| |
| |||||||
Log-Analyse und Auswertung: Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.01.2014, 22:25
| #1 |
| |  Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Hallo zusammen, Die Familie meiner Freundin hat Post von der Telekom bekommen. In dieser "Sicherheitswarnung zu Ihrem Internet-Zugang" heißt es, dass von ihrem Interanschluss regelmäßig SPAM-Mails verschickt werden. Auf Nachfrage beim Telekom Sicherheitsdienst heißt es, es würde sich aufgrund der ermittelten Zeiten, zu denen diese SPAM-Mails verschickt wurden, wahrscheinlich um Schädlingssoftware handeln, die eines der Systeme befallen habe , die an diesem Netzwerk sind. Daher ist eine Systemprüfung erforderlich. Ich hoffe mir kann geholfen werden. Hier beschreibe ich nun das, was ich bisher unternommen habe. Ich habe einen ersten Quickscan auf dem in Frage kommenden System mit Malwarebytes Anti Malware durchgeführt und 31 betroffene Objekte gefunden, die ich vom Programm habe entfernen lassen. Logfile Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.18.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Masha :: MARIA [Administrator] Schutz: Aktiviert 18.01.2014 18:44:30 mbam-log-2014-01-18 (18-44-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238884 Laufzeit: 4 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> 5052 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 5 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E4611216D84F06BA&affID=119557&tsp=5025) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\Masha\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Roaming\Windows Net Data (PUP.Optional.NetData.A) -> Löschen bei Neustart. Infizierte Dateien: 12 C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\Downloads\PDFCreator.exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Local\DownloadGuide\Offers\hometab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Launcher.exe (PUP.Optional.Simplytech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Roaming\Windows Net Data\well.dat (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Roaming\Windows Net Data\id.dat (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> Löschen bei Neustart. C:\Users\Masha\AppData\Roaming\Windows Net Data\uninstaller.exe (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Daraufhin war der nächste Quickscan, sowie ein Vollständiger Scan ohne Funde. Dann habe ich das Microsoft-Tool zum Entfernen bösartiger Software einen vollständigen Scan durchführen lassen - ohne Funde. Daraufhin habe ich einen vollständigen Scan mit dem EU-Cleaner von AVIRA durchgeführt. Dieser hat einen Fund gezeigt, den ich habe entfernen lassen. Logfile EU-Cleaner Code:
ATTFilter **************************************************
Zusammenfassung des Suchlaufs:
**************************************************
Zeitstempel des letzten Updates: 18.01.2014 19:09:19
Konfigurationsprofil: sysscan.avp
Plattform : Windows 8.1 Pro
Windowsversion : (plain) [6.2.9200]
build.dat : 10.0.0.64 13423 Bytes 12.09.2013 08:06:00
Version der lokalen Installation:
build.dat : 14.0.2.286 55547 Bytes 09.12.2013 11:37:00
Beginn des Suchlaufs: Samstag, 18. Januar 2014 22:54
8158303d922b8bccba60da44ec992d562e94240cfcfee4e17f3f5c78657b5cb2
[FUND] Enthält Erkennungsmuster der Anwendung APPL/Downloader.Gen
Ende des Suchlaufs: Sonntag, 19. Januar 2014 00:02
Benötigte Zeit: 45:17 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
50422 Verzeichnisse wurden überprüft
1051996 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
4208 Dateien konnten nicht durchsucht werden
1047787 Dateien ohne Befall
18507 Archive wurden durchsucht
4208 Warnungen
1 Hinweise
Dann ein Scan mit ADWCleaner , der folgendes Ergebnis ausspuckte-Ich habe hier noch nichts entfernen lassen, weil ich zu diesem Zeitpunkt entschlossen habe, hier nach HIlfe zu fragen - was ich wohl besser gleich hätte tun sollen. Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 19/01/2014 um 21:17:48
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : Masha - MARIA
# Gestartet von : C:\Users\Masha\Downloads\adwcleaner_3.017.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\user.js
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden C:\Program Files (x86)\myfree codec
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\DSearchLink
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\SoftwareUpdater
Ordner Gefunden C:\Users\Masha\AppData\Local\DownloadGuide
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\e2d8d8b169b913
Schlüssel Gefunden : HKLM\Software\FLEXnet
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q=%s
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("extensions.crossrider.bic", "1418426e520fe13fda793a347eafdda8");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "e4615eeb0000000000001216d84f06ba");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15982");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.618:24:06");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=5025");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gefunden : user_pref("iminent.LayoutId", "1");
Zeile gefunden : user_pref("iminent.version", "7.36.1.1");
Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1380903871029,\"InstallEvent\":\"True\"}");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=");
[ Datei : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=");
*************************
AdwCleaner[R0].txt - [16810 octets] - [19/01/2014 21:17:48]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16871 octets] ##########
Daher habe ich nun die Schritte, die im Thread für alle Hilfesuchenden hier im Board beschrieben sind, durchgeführt. defogger und frst funktionierten ohne Probleme. Bei GMER bekam ich sowohl beim Start des Programms, als auch während des Scans 2 Fehlermeldungen: "C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." "C:Users\Masha\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." Trotzdem konnte ich erfolgreich ein logfile speichern. defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:31 on 19/01/2014 (Masha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Masha (administrator) on MARIA on 19-01-2014 21:34:15
Running from C:\Users\Masha\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung)
HKCU\...\Run: [Sony Ericsson PC Suite] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [434176 2009-11-20] (Sony Ericsson Mobile Communications AB)
Startup: C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/10
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E4611216D84F06BA&affID=119557&tsp=5025
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default
FF user.js: detected! => C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\user.js
FF NewTab: about:home
FF SearchEngineOrder.1: Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Masha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: pricealarm - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-10-04]
FF Extension: Adblock Plus - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-05]
FF Extension: Download Manager Tweak - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-04-05]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
U2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
U2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
U3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-04] (soft Xpansion)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
U3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
U3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
U3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
U3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
U3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
U3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
U3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-19 21:34 - 2014-01-19 21:34 - 00027974 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:33 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-19 21:32 - 02076672 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:17 - 2014-01-19 21:18 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:22 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:35 - 2014-01-19 15:37 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 15:00 - 2014-01-19 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:00 - 2013-11-24 14:05 - 00002172 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 19:51 - 2014-01-19 18:17 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:33 - 2014-01-18 18:34 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 12:01 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 12:01 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 12:01 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 12:01 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 12:01 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 15:03 - 2013-12-22 15:03 - 00903830 _____ C:\Users\Masha\Downloads\walnut2_for_thunderbird-2.0.21-tb.xpi
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Thunderbird
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Local\Thunderbird
2013-12-22 14:01 - 2013-12-22 14:01 - 21981704 _____ (Mozilla) C:\Users\Masha\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-22 14:01 - 2013-12-22 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-21 13:28 - 2013-12-21 13:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-21 12:58 - 2013-12-21 13:26 - 00000000 ____D C:\Users\Masha\Documents\Arina
2013-12-21 12:42 - 2013-12-21 12:42 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-21 12:02 - 2013-12-21 12:02 - 19159080 _____ (Sony Ericsson ) C:\Users\Masha\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU.exe
==================== One Month Modified Files and Folders =======
2014-01-19 21:34 - 2014-01-19 21:34 - 00027974 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:33 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-19 21:32 - 02076672 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:32 - 2013-11-24 14:09 - 00000000 ____D C:\Users\Masha\AppData\Roaming\ClassicShell
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:31 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Masha
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:28 - 2013-03-23 14:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-19 21:18 - 2014-01-19 21:17 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-19 20:27 - 2013-11-24 13:23 - 01254792 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-19 18:25 - 2013-03-22 18:21 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-19 18:24 - 2013-03-22 18:21 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-19 18:21 - 2013-09-30 05:14 - 01984420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-19 18:21 - 2013-09-30 04:56 - 00843606 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-19 18:21 - 2013-09-30 04:56 - 00192300 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 18:18 - 2013-03-23 14:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-19 18:17 - 2014-01-18 19:51 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-19 18:16 - 2012-11-22 13:18 - 00000000 ____D C:\ProgramData\PDFC
2014-01-19 18:15 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-19 18:15 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:37 - 2014-01-19 15:35 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:27 - 2014-01-19 15:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:27 - 2013-03-22 18:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-1002
2014-01-19 15:22 - 2012-12-05 02:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-500
2014-01-19 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 14:58 - 2013-11-24 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 14:57 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Administrator
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 14:37 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Winamp
2014-01-19 14:36 - 2013-11-24 13:15 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 14:36 - 2013-03-22 20:04 - 00000000 ____D C:\Users\Masha\AppData\Local\CrashDumps
2014-01-19 08:38 - 2014-01-19 18:22 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 20:01 - 2013-11-12 22:08 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMasha
2014-01-18 20:01 - 2013-11-12 22:08 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 18:51 - 2013-10-04 17:23 - 00000000 ____D C:\ProgramData\DSearchLink
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2014-01-18 18:33 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 18:34 - 2013-10-05 12:11 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 18:34 - 2013-07-10 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 12:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 12:14 - 2013-08-14 16:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 11:54 - 2013-03-22 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 20:52 - 2013-03-26 18:07 - 00000000 ____D C:\Users\Masha\AppData\Roaming\vlc
2014-01-16 19:08 - 2013-03-31 13:53 - 00000000 ____D C:\Users\Masha\Documents\Haus
2014-01-16 19:02 - 2013-04-09 18:37 - 00000000 ____D C:\Users\Masha\Documents\Papa
2014-01-15 18:38 - 2013-04-25 19:08 - 00000000 ____D C:\Users\Masha\Documents\Telekom
2014-01-07 17:20 - 2013-04-11 11:23 - 00000000 ____D C:\Users\Masha\Documents\Toyota
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 16:20 - 2013-03-22 20:03 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-24 15:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 15:03 - 2013-12-22 15:03 - 00903830 _____ C:\Users\Masha\Downloads\walnut2_for_thunderbird-2.0.21-tb.xpi
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Thunderbird
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Local\Thunderbird
2013-12-22 14:01 - 2013-12-22 14:01 - 21981704 _____ (Mozilla) C:\Users\Masha\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-22 14:01 - 2013-12-22 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-21 13:28 - 2013-12-21 13:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-21 13:27 - 2013-05-19 22:45 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Samsung
2013-12-21 13:26 - 2013-12-21 12:58 - 00000000 ____D C:\Users\Masha\Documents\Arina
2013-12-21 12:50 - 2013-05-19 18:01 - 00000000 ____D C:\Users\Masha\AppData\Roaming\MyPhoneExplorer
2013-12-21 12:42 - 2013-12-21 12:42 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-21 12:42 - 2013-05-19 18:07 - 00000000 ____D C:\Users\Masha\AppData\Local\Sony Ericsson
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-21 12:02 - 2013-12-21 12:02 - 19159080 _____ (Sony Ericsson ) C:\Users\Masha\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU.exe
Files to move or delete:
====================
C:\ProgramData\hpeF355.dll
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 18:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Masha at 2014-01-19 21:34:48
Running from C:\Users\Masha\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20806 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.01 - Piriform)
Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Classic Shell (Version: 4.0.2 - IvoSoft)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.45 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.63 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.65 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.0.0.41 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.1924 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1924 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2006 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2006 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4330 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4330 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 4.1.1.3231 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 4.1.1.3231 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
ElsterFormular (x32 Version: 14.1.20130301 - Landesfinanzdirektion Thüringen)
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Evernote v. 4.5.7 (x32 Version: 4.5.7.7146 - Evernote Corp.)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (x32 Version: 1.0 - Freemium)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 5.1.5.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8 (x32 Version: 1.0.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (x32 Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SoftPaq Download Manager (x32 Version: 3.4.6.0 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.6.8.1 - Hewlett-Packard Company)
HP Software Setup (x32 Version: 8.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.33.6 - Hewlett-Packard Company)
HP System Default Settings (x32 Version: 1.0.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (x32 Version: 1.0.5.1 - Hewlett-Packard Company)
HxD Hex Editor Version 1.7.7.0 (x32 Version: 1.7.7.0 - Maël Hörz)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
IDT Audio (x32 Version: 1.0.6428.0 - IDT)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.6.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.72.4 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MyFreeCodec (HKCU Version: - )
MyPhoneExplorer (x32 Version: 1.8.4 - F.J. Wechselberger)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PDF Complete Corporate Edition (x32 Version: 4.1.8 - PDF Complete, Inc)
PSPPContent (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 8.2.612.2012 - Realtek)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scan2PDF 1.6 (x32 Version: - Koma-Code)
Self-Service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Setup (x32 Version: 15.1.0.10 - Ihr Firmenname) Hidden
Snagit 11 (x32 Version: 11.1.0 - TechSmith Corporation)
Sony Ericsson PC Companion 1.50.52 (x32 Version: 1.50.52 - Sony Ericsson)
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00 - Sony Ericsson)
SopCast 3.8.2 (x32 Version: 3.8.2 - www.sopcast.com)
Synaptics Pointing Device Driver (Version: 17.0.18.8 - Synaptics Incorporated)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Winamp (x32 Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2012-07-26 06:26 - 2013-04-05 18:00 - 00002685 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ntrack.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de
127.0.0.1 3dns-3.adobe.de
127.0.0.1 3dns-2.adobe.de
127.0.0.1 adobe-dns.adobe.de
127.0.0.1 adobe-dns-2.adobe.de
127.0.0.1 adobe-dns-3.adobe.de
127.0.0.1 ereg.wip3.adobe.de
127.0.0.1 activate-sea.adobe.de
127.0.0.1 wwis-dubc1-vip60.adobe.de
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 hl2rcv.adobe.de
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0574DF83-EA43-4D11-B8D8-C33A6E108297} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {699D6184-2724-4690-997B-B8DD57639910} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8380BF14-7A22-4D1B-82A9-D8ED8949D416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B4CBD429-23BD-42A1-B9C1-D96D7B9DB662} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {C3C9FB52-0924-4B00-817E-0F6AAEFD9562} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {CD99ECA0-B3D2-4795-A714-262924954240} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D349032C-454F-481B-8FD3-EB8ED44C19DE} - System32\Tasks\HPCeeScheduleForMasha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E02AB770-D8B9-4278-A414-A32AB0B4452D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA8B081F-A215-418F-8A08-81FD2E960C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F0BB1A7F-77EE-4F75-8368-9CFAF4AD3662} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-22 18:31 - 2013-03-22 18:24 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-05-19 18:10 - 2008-11-07 14:05 - 00196608 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Report.dll
2013-05-19 18:10 - 2009-06-03 16:25 - 00053248 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VObject.dll
2013-05-19 18:10 - 2009-04-01 07:33 - 00106496 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CalEngine.dll
2013-05-19 18:10 - 2009-06-16 16:10 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Contacts.dll
2013-05-19 18:10 - 2009-07-29 10:43 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdLNote.dll
2013-05-19 18:10 - 2009-04-28 10:17 - 00208896 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdOutlook.dll
2013-05-19 18:10 - 2009-10-13 08:45 - 00225280 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VistaCalendar.dll
2013-05-19 18:10 - 2009-06-24 14:48 - 00282624 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MESSAGING.dll
2013-05-19 18:10 - 2009-11-17 13:03 - 00745472 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MmsKrnl.dll
2013-05-19 18:10 - 2009-03-26 14:41 - 00315392 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MelodyEdit.dll
2013-05-19 18:10 - 2009-10-05 15:54 - 00200704 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\LogoEdit.dll
2013-05-19 18:10 - 2009-11-20 13:45 - 00294912 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Calendar.dll
2013-11-26 20:19 - 2013-11-26 20:19 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d049e76c122ba0adf500e5c72bc3c8bf\PSIClient.ni.dll
2012-12-05 02:49 - 2012-07-18 07:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: AMD Radeon Hybrid (Blocked)
Description: AMD Radeon Hybrid (Blocked)
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8072.21 MB
Available physical RAM: 6022.39 MB
Total Pagefile: 9352.21 MB
Available Pagefile: 7028.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:681.23 GB) (Free:554.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:13.86 GB) (Free:2.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-19 21:39:56
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD7500BPKT-60PK4T0 rev.01.01A01 698,64GB
Running: yy5ueqol.exe; Driver: C:\Users\Masha\AppData\Local\Temp\uxldypod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600006c700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600006c710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\vcsFPService.exe[1984] C:\Windows\system32\WSOCK32.dll!setsockopt + 194 00007ffda3d91f6a 4 bytes [D9, A3, FD, 7F]
.text C:\Windows\system32\vcsFPService.exe[1984] C:\Windows\system32\WSOCK32.dll!setsockopt + 218 00007ffda3d91f82 4 bytes [D9, A3, FD, 7F]
.text C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffdad381832 4 bytes [38, AD, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [584:608] fffff960009cb4d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
20.01.2014, 08:19
| #2 |
| /// the machine /// TB-Ausbilder    | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
20.01.2014, 19:25
| #3 |
| | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Danke erstmal,
__________________Anweisungen ausgeführt. Ergebnis des Scans mit Malwarebytes Anti Rootkit: "Scan Finished: No Malware Found" mbar-log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.20.06
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Masha :: MARIA [administrator]
20.01.2014 18:57:45
mbar-log-2014-01-20 (18-57-45).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 263220
Time elapsed: 12 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
21.01.2014, 11:02
| #4 |
| /// the machine /// TB-Ausbilder | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Mit AdwCleaner alles löschen lassen, dann: ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.01.2014, 17:26
| #5 |
| | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Nun, sieht nicht mehr nach Problemen aus. Obwohl man davon ja vorher auch nichts gemerkt hat. Nur die Telekom war knatschig. Vielen lieben Dank schonmal für die tolle Hilfe. Sieht denn soweit alles sauber aus?? hier das ESET log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b84fc1c70c1bd488997d2af77b8fd9f
# engine=16736
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 07:20:28
# local_time=2014-01-21 08:20:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 12700 26362665 5455 0
# compatibility_mode=5893 16776573 100 94 8881 13165730 0 0
# scanned=266461
# found=0
# cleaned=0
# scan_time=8273
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.43 Mozilla Firefox (26.0) Mozilla Thunderbird (24.2.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by Masha (administrator) on MARIA on 22-01-2014 17:19:07
Running from C:\Users\Masha\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung)
HKCU\...\Run: [Sony Ericsson PC Suite] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [434176 2009-11-20] (Sony Ericsson Mobile Communications AB)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/10
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default
FF NewTab: about:home
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Masha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-05]
FF Extension: Download Manager Tweak - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
U2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
U2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
U3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-04] (soft Xpansion)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
U3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
U3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
U3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
U3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
U3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
U3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
U3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D C:\Users\Masha\Desktop\FRST-OlderVersion
2014-01-22 17:17 - 2014-01-22 17:17 - 00000924 _____ C:\Users\Masha\Desktop\checkup.txt
2014-01-21 17:59 - 2014-01-21 17:59 - 00987425 _____ C:\Users\Masha\Desktop\SecurityCheck.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 02347384 _____ (ESET) C:\Users\Masha\Desktop\esetsmartinstaller_enu.exe
2014-01-21 17:56 - 2014-01-21 17:56 - 00016360 _____ C:\Users\Masha\Desktop\AdwCleaner[S0].txt
2014-01-20 18:57 - 2014-01-20 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 18:57 - 2014-01-20 18:57 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 18:56 - 2014-01-20 19:23 - 00000000 ____D C:\Users\Masha\Desktop\mbar
2014-01-20 18:56 - 2014-01-20 18:56 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-20 18:53 - 2014-01-20 18:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Masha\Desktop\mbar-1.07.0.1008.exe
2014-01-19 21:45 - 2014-01-19 21:30 - 00017168 _____ C:\Users\Masha\Desktop\AdwCleaner[R0].txt
2014-01-19 21:39 - 2014-01-19 21:39 - 00004654 _____ C:\Users\Masha\Desktop\gmer.log
2014-01-19 21:34 - 2014-01-22 17:19 - 00025884 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:34 - 2014-01-19 21:35 - 00028639 _____ C:\Users\Masha\Desktop\Addition.txt
2014-01-19 21:33 - 2014-01-22 17:18 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-22 17:18 - 02077184 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:17 - 2014-01-21 17:54 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:22 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:35 - 2014-01-19 15:37 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 15:00 - 2014-01-19 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:00 - 2013-11-24 14:05 - 00002172 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 19:51 - 2014-01-19 18:17 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:33 - 2014-01-18 18:34 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 12:01 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 12:01 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 12:01 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 12:01 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 12:01 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-22 17:19 - 2014-01-19 21:34 - 00025884 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D C:\Users\Masha\Desktop\FRST-OlderVersion
2014-01-22 17:18 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-22 17:18 - 2014-01-19 21:32 - 02077184 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-22 17:17 - 2014-01-22 17:17 - 00000924 _____ C:\Users\Masha\Desktop\checkup.txt
2014-01-22 17:14 - 2013-11-24 14:09 - 00000000 ____D C:\Users\Masha\AppData\Roaming\ClassicShell
2014-01-22 17:09 - 2013-09-30 05:14 - 01984420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 17:09 - 2013-09-30 04:56 - 00843606 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 17:09 - 2013-09-30 04:56 - 00192300 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 17:06 - 2012-11-22 13:18 - 00000000 ____D C:\ProgramData\PDFC
2014-01-22 17:05 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 20:28 - 2013-03-23 14:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-21 20:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-21 19:03 - 2013-11-24 13:23 - 01550927 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 17:59 - 2014-01-21 17:59 - 00987425 _____ C:\Users\Masha\Desktop\SecurityCheck.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 02347384 _____ (ESET) C:\Users\Masha\Desktop\esetsmartinstaller_enu.exe
2014-01-21 17:56 - 2014-01-21 17:56 - 00016360 _____ C:\Users\Masha\Desktop\AdwCleaner[S0].txt
2014-01-21 17:54 - 2014-01-19 21:17 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:54 - 2013-03-22 17:58 - 00000000 ___RD C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 17:52 - 2013-03-22 18:21 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-21 17:51 - 2013-03-22 18:21 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-20 19:23 - 2014-01-20 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 19:23 - 2014-01-20 18:56 - 00000000 ____D C:\Users\Masha\Desktop\mbar
2014-01-20 18:57 - 2014-01-20 18:57 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 18:56 - 2014-01-20 18:56 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-20 18:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-20 18:53 - 2014-01-20 18:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Masha\Desktop\mbar-1.07.0.1008.exe
2014-01-19 21:40 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 21:39 - 2014-01-19 21:39 - 00004654 _____ C:\Users\Masha\Desktop\gmer.log
2014-01-19 21:35 - 2014-01-19 21:34 - 00028639 _____ C:\Users\Masha\Desktop\Addition.txt
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:31 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Masha
2014-01-19 21:30 - 2014-01-19 21:45 - 00017168 _____ C:\Users\Masha\Desktop\AdwCleaner[R0].txt
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 18:18 - 2013-03-23 14:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-19 18:17 - 2014-01-18 19:51 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:37 - 2014-01-19 15:35 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:27 - 2014-01-19 15:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:27 - 2013-03-22 18:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-1002
2014-01-19 15:22 - 2012-12-05 02:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-500
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 14:58 - 2013-11-24 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 14:57 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Administrator
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 14:37 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Winamp
2014-01-19 14:36 - 2013-11-24 13:15 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 14:36 - 2013-03-22 20:04 - 00000000 ____D C:\Users\Masha\AppData\Local\CrashDumps
2014-01-19 08:38 - 2014-01-19 18:22 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 20:01 - 2013-11-12 22:08 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMasha
2014-01-18 20:01 - 2013-11-12 22:08 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2014-01-18 18:33 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 18:34 - 2013-10-05 12:11 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 18:34 - 2013-07-10 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 12:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 12:14 - 2013-08-14 16:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 11:54 - 2013-03-22 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 20:52 - 2013-03-26 18:07 - 00000000 ____D C:\Users\Masha\AppData\Roaming\vlc
2014-01-16 19:08 - 2013-03-31 13:53 - 00000000 ____D C:\Users\Masha\Documents\Haus
2014-01-16 19:02 - 2013-04-09 18:37 - 00000000 ____D C:\Users\Masha\Documents\Papa
2014-01-15 18:38 - 2013-04-25 19:08 - 00000000 ____D C:\Users\Masha\Documents\Telekom
2014-01-07 17:20 - 2013-04-11 11:23 - 00000000 ____D C:\Users\Masha\Documents\Toyota
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 16:20 - 2013-03-22 20:03 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-24 15:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\ProgramData\hpeF355.dll
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-21 18:13
==================== End Of Log ============================
--- --- --- |
|
23.01.2014, 10:56
| #6 |
| /// the machine /// TB-Ausbilder | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich |
|
24.01.2014, 18:42
| #7 |
| | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Denke, hier sind vorerst keine Fragen mehr offen. Problem scheint gelöst. Danke. |
|
25.01.2014, 13:11
| #8 |
| /// the machine /// TB-Ausbilder | Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich |
| adblock, amd radeon, appdatalow, appl/downloader.gen, bonjour, branding, device driver, entfernen, eu-cleaner, flash player, freemium, hijack.searchpage, netzwerk, pup.optional.babylon.a, pup.optional.crossrider, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.firseria, pup.optional.hometab.a, pup.optional.iminent.a, pup.optional.netdata.a, pup.optional.opencandy, pup.optional.simplytech, pup.optional.startpage, registrierungsdatenbank, required, riskware.tool.ck, rundll, schädliche software, schädlingssoftware, services.exe, spam-emails, updates, win32k.sys |
Linear-Darstellung
