[33020] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd41cb153a 4 bytes [CB, 41, FD, 07] .text C:\Windows\Explorer.EXE[33020] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd41cb165a 4 bytes [CB, 41, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[33100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd41cb1532 4 bytes [CB, 41, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[33100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd41cb153a 4 bytes [CB, 41, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[33100] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd41cb165a 4 bytes [CB, 41, FD, 07] .text C:\Windows\system32\nvvsvc.exe[32672] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fd41cb1532 4 bytes [CB, 41, FD, 07] .text C:\Windows\system32\nvvsvc.exe[32672] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fd41cb153a 4 bytes [CB, 41, FD, 07] .text C:\Windows\system32\nvvsvc.exe[32672] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd41cb165a 4 bytes [CB, 41, FD, 07] .text C:\Windows\system32\nvvsvc.exe[32672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\nvvsvc.exe[32672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[34912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd41cb1532 4 bytes [CB, 41, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[34912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd41cb153a 4 bytes [CB, 41, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[34912] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd41cb165a 4 bytes [CB, 41, FD, 07] .text C:\Windows\system32\wwahost.exe[69032] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd46b6177a 4 bytes [B6, 46, FD, 07] .text C:\Windows\system32\wwahost.exe[69032] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd46b61782 4 bytes [B6, 46, FD, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [27816:33924] fffff9600084c5e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 426316512 ---- EOF - GMER 2.1 ---- Danke Steffen |
29.09.2013, 13:44 | #2 | |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Hallo Steffen,
__________________Zitat:
Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ |
29.09.2013, 13:53 | #3 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Das nenne ich ja mal schnelle Antwort.
__________________In der Systemsteuerung gibt es bei mir nur "Programme und Features", wenn ich rein gehe kann ich aber Programme deinstallieren - sollte also richtig sein. "Desktop Icon für Amazon" kann ich da auch deinstallieren, "G-Filter" finde ich aber nicht. Soll ich nur das eine deinstallieren und dann adwcleaner laufen lassen? Steffen |
29.09.2013, 13:57 | #4 |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Genau, einfach deinstallieren, was du siehst und dann weiter.
__________________ cheers, Leo |
29.09.2013, 14:20 | #5 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Desktop Icon für Amazon hab ich deinstalliert. AdwCleaner findet "G-Filter Service", beim Löschen stürzt AdwCleaner jedoch ab - "adwcleaner.exe funktioniert nicht mehr". Hab dann einen manuellen Neustart gemacht und AdwCleaner nochmal gestartet, G-Filter war noch da, beim Löschen wieder Absturz. Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 29/09/2013 um 15:01:39 # Updated 22/09/2013 von Xplode # Betriebssystem : Windows 8 Pro with Media Center (64 bits) # Benutzername : admi - HTPC # Gestartet von : C:\Users\admi\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** Moment, jetzt ging es Log's kommen gleich. Meine USB-TV-Box scheint da etwas behindert zu haben. Hab sie abgezogen dann ging es. Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 29/09/2013 um 15:12:47 # Updated 22/09/2013 von Xplode # Betriebssystem : Windows 8 Pro with Media Center (64 bits) # Benutzername : admi - HTPC # Gestartet von : C:\Users\admi\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : GFilterSvc ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive Ordner Gelöscht : C:\ProgramData\clsoft ltd Ordner Gelöscht : C:\ProgramData\SaveByClick Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByClick Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive Ordner Gelöscht : C:\Users\admi\AppData\Local\BonanzaDealsLive Ordner Gelöscht : C:\Users\admi\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\admi\AppData\LocalLow\SaveByClick Ordner Gelöscht : C:\Users\admi\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\admi\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\Ben02\AppData\LocalLow\SaveByClick Datei Gelöscht : C:\Windows\System32\GFilterSvc.exe Datei Gelöscht : C:\Users\admi\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}] Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1 ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16688 -\\ Mozilla Firefox v23.0.1 (de) [ Datei : C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\prefs.js ] Zeile gelöscht : user_pref("extensions.50fab6f14ef84.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...] Zeile gelöscht : user_pref("extensions.crossrider.bic", "1415167a8d3316b18c5179f0ba989d4a"); [ Datei : C:\Users\Ben02\AppData\Roaming\Mozilla\Firefox\Profiles\s10p9h9v.default\prefs.js ] -\\ Google Chrome v29.0.1547.76 [ Datei : C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\Ben02\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3770 octets] - [29/09/2013 15:00:57] AdwCleaner[R1].txt - [3889 octets] - [29/09/2013 15:05:20] AdwCleaner[R2].txt - [4008 octets] - [29/09/2013 15:07:41] AdwCleaner[R3].txt - [4068 octets] - [29/09/2013 15:12:11] AdwCleaner[S0].txt - [297 octets] - [29/09/2013 15:01:39] AdwCleaner[S1].txt - [297 octets] - [29/09/2013 15:06:02] AdwCleaner[S2].txt - [3507 octets] - [29/09/2013 15:12:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3567 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by admi (administrator) on HTPC on 29-09-2013 15:16:21 Running from C:\Users\admi\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CM & V) C:\Program Files (x86)\DVBViewer\DVBVservice.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe () C:\Windows\system32\autoplby.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Oliver Frietsch) C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe (CM&V Hackbart) C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\DVBViewer\Plugins\Display\IMONPlugin.exe (CM&V Hackbart) C:\Program Files (x86)\DVBViewer\HTTPServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKCU\...\Run: [WTVIRBridge] - C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe [522240 2012-12-30] (Oliver Frietsch) HKCU\...\Run: [DVBV Service Ctrl] - C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe [87552 2012-04-11] (CM&V Hackbart) HKCU\...\Run: [Facebook Update] - C:\Users\admi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-20] (Facebook Inc.) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MountPoints2: {380d6491-80fc-11e2-bee6-001f3f028894} - "I:\pushinst.exe" HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [iMON] - C:\Program Files (x86)\SoundGraph\iMON\iMON.exe [3833856 2011-12-02] (SoundGraph, Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1461896 2012-11-22] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKU\Katja\...\Run: [WTVIRBridge] - C:\Program Files (x86)\DVBViewer\WTVIRBridge\WTVIRBridge.exe [522240 2012-12-30] (Oliver Frietsch) HKU\Katja\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.) Startup: C:\Users\admi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\admi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\admi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.bat - Verknüpfung.lnk ShortcutTarget: Start.bat - Verknüpfung.lnk -> C:\Program Files (x86)\DVBViewer\Start.bat () Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Verknüpfung.lnk ShortcutTarget: Start - Verknüpfung.lnk -> C:\Program Files (x86)\DVBViewer\Start.bat () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8F3D197F4E4CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {444B9A39-C17A-4A76-B550-0981E1393564} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {5CC57BB4-98E5-4E0E-94C6-ADEEC1F2C9D4} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {AEAB8E93-D92F-44CF-AA81-756AB30365ED} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {DFEBEAB4-349A-4EB0-A807-1185CBF58569} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default FF Homepage: hxxp://www.web.de FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/22a8c7d16ba12462e1572c56bf587e29/proxy.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\admi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\admi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\Extensions\firejump_1028.zip FF Extension: No Name - C:\Users\admi\AppData\Roaming\Mozilla\Firefox\Profiles\737if9f3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt Chrome: ======= CHR HomePage: hxxp://www.web.de/ CHR RestoreOnStartup: "hxxp://www.web.de/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\admi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\admi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 DVBVRecorder; C:\Program Files (x86)\DVBViewer\DVBVservice.exe [866944 2013-05-21] (CM & V) R2 Fondue32; C:\Windows\system32\autoplby.exe [117760 2013-07-12] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) S3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MTSBDA; C:\Windows\System32\Drivers\MtsBda.sys [344592 2010-09-15] (TechniSat Provide) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2010-09-15] (TechniSat Provide) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-25] (Acronis) S3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [527632 2012-12-29] (TechniSat Digital S.A.) S3 UDST7000HID; C:\Windows\system32\drivers\UDST7000HID.sys [27664 2012-12-29] (TechniSat Digital S.A.) S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.) S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.) R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-29 15:10 - 2013-09-29 15:01 - 00000297 _____ C:\Users\admi\Desktop\AdwCleaner[S0].txt 2013-09-29 15:00 - 2013-09-29 15:13 - 00000000 ____D C:\AdwCleaner 2013-09-29 14:59 - 2013-09-29 14:59 - 01042066 _____ C:\Users\admi\Desktop\adwcleaner.exe 2013-09-29 14:04 - 2013-09-29 14:04 - 00006168 _____ C:\Users\admi\Desktop\Gmer.txt 2013-09-29 13:51 - 2013-09-29 13:52 - 00023087 _____ C:\Users\admi\Desktop\Addition.txt 2013-09-29 13:51 - 2013-09-29 13:51 - 00000000 ____D C:\FRST 2013-09-29 13:49 - 2013-09-29 13:49 - 00000470 _____ C:\Users\admi\Desktop\defogger_disable.log 2013-09-29 13:49 - 2013-09-29 13:49 - 00000000 _____ C:\Users\admi\defogger_reenable 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Downloads\of84r3ec.exe 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Desktop\gmer_2.1.19163.exe 2013-09-29 13:43 - 2013-09-29 13:43 - 01953880 _____ (Farbar) C:\Users\admi\Desktop\FRST64.exe 2013-09-29 13:42 - 2013-09-29 13:42 - 00050477 _____ C:\Users\admi\Desktop\Defogger.exe 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Users\admi\AppData\Roaming\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-28 14:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-28 14:19 - 2013-09-28 14:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\admi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-25 21:29 - 2013-09-25 21:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Google 2013-09-24 21:15 - 2013-09-29 15:14 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-24 21:15 - 2013-09-29 14:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-24 21:15 - 2013-09-24 21:15 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-24 21:15 - 2013-09-24 21:15 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Users\admi\AppData\Local\Deployment 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-24 21:13 - 2013-09-25 17:24 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-24 21:13 - 2013-09-24 21:13 - 00041216 _____ C:\Users\admi\Downloads\chrome-en-t.zip 2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\admi\AppData\Roaming\OpenOffice 2013-09-20 20:07 - 2013-09-20 20:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-20 20:03 - 2013-09-20 20:06 - 162401424 _____ C:\Users\admi\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iTunes 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iPod 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-16 20:46 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2013-09-15 10:31 - 2013-09-15 22:22 - 00000000 ____D C:\ProgramData\my_scripts 2013-09-15 10:28 - 2013-09-15 10:28 - 05648594 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(2).exe 2013-09-13 18:44 - 2013-09-13 18:44 - 00000000 ____D C:\Users\admi\Documents\Green Button Ex 2013-09-13 17:49 - 2013-09-13 19:38 - 00000000 ____D C:\Users\admi\Downloads\Green Button Ex 2013-09-13 17:48 - 2013-09-13 17:49 - 00470631 _____ C:\Users\admi\Downloads\Green Button Ex.zip 2013-09-13 15:04 - 2013-09-21 07:42 - 00309944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-13 04:25 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-13 04:25 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-12 17:51 - 2013-09-12 17:51 - 00000513 _____ C:\Users\Katja\Desktop\movieplay.lnk 2013-09-12 16:54 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 16:51 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 16:51 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 16:51 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 16:51 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 16:51 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys 2013-09-12 16:51 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll 2013-09-12 16:51 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-09-12 16:51 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2013-09-12 16:51 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2013-09-12 16:51 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-09-12 16:51 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2013-09-12 16:51 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2013-09-12 16:51 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll 2013-09-12 16:51 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-09-12 16:51 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2013-09-12 16:51 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll 2013-09-12 16:51 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll 2013-09-12 16:50 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 16:50 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 16:50 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 16:50 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 16:50 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 16:50 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 16:50 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 16:50 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 16:50 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-12 16:50 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 16:50 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-09-12 16:50 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys 2013-09-12 16:50 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2013-09-12 16:50 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2013-09-12 16:50 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2013-09-12 16:50 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll 2013-09-12 16:50 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll 2013-09-12 16:50 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-09-12 16:50 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-09-12 16:50 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll 2013-09-12 16:50 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2013-09-12 16:50 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-09-12 16:50 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-09-12 16:50 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-09-12 16:50 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2013-09-12 16:50 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml 2013-09-12 16:50 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe 2013-09-12 16:50 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe 2013-09-12 16:50 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2013-09-12 16:50 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2013-09-12 16:50 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2013-09-12 16:50 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-09-12 16:50 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2013-09-12 16:50 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2013-09-12 16:50 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-09-12 16:50 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll 2013-09-12 16:50 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll 2013-09-12 16:50 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll 2013-09-12 16:50 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2013-09-12 16:50 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll 2013-09-12 16:50 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2013-09-12 16:50 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2013-09-12 16:50 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2013-09-12 16:50 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-09-12 16:50 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-09-12 16:50 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-09-12 16:50 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-09-12 16:50 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-09-12 16:50 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-09-12 16:50 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-09-12 16:50 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6 2013-09-09 17:51 - 2013-09-09 18:22 - 00000000 ____D C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0 2013-09-09 17:47 - 2013-09-09 17:50 - 730450857 _____ C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0.zip 2013-09-09 17:47 - 2013-09-09 17:47 - 00000000 ____D C:\Users\admi\Downloads\sf 2013-09-09 17:46 - 2013-09-09 17:46 - 00271698 _____ C:\Users\admi\Downloads\Smartflashxpr0nx.rar 2013-09-09 17:46 - 2013-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-09-09 17:46 - 2013-06-28 11:45 - 00036352 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00034816 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00028160 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys 2013-09-09 17:46 - 2013-04-24 10:15 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys 2013-09-09 17:46 - 2013-04-18 16:14 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys 2013-09-09 17:46 - 2013-04-18 16:12 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys 2013-09-09 17:46 - 2011-07-18 06:03 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01005.dll 2013-09-09 17:45 - 2013-09-09 17:45 - 11412680 _____ (LG Electronics) C:\Users\admi\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe 2013-09-09 17:27 - 2013-09-09 17:31 - 427401773 _____ C:\Users\admi\Downloads\DjangoManoucheX1.3_30A.zip 2013-09-09 17:25 - 2013-09-09 17:25 - 08755085 _____ C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6.zip 2013-09-08 14:18 - 2013-09-08 14:19 - 00000000 ____D C:\Users\admi\Downloads\nvflash 2013-09-08 14:18 - 2013-09-08 14:18 - 11371856 _____ C:\Users\admi\Downloads\2x-nvflashdrivers.zip 2013-09-08 14:16 - 2013-09-08 14:16 - 00000000 ____D C:\Users\admi\Downloads\rooted_system V30A 2013-09-08 14:15 - 2013-09-08 14:16 - 247849994 _____ C:\Users\admi\Downloads\rooted_system+V30A.rar 2013-09-08 13:21 - 2013-09-08 13:46 - 00000000 ____D C:\Users\admi\Desktop\Bilder Katja Handy 2013-09-02 18:07 - 2013-09-02 18:07 - 20128896 _____ (CM&V ) C:\Users\admi\Downloads\Mheg5Setup.exe 2013-09-02 17:50 - 2013-09-02 17:50 - 00730346 _____ C:\Users\admi\Downloads\TransEdit_4_0_3.zip 2013-09-02 17:28 - 2013-09-02 17:28 - 05654871 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(1).exe ==================== One Month Modified Files and Folders ======= 2013-09-29 15:14 - 2013-09-24 21:15 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 15:13 - 2013-09-29 15:00 - 00000000 ____D C:\AdwCleaner 2013-09-29 15:13 - 2013-05-30 17:37 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-29 15:13 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-29 15:13 - 2012-07-26 07:26 - 00786432 ___SH C:\Windows\system32\config\BBI 2013-09-29 15:10 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat 2013-09-29 15:10 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat 2013-09-29 15:10 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-29 15:03 - 2012-12-28 14:00 - 01495191 _____ C:\Windows\WindowsUpdate.log 2013-09-29 15:01 - 2013-09-29 15:10 - 00000297 _____ C:\Users\admi\Desktop\AdwCleaner[S0].txt 2013-09-29 15:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2013-09-29 14:59 - 2013-09-29 14:59 - 01042066 _____ C:\Users\admi\Desktop\adwcleaner.exe 2013-09-29 14:20 - 2013-09-24 21:15 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-29 14:04 - 2013-09-29 14:04 - 00006168 _____ C:\Users\admi\Desktop\Gmer.txt 2013-09-29 13:52 - 2013-09-29 13:51 - 00023087 _____ C:\Users\admi\Desktop\Addition.txt 2013-09-29 13:51 - 2013-09-29 13:51 - 00000000 ____D C:\FRST 2013-09-29 13:49 - 2013-09-29 13:49 - 00000470 _____ C:\Users\admi\Desktop\defogger_disable.log 2013-09-29 13:49 - 2013-09-29 13:49 - 00000000 _____ C:\Users\admi\defogger_reenable 2013-09-29 13:49 - 2012-12-28 14:00 - 00000000 ____D C:\Users\admi 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Downloads\of84r3ec.exe 2013-09-29 13:44 - 2013-09-29 13:44 - 00377856 _____ C:\Users\admi\Desktop\gmer_2.1.19163.exe 2013-09-29 13:43 - 2013-09-29 13:43 - 01953880 _____ (Farbar) C:\Users\admi\Desktop\FRST64.exe 2013-09-29 13:42 - 2013-09-29 13:42 - 00050477 _____ C:\Users\admi\Desktop\Defogger.exe 2013-09-29 13:32 - 2013-04-20 16:27 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001UA.job 2013-09-29 13:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-09-29 10:13 - 2013-01-22 22:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Skype 2013-09-29 07:17 - 2013-01-02 16:52 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-226450521-3467199563-867659190-1002 2013-09-28 17:15 - 2012-12-28 14:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-226450521-3467199563-867659190-1001 2013-09-28 16:32 - 2013-04-20 16:27 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-226450521-3467199563-867659190-1001Core.job 2013-09-28 14:57 - 2012-12-28 13:53 - 00090032 _____ C:\Windows\PFRO.log 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Users\admi\AppData\Roaming\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-28 14:20 - 2013-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-28 14:19 - 2013-09-28 14:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\admi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-25 21:30 - 2013-06-21 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-09-25 21:30 - 2013-01-22 15:05 - 00000000 ____D C:\ProgramData\Skype 2013-09-25 21:29 - 2013-09-25 21:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Google 2013-09-25 20:41 - 2013-01-02 14:29 - 00000000 ____D C:\Users\admi\AppData\Roaming\Dropbox 2013-09-25 20:39 - 2013-01-02 14:31 - 00000000 ___RD C:\Users\admi\Dropbox 2013-09-25 17:33 - 2013-01-19 17:05 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-25 17:24 - 2013-09-24 21:13 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-24 21:15 - 2013-09-24 21:15 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-24 21:15 - 2013-09-24 21:15 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Users\admi\AppData\Local\Deployment 2013-09-24 21:15 - 2013-09-24 21:15 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-24 21:15 - 2013-02-19 17:53 - 00000000 ____D C:\Users\admi\AppData\Local\Apps\2.0 2013-09-24 21:15 - 2013-01-19 17:05 - 00000000 ____D C:\Users\admi\AppData\Local\Google 2013-09-24 21:13 - 2013-09-24 21:13 - 00041216 _____ C:\Users\admi\Downloads\chrome-en-t.zip 2013-09-21 07:42 - 2013-09-13 15:04 - 00309944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\admi\AppData\Roaming\OpenOffice 2013-09-20 20:07 - 2013-09-20 20:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-09-20 20:06 - 2013-09-20 20:03 - 162401424 _____ C:\Users\admi\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe 2013-09-19 17:22 - 2013-01-09 19:27 - 00000000 ____D C:\Users\admi\Documents\WISO Mein Geld 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iTunes 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files\iPod 2013-09-19 17:13 - 2013-09-19 17:13 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-19 01:26 - 2013-09-13 04:25 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-19 01:26 - 2013-09-13 04:25 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-16 20:15 - 2013-01-09 20:38 - 00000600 _____ C:\Users\admi\AppData\Local\PUTTY.RND 2013-09-15 22:22 - 2013-09-15 10:31 - 00000000 ____D C:\ProgramData\my_scripts 2013-09-15 10:29 - 2012-12-29 11:48 - 00000000 ____D C:\Program Files (x86)\DVBViewer 2013-09-15 10:28 - 2013-09-15 10:28 - 05648594 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(2).exe 2013-09-15 10:27 - 2012-12-29 11:46 - 00000000 ____D C:\ProgramData\CMUV 2013-09-15 09:43 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-09-13 19:38 - 2013-09-13 17:49 - 00000000 ____D C:\Users\admi\Downloads\Green Button Ex 2013-09-13 18:44 - 2013-09-13 18:44 - 00000000 ____D C:\Users\admi\Documents\Green Button Ex 2013-09-13 17:49 - 2013-09-13 17:48 - 00470631 _____ C:\Users\admi\Downloads\Green Button Ex.zip 2013-09-12 21:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-09-12 21:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-12 21:50 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe 2013-09-12 19:38 - 2012-07-26 09:21 - 00046864 _____ C:\Windows\setupact.log 2013-09-12 17:52 - 2013-08-15 21:08 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 17:51 - 2013-09-12 17:51 - 00000513 _____ C:\Users\Katja\Desktop\movieplay.lnk 2013-09-12 17:50 - 2012-12-29 00:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6 2013-09-09 18:22 - 2013-09-09 17:51 - 00000000 ____D C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0 2013-09-09 17:50 - 2013-09-09 17:47 - 730450857 _____ C:\Users\admi\Downloads\BIN_LGP990AT-00-V30a-EUR-XXX-NOV-30-2012+0.zip 2013-09-09 17:47 - 2013-09-09 17:47 - 00000000 ____D C:\Users\admi\Downloads\sf 2013-09-09 17:46 - 2013-09-09 17:46 - 00271698 _____ C:\Users\admi\Downloads\Smartflashxpr0nx.rar 2013-09-09 17:46 - 2013-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-09-09 17:46 - 2012-12-29 11:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-09 17:45 - 2013-09-09 17:45 - 11412680 _____ (LG Electronics) C:\Users\admi\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe 2013-09-09 17:31 - 2013-09-09 17:27 - 427401773 _____ C:\Users\admi\Downloads\DjangoManoucheX1.3_30A.zip 2013-09-09 17:25 - 2013-09-09 17:25 - 08755085 _____ C:\Users\admi\Downloads\o2x-nvflash-bootloader_unlock_v30a+CWM6.zip 2013-09-08 14:19 - 2013-09-08 14:18 - 00000000 ____D C:\Users\admi\Downloads\nvflash 2013-09-08 14:18 - 2013-09-08 14:18 - 11371856 _____ C:\Users\admi\Downloads\2x-nvflashdrivers.zip 2013-09-08 14:16 - 2013-09-08 14:16 - 00000000 ____D C:\Users\admi\Downloads\rooted_system V30A 2013-09-08 14:16 - 2013-09-08 14:15 - 247849994 _____ C:\Users\admi\Downloads\rooted_system+V30A.rar 2013-09-08 13:46 - 2013-09-08 13:21 - 00000000 ____D C:\Users\admi\Desktop\Bilder Katja Handy 2013-09-02 20:43 - 2013-07-28 17:26 - 00000000 ____D C:\Users\admi\Desktop\Urlaub 2013 2013-09-02 18:11 - 2013-03-26 08:21 - 00000000 ____D C:\ProgramData\Package Cache 2013-09-02 18:07 - 2013-09-02 18:07 - 20128896 _____ (CM&V ) C:\Users\admi\Downloads\Mheg5Setup.exe 2013-09-02 17:50 - 2013-09-02 17:50 - 00730346 _____ C:\Users\admi\Downloads\TransEdit_4_0_3.zip 2013-09-02 17:28 - 2013-09-02 17:28 - 05654871 _____ (CM&V ) C:\Users\admi\Downloads\DVBViewer_setup(1).exe 2013-08-31 16:47 - 2012-12-28 14:00 - 00000000 ____D C:\Users\admi\AppData\Local\Packages Some content of TEMP: ==================== C:\Users\admi\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\admi\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\admi\AppData\Local\Temp\i4jdel0.exe C:\Users\admi\AppData\Local\Temp\npp.6.3.2.Installer.exe C:\Users\admi\AppData\Local\Temp\npp.6.4.3.Installer.exe C:\Users\admi\AppData\Local\Temp\npp.6.4.5.Installer.exe C:\Users\admi\AppData\Local\Temp\Quarantine.exe C:\Users\admi\AppData\Local\Temp\unrar.dll C:\Users\admi\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\admi\AppData\Local\Temp\xmlUpdater.exe C:\Users\Katja\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-28 17:15 ==================== End Of Log ============================ --- --- --- Nach dem Neustart kam von MBAM immer noch die Benachrichtigung, dass die IP blockiert wurde. Steffen |
29.09.2013, 14:30 | #6 |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Hallo Steffen, wir sind auch noch nicht fertig. Nach dem Fix in Schritt 1 sollten die IP-Blocks von MBAM verschwinden (nach einem Neustart). Korrekt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R2 Fondue32; C:\Windows\system32\autoplby.exe [117760 2013-07-12] () C:\Windows\system32\autoplby.exe 2013-09-24 21:13 - 2013-09-25 17:24 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
__________________ --> Windows 8: MBAM blockiert IP's 82.98.97.XXX |
29.09.2013, 16:56 | #7 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02 Ran by admi at 2013-09-29 15:37:35 Run:1 Running from C:\Users\admi\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** R2 Fondue32; C:\Windows\system32\autoplby.exe [117760 2013-07-12] () C:\Windows\system32\autoplby.exe 2013-09-24 21:13 - 2013-09-25 17:24 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals ***************** Fondue32 => Service deleted successfully. C:\Windows\system32\autoplby.exe => Moved successfully. C:\Program Files (x86)\BonanzaDeals => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f67ae50cefc2fd468d82f510885412a2 # engine=15299 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-29 03:52:55 # local_time=2013-09-29 05:52:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776573 100 94 7786 7753450 0 0 # scanned=244603 # found=5 # cleaned=0 # scan_time=7642 sh=8A2D5E5B32376A40F33D6C9881001425EC025205 ft=1 fh=aee95ab8a3a4911d vn="Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SaveByClick\50fab6f14f068.dll.vir" sh=39E1D277E209D8F875E45C45DBA816AF9C3D0070 ft=1 fh=280332acdbfd44cf vn="a variant of Win64/Agent.BL trojan" ac=I fn="C:\FRST\Quarantine\autoplby.exe" sh=2428E8BBE3DBD5CD53CB9DDEAB85C5CF89A4D45C ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OOZ trojan" ac=I fn="C:\Users\admi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\776e21b2-4a487ccd" sh=2EA01BDDE25D4303699A47C59405AACF07BCE798 ft=1 fh=ff4d777e01df7e28 vn="Win32/StartPage.OPH trojan" ac=I fn="C:\Users\admi\Downloads\vlc-2.0.4-win64.exe" sh=CF7F0D6967876D2F95B397DC5C2E4E85E6041D69 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ben02\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\515108d-4b572e28" |
29.09.2013, 17:04 | #8 |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Und die IP-Blocks von MBAM sind jetzt (nach einem Neustart) weg?
__________________ cheers, Leo |
29.09.2013, 17:07 | #9 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Ja, bis jetzt kam nichts mehr. Was sind das aber für Funde bei ESET? Steffen |
29.09.2013, 18:30 | #10 | |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Hallo Steffen, Zitat:
Nr. 1: Eine Adware, die aber (wie du am Pfad erkennst) bereits vom AdwCleaner entfernt wurde und jetzt nur noch in dessen Quarantäne liegt. Nr. 2: Das unter anderem für die IP-Blocks von MBAM verantwortliche File, welches ich aber im Schritt zuvor mit dem FRST-Fix gelöscht hab und jetzt noch in der FRST-Quarantäne liegt. Nr. 3: Ein alter Exploit im Java-Cache (inaktiv) Nr. 4: Ein Installations-Setup des VLC-Players, welches du nicht von der Orginialquelle videolan.org, sondern von einer Fakeseite wie vlc.de oder so heruntergeladen hast, und das deshalb unerwünschte Werbung enthält. Lösch das einfach und benutze in Zukunft die originale Quelle dafür. Nr. 5: Nochmals was inaktives im Java-Cache. Alle Funde bis auf Nr. 4 verschwinden jetzt aber mit den letzten Schritten eh auch noch. Schritt 1 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 40.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
29.09.2013, 19:16 | #11 |
| Windows 8: MBAM blockiert IP's 82.98.97.XXX Ich denke, dass jetzt alles passt und danke dir für deine Hilfe. Eine Spende ist unterwegs. Steffen |
29.09.2013, 19:41 | #12 |
/// TB-Ausbilder | Windows 8: MBAM blockiert IP's 82.98.97.XXX Danke für die Rückmeldung, Steffen. Und im Namen des Teams vielen Dank für die Spende! Freut mich, dass wir helfen konnten. Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Windows 8: MBAM blockiert IP's 82.98.97.XXX |
adblock, blockiert, bonjour, browser, computer, converter, farbar, farbar recovery scan tool, flash player, heuristics.shuriken, homepage, installation, java/exploit.agent.ooz, mozilla, msiinstaller, origin, plug-in, programm, pup.optional.freemium.a, pup.optional.installcore.a, security, software, svchost.exe, unlock, win32/adware.multiplug.i, win32/startpage.oph, win64/agent.bl, windows, windows xp, windowsapps |