| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.01.2014, 16:31
| #1 |
 |  Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt An meinen PC wurde ein Stick per USB angeschlossen, und als dieser an einem anderen Stick wieder verwendet wurde, waren alle Dateien in Verknüpfungen umgewandelt und unbrauchbar. defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:50 on 30/01/2014 (Kerstin Stangl) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-01-30 16:19:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\KERSTI~1\AppData\Local\Temp\ugldrkob.sys
---- Threads - GMER 2.1 ----
Thread [4620:4516] 0000000077067151
Thread [4620:4716] 0000000077063e85
Thread [4620:4724] 0000000077062e65
Thread [4620:4732] 0000000077063e85
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-01-30 16:19:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\KERSTI~1\AppData\Local\Temp\ugldrkob.sys
---- Threads - GMER 2.1 ----
Thread [4620:4516] 0000000077067151
Thread [4620:4716] 0000000077063e85
Thread [4620:4724] 0000000077062e65
Thread [4620:4732] 0000000077063e85
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
alwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Kerstin Stangl :: KERSTINSTANGL [Administrator] Schutz: Aktiviert 25.01.2014 13:39:28 mbam-log-2014-01-25 (13-39-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 600040 Laufzeit: 2 Stunde(n), 33 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 129 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt. HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3COMClassService (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CredentialDialogMachine (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoCreateAsync (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebMachineFallback (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoreMachineClass.1 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoreMachineClass (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.ProcessLauncher (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLive.OneClickCtrl.9 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLive.Update3WebControl.3 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLive.OneClickProcessLauncherMachine (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoreClass.1 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.CoreClass (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebSvc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\DealPlyLiveUpdate.Update3WebMachine (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\d (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealply (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\AppID\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\AppDataLow\Software\PricePeep (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\dealplylivem (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\dealplylive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEALPLYLIVE.EXE (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PricePeep.PricePeepBho.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PricePeep.PricePeepBho (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 10 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Daten: cand -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=8CC9685D430E1478&affID=124687&tsp=5001 -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {4D915D82-6BD6-4207-A6EE-F303328AF954} -> Keine Aktion durchgeführt. HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Daten: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Keine Aktion durchgeführt. HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Daten: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=8CC9685D430E1478&affID=124687&tsp=5001 -> Keine Aktion durchgeführt. HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Daten: C:\Program Files (x86)\DealPly\DealPly.crx -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 29 C:\Program Files (x86)\DealPly (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0 (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\Download (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\Install (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\Offline (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\Offline\{F66EB953-21CB-4BDD-A7D6-3A67CAC53543} (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\81654696C0504DA28BF00B7CE442A65C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\A6D08C7C4F194A2084BDD82948476CE5 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\A86FF5CBF1294CBC9B447DD89B1292D5 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PricePeep (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 144 C:\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PricePeep\pricepeep.dll (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (PUP.Optional.Dealply) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe (PUP.Optional.Dealply) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZCENGP7\wajam_install[1].exe (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGX916I2\pack[1].7z (PUP.Optional.Mediasoft) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGX916I2\stubinst_pkg_de[1].cab (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SR8MQVEH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\B8E3.tmp (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\BE5F.tmp (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\pricepeep_130001_0101.exe (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\setup_fsu_cid.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\wajam_download.exe (PUP.Optional.Wajam) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\bus2AA8\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\bus9462\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\bus9A7B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\bus9FD7\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busA256\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busA39E\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busA40B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busA90A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busAF90\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busB1F0\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busB4EC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busB74D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busB9DC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busBC9A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busC908\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\busD70C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Temp\C2E1103C-BAB0-7891-BC9A-5BD4CC21B203\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\A6D08C7C4F194A2084BDD82948476CE5\dp.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\Downloads\Free31213YouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\Downloads\Groovestream(1).exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\Downloads\Groovestream.exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\DealPlyIE64.dll (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\icon.ico (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPly\uninst.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\81654696C0504DA28BF00B7CE442A65C\SnapDo_RBCB_p3v9.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\OpenCandy\A86FF5CBF1294CBC9B447DD89B1292D5\TuneUpUtilities2013-2200217_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Kerstin Stangl\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Löschen bei Neustart. C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kerstin Stangl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZCENGP7\pack[1].7z (Rogue.InternetSecurityEssentials) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2014-01-03 22:18 - 2013-12-13 16:25 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Roaming\Real Files to move or delete: ==================== C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs Some content of TEMP: ==================== C:\Users\Kerstin Stangl\AppData\Local\Temp\avgnt.exe C:\Users\Kerstin Stangl\AppData\Local\Temp\COMAP.EXE C:\Users\Kerstin Stangl\AppData\Local\Temp\MSETUP4.EXE C:\Users\Kerstin Stangl\AppData\Local\Temp\ose00000.exe C:\Users\Kerstin Stangl\AppData\Local\Temp\ose00001.exe C:\Users\Kerstin Stangl\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 10:10 ==================== End Of Log ============================ |
|
30.01.2014, 16:41
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Hi,
__________________FRST Logs sind unvollständig. Außerdem siehst so aus, als hättest du die Funde mit MBAM nicht entfernt. Die Logs bitte immer in CODE-Tags posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
30.01.2014, 19:47
| #3 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Hallo,
__________________tut mir leid, da ist mir wohl leider ein Fehler unterlaufen! Ich hoffe jetzt ist alles richtig gepostet! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:55 on 30/01/2014 (Kerstin Stangl)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Kerstin Stangl (administrator) on KERSTINSTANGL on 30-01-2014 18:57:19
Running from C:\Users\Kerstin Stangl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AWIN-Software) C:\NotenBox 7\Notenbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-04-01] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKCU\...\Run: [Enhance views Hack Tool] - C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs [1161270 2013-10-29] () <===== ATTENTION
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => File Not Found
Startup: C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8CC9685D430E1478&affID=124687&tsp=5001
SearchScopes: HKCU - {29B1946A-6844-42BE-80E9-ACACA19E9584} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c52fb0ed-d0bc-41d1-a2a6-20c05a91b583&apn_sauid=2199C088-8CDD-49C8-A04A-CCE24731CC29
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-13]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=8CC9685D430E1478&affID=124687&tsp=5001
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=8CC9685D430E1478&affID=124687&tsp=5001"
CHR Extension: (Avira Toolbar) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google-Suche) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (DealPly Shopping) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-10-10]
CHR Extension: (Delta Toolbar) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-12-16]
CHR Extension: (RealDownloader) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-16]
CHR Extension: (PricePeep) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb [2013-09-10]
CHR Extension: (Google Wallet) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Google Mail) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Kerstin Stangl\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-04-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S2 STEC3; C:\Windows\SysWOW64\STEC3.sys [2368 2013-09-09] (AntiCracking)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-30 16:19 - 2014-01-30 16:19 - 00000624 _____ C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:54 - 2014-01-30 15:55 - 00035204 _____ C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-01-30 18:57 - 00021177 _____ C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-01-30 15:53 - 2014-01-30 18:57 - 00000000 ____D C:\FRST
2014-01-30 15:52 - 2014-01-30 15:53 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:51 - 2014-01-30 15:53 - 02079744 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:47 - 2014-01-30 18:55 - 00000490 _____ C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-25 13:19 - 2014-01-25 13:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:09 - 2014-01-23 16:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:14 - 2014-01-20 17:15 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{61BAFE7C-3EFB-45BC-B2E3-6EA336DA23CF}
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-16 13:50 - 2014-01-16 13:50 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{47C6B1B0-D6DE-467F-8E6E-E2E73D0A89A3}
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-15 14:54 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:54 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:54 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 17:43 - 2014-01-17 14:32 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-04 10:42 - 2014-01-04 10:42 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{E348B370-A874-434C-AB15-46FA3AE2473D}
2014-01-03 22:42 - 2014-01-03 22:42 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{7F9A25D0-9091-49AF-ACB3-E8B48133E1B0}
==================== One Month Modified Files and Folders =======
2014-01-30 18:57 - 2014-01-30 15:53 - 00021177 _____ C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-01-30 18:57 - 2014-01-30 15:53 - 00000000 ____D C:\FRST
2014-01-30 18:55 - 2014-01-30 15:47 - 00000490 _____ C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 18:42 - 2013-08-21 11:20 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 18:32 - 2013-05-02 07:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 18:15 - 2009-07-14 05:45 - 00017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:15 - 2009-07-14 05:45 - 00017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:12 - 2012-02-21 19:50 - 00654400 _____ C:\Windows\system32\perfh007.dat
2014-01-30 18:12 - 2012-02-21 19:50 - 00130240 _____ C:\Windows\system32\perfc007.dat
2014-01-30 18:12 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:08 - 2013-04-21 12:19 - 00000000 ____D C:\Users\Kerstin Stangl\Documents\Youcam
2014-01-30 18:07 - 2013-08-21 11:20 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 18:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 18:06 - 2009-07-14 05:51 - 00061320 _____ C:\Windows\setupact.log
2014-01-30 16:45 - 2013-04-21 11:58 - 01358181 _____ C:\Windows\WindowsUpdate.log
2014-01-30 16:19 - 2014-01-30 16:19 - 00000624 _____ C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 16:12 - 2013-12-17 17:13 - 00000000 ____D C:\Windows\Minidump
2014-01-30 16:11 - 2013-12-17 17:12 - 677406615 _____ C:\Windows\MEMORY.DMP
2014-01-30 16:07 - 2013-10-10 13:07 - 00000314 _____ C:\Windows\Tasks\Dealply.job
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:55 - 2014-01-30 15:54 - 00035204 _____ C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-01-30 15:52 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:53 - 2014-01-30 15:51 - 02079744 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:48 - 2013-04-21 12:12 - 00000000 ____D C:\Users\Kerstin Stangl
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-30 12:09 - 2013-08-21 11:20 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 18:12 - 2013-12-13 16:26 - 00003368 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-28 18:12 - 2013-12-13 16:26 - 00003252 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-28 16:23 - 2013-04-21 12:46 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\DoNotTrackPlus
2014-01-25 20:13 - 2013-12-13 16:27 - 00003390 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 20:13 - 2013-12-13 16:27 - 00003274 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 20:13 - 2010-11-21 04:47 - 00093280 _____ C:\Windows\PFRO.log
2014-01-25 20:12 - 2013-09-10 10:08 - 00000000 ____D C:\ProgramData\DSearchLink
2014-01-25 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:33 - 2014-01-25 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:10 - 2014-01-23 16:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:15 - 2014-01-20 17:14 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{61BAFE7C-3EFB-45BC-B2E3-6EA336DA23CF}
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-17 14:32 - 2014-01-07 17:43 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-16 13:50 - 2014-01-16 13:50 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{47C6B1B0-D6DE-467F-8E6E-E2E73D0A89A3}
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2014-01-16 13:48 - 2013-05-14 12:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-16 13:31 - 2009-07-14 05:45 - 00410064 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:42 - 2013-08-20 17:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 18:42 - 2013-04-21 14:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 18:40 - 2012-02-21 20:44 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-14 14:07 - 2013-12-18 19:07 - 00000083 _____ C:\Users\Kerstin Stangl\AppData\Roaming\WB.CFG
2014-01-08 15:40 - 2013-04-21 13:22 - 00000000 ____D C:\Users\Kerstin Stangl\Documents\Schule
2014-01-04 10:42 - 2014-01-04 10:42 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{E348B370-A874-434C-AB15-46FA3AE2473D}
2014-01-03 22:42 - 2014-01-03 22:42 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Local\{7F9A25D0-9091-49AF-ACB3-E8B48133E1B0}
2014-01-03 22:18 - 2013-12-13 16:25 - 00000000 ____D C:\Users\Kerstin Stangl\AppData\Roaming\Real
Files to move or delete:
====================
C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs
Some content of TEMP:
====================
C:\Users\Kerstin Stangl\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin Stangl\AppData\Local\Temp\COMAP.EXE
C:\Users\Kerstin Stangl\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Kerstin Stangl\AppData\Local\Temp\ose00000.exe
C:\Users\Kerstin Stangl\AppData\Local\Temp\ose00001.exe
C:\Users\Kerstin Stangl\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 10:10
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Kerstin Stangl at 2014-01-30 15:54:21
Running from C:\Users\Kerstin Stangl\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
ALDI SÜD Mah Jong (x32 Version: - )
AMI VR-pulse OS Switcher (Version: 1.1 - American Megatrends Inc.)
Ashampoo Burning Studio (x32 Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (x32 Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (x32 Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (x32 Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ask Toolbar (x32 Version: 1.15.24.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.5.42066 - Ask.com)
AWIN NotenBox 7 (x32 Version: 7 - AWIN Software)
Canon MG5200 series Benutzerregistrierung (x32 Version: - )
Canon MG5200 series MP Drivers (Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
CD-LabelPrint (x32 Version: - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.1.2414a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.1.2414a - CyberLink Corp.) Hidden
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.) Hidden
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3621 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 9.0.0.3621 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.1402 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.1402 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (x32 Version: - Visual Tools) <==== ATTENTION
dm-Fotowelt (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11 - Dolby Laboratories Inc)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.13.925 (x32 Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (x32 Version: 3.0.12.0 - Intel Corporation)
Intel(R) Wireless Display (Version: - )
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.5.3 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20 - Oracle)
Java(TM) 7 Update 2 (x32 Version: 7.0.20 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Klett Nussknacker 3 (x32 Version: - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Mein CEWE FOTOBUCH (x32 Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
PCSUITE SHREDDER (x32 Version: - Markement GmbH)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
PHotkey (x32 Version: 1.00.0055 - Pegatron Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (Version: 16.0.0.3 - Synaptics Incorporated)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
watchmi (x32 Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
11-12-2013 19:57:07 Windows Update
16-12-2013 15:10:42 Windows Update
28-12-2013 09:35:08 Geplanter Prüfpunkt
04-01-2014 14:11:53 Geplanter Prüfpunkt
15-01-2014 17:39:45 Windows Update
23-01-2014 14:16:30 Geplanter Prüfpunkt
25-01-2014 15:41:49 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {07BD7BF3-1271-41B6-BC51-A042FE7263CD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {183F8C73-8574-4E3F-8D32-BDA5C03C02D1} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {2FB62FAB-4C1D-400C-86CB-45CA5C11483E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4B4FC734-61D4-43FF-B2A2-A0AB384DD875} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {6A87B932-A2E6-43C5-94F2-1F102E82F2F3} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {6E8AB62A-4ABB-4360-8986-1FA32F694D07} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {745B02FA-2140-4974-B19A-EB8FE30CCBB8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {80B6DAEB-4AC1-45AB-919C-E9339AD4117C} - System32\Tasks\Dealply => C:\Users\KERSTI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A372BA14-669C-400A-B346-A0F4E86DAFEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B425CCE3-5E96-4342-A826-8D787CA520F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DEAE7F32-7C0F-4EC4-89AA-134285C11D0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {F014CFC9-EC3B-40E3-BDC8-3856D8D3393F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {F49F5341-4645-461D-9AA8-451E40DE577A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-01] ()
Task: {FA49A021-71F6-4F74-B92F-AC9B379257FD} - System32\Tasks\EPUpdater => C:\Users\Kerstin Stangl\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {FB103E04-D047-4B48-BFA6-CB8796B33F0F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\KERSTI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-21 23:09 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-31 10:24 - 2012-01-31 10:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2013-04-21 12:01 - 2013-04-21 12:01 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2013-04-21 12:41 - 2013-01-25 08:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-22 17:36 - 2009-12-19 00:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-02-22 17:36 - 2009-12-19 00:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-01 12:00 - 2013-04-01 12:00 - 00597880 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll
2013-04-01 12:00 - 2013-04-01 12:00 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-08-21 12:49 - 2013-08-21 12:49 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-02-21 23:36 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-21 23:21 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2014 03:41:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 03:40:11 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/30/2014 11:13:10 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/30/2014 09:33:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 09:33:10 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/28/2014 06:12:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2014 06:12:33 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/28/2014 04:26:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/28/2014 03:08:41 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/28/2014 02:42:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/30/2014 03:40:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/30/2014 03:40:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/30/2014 03:40:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF Architect Service erreicht.
Error: (01/30/2014 09:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/30/2014 09:33:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/30/2014 09:33:08 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.
Error: (01/28/2014 06:15:01 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/28/2014 06:12:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2014 02:41:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2014 03:31:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/10/2014 05:13:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2880 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (01/06/2014 07:35:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/11/2013 06:57:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2123 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (07/30/2013 02:04:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 259 seconds with 240 seconds of active time. This session ended with a crash.
Error: (07/30/2013 02:00:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1099 seconds with 1080 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8086.47 MB
Available physical RAM: 5555.93 MB
Total Pagefile: 16171.12 MB
Available Pagefile: 13213.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:208.18 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:22.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-01-30 19:41:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\KERSTI~1\AppData\Local\Temp\ugldrkob.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1600:1604] 000000000009d227
Thread C:\Windows\SysWOW64\ntdll.dll [1600:1904] 00000000740732fb
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5696:5892] 000007fefac72a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5696:6088] 000007fee6634830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5696:3160] 000007fef64f5124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5696:6344] 000007fee65b9d90
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5696:6316] 000007fee6634830
---- EOF - GMER 2.1 ----
Ich musste dann nur auswählen ob normal starten oder abgesicherter Modus! Gruß und Vielen Dank für die Hilfe |
|
30.01.2014, 20:35
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2014, 21:39
| #5 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltCode:
ATTFilter ComboFix 14-01-29.01 - Kerstin Stangl 30.01.2014 21:21:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.5882 [GMT 1:00]
ausgeführt von:: c:\users\Kerstin Stangl\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Kerstin Stangl\AppData\Roaming\.#
c:\users\Kerstin Stangl\AppData\Roaming\.#\MBX@14E0@1E92740.###
c:\users\Kerstin Stangl\AppData\Roaming\.#\MBX@14E0@1E92770.###
c:\users\Kerstin Stangl\AppData\Roaming\.#\MBX@7A0@2012740.###
c:\users\Kerstin Stangl\AppData\Roaming\.#\MBX@7A0@2012770.###
c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
c:\windows\SysWow64\STEC3.sys
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-28 bis 2014-01-30 ))))))))))))))))))))))))))))))
.
.
2014-01-30 20:31 . 2014-01-30 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-30 14:53 . 2014-01-30 17:57 -------- d-----w- C:\FRST
2014-01-25 12:35 . 2014-01-25 12:35 -------- d-----w- c:\users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 12:34 . 2014-01-25 12:34 -------- d-----w- c:\programdata\Malwarebytes
2014-01-25 12:34 . 2014-01-25 12:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-25 12:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 12:48 . 2014-01-16 12:48 -------- d--h--w- c:\programdata\CanonIJEGV
2014-01-15 13:54 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:54 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:54 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:54 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:54 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:54 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:54 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:54 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 13:54 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 17:40 . 2012-02-21 19:44 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-17 14:43 . 2013-05-08 08:11 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 14:43 . 2013-04-21 11:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 14:43 . 2013-04-21 11:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-13 15:25 . 2012-02-22 18:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-12-13 15:25 . 2012-02-22 18:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-11 17:32 . 2013-05-02 06:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 17:32 . 2012-02-21 21:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-06 16:05 . 2013-12-06 16:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-06 16:05 . 2013-12-06 16:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-06 16:05 . 2013-12-06 16:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-06 16:05 . 2013-12-06 16:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-06 16:05 . 2013-12-06 16:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-06 16:05 . 2013-12-06 16:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-06 16:05 . 2013-12-06 16:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-06 16:05 . 2013-12-06 16:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-06 16:05 . 2013-12-06 16:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-06 16:05 . 2013-12-06 16:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-06 16:05 . 2013-12-06 16:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-06 16:05 . 2013-12-06 16:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-06 16:05 . 2013-12-06 16:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-06 16:05 . 2013-12-06 16:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-06 16:05 . 2013-12-06 16:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-06 16:05 . 2013-12-06 16:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-06 16:05 . 2013-12-06 16:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-06 16:05 . 2013-12-06 16:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-06 16:05 . 2013-12-06 16:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-06 16:05 . 2013-12-06 16:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-06 16:05 . 2013-12-06 16:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-06 16:05 . 2013-12-06 16:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-06 16:05 . 2013-12-06 16:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-06 16:05 . 2013-12-06 16:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-06 16:05 . 2013-12-06 16:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-06 16:05 . 2013-12-06 16:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-06 16:05 . 2013-12-06 16:05 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-06 16:05 . 2013-12-06 16:05 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-06 16:05 . 2013-12-06 16:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-06 16:05 . 2013-12-06 16:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-06 16:05 . 2013-12-06 16:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-06 16:05 . 2013-12-06 16:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-06 16:05 . 2013-12-06 16:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-06 16:05 . 2013-12-06 16:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-06 16:05 . 2013-12-06 16:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-06 16:05 . 2013-12-06 16:05 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-06 16:05 . 2013-12-06 16:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-06 16:05 . 2013-12-06 16:05 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-06 16:05 . 2013-12-06 16:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-06 16:05 . 2013-12-06 16:05 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-06 16:05 . 2013-12-06 16:05 413696 ----a-w- c:\windows\system32\html.iec
2013-12-06 16:05 . 2013-12-06 16:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-06 16:05 . 2013-12-06 16:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-06 16:05 . 2013-12-06 16:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-06 16:05 . 2013-12-06 16:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-06 16:05 . 2013-12-06 16:05 235520 ----a-w- c:\windows\system32\url.dll
2013-12-06 16:05 . 2013-12-06 16:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-06 16:05 . 2013-12-06 16:05 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-06 16:05 . 2013-12-06 16:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-06 16:05 . 2013-12-06 16:05 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-06 16:05 . 2013-12-06 16:05 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-06 16:05 . 2013-12-06 16:05 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-06 16:05 . 2013-12-06 16:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-06 16:05 . 2013-12-06 16:05 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-06 16:05 . 2013-12-06 16:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-06 16:05 . 2013-12-06 16:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-11 19:58 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 19:58 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 19:58 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 19:58 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 19:58 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 19:58 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 19:58 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 19:58 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 19:58 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 19:58 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 19:58 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 19:58 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 19:58 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 19:58 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 19:58 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 19:58 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 19:58 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 19:58 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 19:58 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 19:58 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 19:58 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 19:58 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 19:58 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 19:58 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:10 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:10 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-11 14:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-01 10:59 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-21 39408]
"Enhance views Hack Tool"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-01 1646216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-12-13 295512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Enhance views Hack Tool.vbs [2013-10-29 1161270]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-30 11:08 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 17:32]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 10:19]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 10:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_’\00\00’\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~’\00\00’\00\00\00\00’\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-30 21:35:02
ComboFix-quarantined-files.txt 2014-01-30 20:35
.
Vor Suchlauf: 10 Verzeichnis(se), 224.976.785.408 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 225.676.853.248 Bytes frei
.
- - End Of File - - 953AD91E74DF0CF6175FA3EDF9D42873
|
|
30.01.2014, 22:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Combofix-Skript
__________________ --> Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt |
|
01.02.2014, 14:44
| #7 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltCode:
ATTFilter ComboFix 14-02-01.01 - Kerstin Stangl 01.02.2014 14:29:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.6018 [GMT 1:00]
ausgeführt von:: c:\users\Kerstin Stangl\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kerstin Stangl\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-01 bis 2014-02-01 ))))))))))))))))))))))))))))))
.
.
2014-02-01 13:37 . 2014-02-01 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-31 11:37 . 2014-01-31 11:37 -------- d-----w- c:\windows\Migration
2014-01-30 14:53 . 2014-01-30 17:57 -------- d-----w- C:\FRST
2014-01-25 12:35 . 2014-01-25 12:35 -------- d-----w- c:\users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 12:34 . 2014-01-25 12:34 -------- d-----w- c:\programdata\Malwarebytes
2014-01-25 12:34 . 2014-01-25 12:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-25 12:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 12:48 . 2014-01-16 12:48 -------- d--h--w- c:\programdata\CanonIJEGV
2014-01-15 13:54 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:54 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:54 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:54 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:54 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:54 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:54 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:54 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 13:54 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 17:40 . 2012-02-21 19:44 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-17 14:43 . 2013-05-08 08:11 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 14:43 . 2013-04-21 11:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 14:43 . 2013-04-21 11:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-13 15:25 . 2012-02-22 18:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-12-13 15:25 . 2012-02-22 18:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-11 17:32 . 2013-05-02 06:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 17:32 . 2012-02-21 21:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-06 16:05 . 2013-12-06 16:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-06 16:05 . 2013-12-06 16:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-06 16:05 . 2013-12-06 16:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-06 16:05 . 2013-12-06 16:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-06 16:05 . 2013-12-06 16:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-06 16:05 . 2013-12-06 16:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-06 16:05 . 2013-12-06 16:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-06 16:05 . 2013-12-06 16:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-06 16:05 . 2013-12-06 16:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-06 16:05 . 2013-12-06 16:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-06 16:05 . 2013-12-06 16:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-06 16:05 . 2013-12-06 16:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-06 16:05 . 2013-12-06 16:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-06 16:05 . 2013-12-06 16:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-06 16:05 . 2013-12-06 16:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-06 16:05 . 2013-12-06 16:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-06 16:05 . 2013-12-06 16:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-06 16:05 . 2013-12-06 16:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-06 16:05 . 2013-12-06 16:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-06 16:05 . 2013-12-06 16:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-06 16:05 . 2013-12-06 16:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-06 16:05 . 2013-12-06 16:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-06 16:05 . 2013-12-06 16:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-06 16:05 . 2013-12-06 16:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-06 16:05 . 2013-12-06 16:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-06 16:05 . 2013-12-06 16:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-06 16:05 . 2013-12-06 16:05 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-06 16:05 . 2013-12-06 16:05 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-06 16:05 . 2013-12-06 16:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-06 16:05 . 2013-12-06 16:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-06 16:05 . 2013-12-06 16:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-06 16:05 . 2013-12-06 16:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-06 16:05 . 2013-12-06 16:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-06 16:05 . 2013-12-06 16:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-06 16:05 . 2013-12-06 16:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-06 16:05 . 2013-12-06 16:05 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-06 16:05 . 2013-12-06 16:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-06 16:05 . 2013-12-06 16:05 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-06 16:05 . 2013-12-06 16:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-06 16:05 . 2013-12-06 16:05 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-06 16:05 . 2013-12-06 16:05 413696 ----a-w- c:\windows\system32\html.iec
2013-12-06 16:05 . 2013-12-06 16:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-06 16:05 . 2013-12-06 16:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-06 16:05 . 2013-12-06 16:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-06 16:05 . 2013-12-06 16:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-06 16:05 . 2013-12-06 16:05 235520 ----a-w- c:\windows\system32\url.dll
2013-12-06 16:05 . 2013-12-06 16:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-06 16:05 . 2013-12-06 16:05 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-06 16:05 . 2013-12-06 16:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-06 16:05 . 2013-12-06 16:05 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-06 16:05 . 2013-12-06 16:05 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-06 16:05 . 2013-12-06 16:05 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-06 16:05 . 2013-12-06 16:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-06 16:05 . 2013-12-06 16:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-06 16:05 . 2013-12-06 16:05 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-06 16:05 . 2013-12-06 16:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-06 16:05 . 2013-12-06 16:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-11 19:58 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 19:58 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 19:58 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 19:58 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 19:58 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 19:58 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 19:58 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 19:58 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 19:58 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 19:58 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 19:58 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 19:58 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 19:58 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 19:58 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 19:58 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 19:58 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 19:58 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 19:58 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 19:58 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 19:58 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 19:58 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 19:58 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 19:58 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 19:58 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:10 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:10 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-11 14:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-01 10:59 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-21 39408]
"Enhance views Hack Tool"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-01 1646216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-12-13 295512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Enhance views Hack Tool.vbs [2013-10-29 1161270]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-30 11:08 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 17:32]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 10:19]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 10:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_’\00\00’\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~’\00\00’\00\00\00\00’\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-01 14:40:47
ComboFix-quarantined-files.txt 2014-02-01 13:40
ComboFix2.txt 2014-01-30 20:35
.
Vor Suchlauf: 13 Verzeichnis(se), 225.797.926.912 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 226.229.362.688 Bytes frei
.
- - End Of File - - 18DDD6A81BA1854D49B05B59664845DA
|
|
01.02.2014, 21:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2014, 22:38
| #9 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Nabend, sorry das ich erst jetzt schreibe, war aber am we nicht am pc! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Kerstin Stangl :: KERSTINSTANGL [administrator]
03.02.2014 21:50:53
mbar-log-2014-02-03 (21-50-53).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 241382
Time elapsed: 17 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Kerstin Stangl :: KERSTINSTANGL [administrator]
03.02.2014 22:17:05
mbar-log-2014-02-03 (22-17-05).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 241033
Time elapsed: 18 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
03.02.2014, 23:40
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltZitat:
 Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2014, 21:07
| #11 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltCode:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 04/02/2014 um 20:44:41
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kerstin Stangl - KERSTINSTANGL
# Gestartet von : C:\Users\Kerstin Stangl\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\53558dd0bc6ee443
Schlüssel Gelöscht : HKLM\SOFTWARE\53558dd0bc6ee443
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [13442 octets] - [04/02/2014 20:43:53]
AdwCleaner[S0].txt - [12999 octets] - [04/02/2014 20:44:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13060 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kerstin Stangl on 04.02.2014 at 20:51:18,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-311215860-1499064387-1487374865-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{29B1946A-6844-42BE-80E9-ACACA19E9584}
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\Users\Kerstin Stangl\appdata\local\apn"
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{09DB8C94-BDC6-4C2B-A2C3-DA57DC295BF9}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{135BA21A-E81A-4553-8676-A9E9EE0AEF15}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{20E7AF8C-24B4-4B34-AE65-ACBDBCF8053D}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{246504DF-0634-488E-948D-032C34658837}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{3157B577-05A3-4958-91BF-2B4D4A1B92BF}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{47C6B1B0-D6DE-467F-8E6E-E2E73D0A89A3}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{61BAFE7C-3EFB-45BC-B2E3-6EA336DA23CF}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{6C4640CE-C822-43F8-8120-E800324D13B7}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{751B0D12-F8CD-42DB-B335-44A1D4C088FF}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{766792FF-F24A-44E5-B5D2-D81A6092CB16}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{766F2429-F9F0-47CF-8D2A-3B27036E2D4B}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{7F9A25D0-9091-49AF-ACB3-E8B48133E1B0}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{86522F98-AB04-4EC7-9FA5-F426BBA7A915}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{877E7798-B0C1-48B9-87FB-7C103802BFA3}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{9ACB04ED-E9AA-4355-BA91-DE8D33909E31}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{9C13C596-1814-4981-B0A4-74924FC90078}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{A3F3CDF9-866D-410B-8D4A-598F63BC27CD}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{A53491A2-87FE-4417-9423-8D04902C792B}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{AB5AB5F5-A784-4D39-B3B6-9A1452C7320B}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{B0CE9D76-1EE8-4AF0-B21C-4C95ABE1FB69}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{C448CC08-C42D-461E-9BCA-D12F8D1D62FB}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{D146B49B-7B0F-4CBB-9EBF-EAF03ACC264A}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{E348B370-A874-434C-AB15-46FA3AE2473D}
Successfully deleted: [Empty Folder] C:\Users\Kerstin Stangl\appdata\local\{EFEF03C2-9469-46AA-ADE4-1B901D850BE6}
~~~ FireFox
Emptied folder: C:\Users\Kerstin Stangl\AppData\Roaming\mozilla\firefox\profiles\8vwavm8a.default\minidumps [9 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Kerstin Stangl\appdata\local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Successfully deleted: [Folder] C:\Users\Kerstin Stangl\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Kerstin Stangl\appdata\local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2014 at 20:58:54,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Kerstin Stangl (administrator) on KERSTINSTANGL on 04-02-2014 21:03:17
Running from C:\Users\Kerstin Stangl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [Enhance views Hack Tool] - C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs [1161270 2013-10-29] () <===== ATTENTION
Startup: C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-13]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Avira Toolbar) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google-Suche) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (RealDownloader) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Google Mail) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Kerstin Stangl\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 STEC3; \??\C:\Windows\system32\STEC3.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 21:01 - 2014-02-04 21:02 - 02080256 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-02-04 20:58 - 2014-02-04 20:58 - 00004530 _____ () C:\Users\Kerstin Stangl\Desktop\JRT.txt
2014-02-04 20:51 - 2014-02-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 20:49 - 2014-02-04 20:49 - 01037530 _____ (Thisisu) C:\Users\Kerstin Stangl\Desktop\JRT.exe
2014-02-04 20:48 - 2014-02-04 20:44 - 00013205 _____ () C:\Users\Kerstin Stangl\Desktop\AdwCleaner[S0].txt
2014-02-04 20:43 - 2014-02-04 20:44 - 00000000 ____D () C:\AdwCleaner
2014-02-04 20:43 - 2014-02-04 20:43 - 01166132 _____ () C:\Users\Kerstin Stangl\Desktop\adwcleaner.exe
2014-02-04 20:40 - 2014-02-04 20:40 - 00017075 _____ () C:\Users\Kerstin Stangl\Desktop\GTqSw3ZB.htm
2014-02-03 21:48 - 2014-02-03 22:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-03 21:47 - 2014-02-03 22:35 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\mbar
2014-02-03 21:45 - 2014-02-03 21:46 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Kerstin Stangl\Desktop\mbar-1.07.0.1009.exe
2014-02-01 14:40 - 2014-02-01 14:40 - 00030275 _____ () C:\ComboFix.txt
2014-02-01 14:21 - 2014-02-01 14:22 - 05179159 ____R (Swearware) C:\Users\Kerstin Stangl\Desktop\ComboFix.exe
2014-01-31 12:39 - 2014-01-31 12:39 - 01587612 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-30 21:10 - 2014-02-01 14:40 - 00000000 ____D () C:\Qoobox
2014-01-30 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-30 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-30 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-30 21:09 - 2014-01-30 21:33 - 00000000 ____D () C:\Windows\erdnt
2014-01-30 19:28 - 2014-01-30 19:28 - 00281448 _____ () C:\Windows\Minidump\013014-29218-01.dmp
2014-01-30 16:19 - 2014-01-30 19:41 - 00001099 _____ () C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ () C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ () C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:54 - 2014-01-30 15:55 - 00035204 _____ () C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-02-04 21:03 - 00019311 _____ () C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-01-30 15:53 - 2014-02-04 21:03 - 00000000 ____D () C:\FRST
2014-01-30 15:52 - 2014-01-30 15:53 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ () C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:47 - 2014-01-30 18:55 - 00000490 _____ () C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ () C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-25 13:19 - 2014-01-25 13:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:09 - 2014-01-23 16:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ () C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ () C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-15 16:51 - 2014-01-15 16:51 - 08740774 _____ () C:\Users\Kerstin Stangl\Desktop\Keinohrhase und Zweiohrkuken (2013) - Full HD Trailer Kids Family Animation Deutsch German 1080p - YouTube12.mp4
2014-01-15 14:54 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:54 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:54 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 17:43 - 2014-01-17 14:32 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
==================== One Month Modified Files and Folders =======
2014-02-04 21:03 - 2014-01-30 15:53 - 00019311 _____ () C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-02-04 21:03 - 2014-01-30 15:53 - 00000000 ____D () C:\FRST
2014-02-04 21:02 - 2014-02-04 21:01 - 02080256 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-02-04 20:58 - 2014-02-04 20:58 - 00004530 _____ () C:\Users\Kerstin Stangl\Desktop\JRT.txt
2014-02-04 20:55 - 2013-04-21 12:43 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Local\APN
2014-02-04 20:54 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 20:54 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 20:51 - 2014-02-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 20:49 - 2014-02-04 20:49 - 01037530 _____ (Thisisu) C:\Users\Kerstin Stangl\Desktop\JRT.exe
2014-02-04 20:47 - 2013-04-21 12:19 - 00000000 ____D () C:\Users\Kerstin Stangl\Documents\Youcam
2014-02-04 20:46 - 2013-08-21 11:20 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 20:45 - 2013-04-21 11:58 - 01530831 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 20:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 20:45 - 2009-07-14 05:51 - 00062396 _____ () C:\Windows\setupact.log
2014-02-04 20:44 - 2014-02-04 20:48 - 00013205 _____ () C:\Users\Kerstin Stangl\Desktop\AdwCleaner[S0].txt
2014-02-04 20:44 - 2014-02-04 20:43 - 00000000 ____D () C:\AdwCleaner
2014-02-04 20:43 - 2014-02-04 20:43 - 01166132 _____ () C:\Users\Kerstin Stangl\Desktop\adwcleaner.exe
2014-02-04 20:43 - 2013-08-21 11:20 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 20:43 - 2013-08-21 11:20 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 20:40 - 2014-02-04 20:40 - 00017075 _____ () C:\Users\Kerstin Stangl\Desktop\GTqSw3ZB.htm
2014-02-04 20:32 - 2013-05-02 07:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 17:28 - 2014-01-03 22:51 - 02304009 _____ () C:\Users\Kerstin Stangl\Desktop\PPP.pptx
2014-02-04 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-04 15:27 - 2012-02-21 19:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 15:27 - 2012-02-21 19:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 15:27 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 22:35 - 2014-02-03 21:47 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\mbar
2014-02-03 22:15 - 2014-02-03 21:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-03 21:46 - 2014-02-03 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Kerstin Stangl\Desktop\mbar-1.07.0.1009.exe
2014-02-01 17:50 - 2013-05-14 12:16 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-01 17:28 - 2010-11-21 04:47 - 00205716 _____ () C:\Windows\PFRO.log
2014-02-01 14:40 - 2014-02-01 14:40 - 00030275 _____ () C:\ComboFix.txt
2014-02-01 14:40 - 2014-01-30 21:10 - 00000000 ____D () C:\Qoobox
2014-02-01 14:38 - 2013-04-21 12:13 - 00000000 ___RD () C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-01 14:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-01 14:22 - 2014-02-01 14:21 - 05179159 ____R (Swearware) C:\Users\Kerstin Stangl\Desktop\ComboFix.exe
2014-01-31 12:39 - 2014-01-31 12:39 - 01587612 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-30 21:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-01-30 21:33 - 2014-01-30 21:09 - 00000000 ____D () C:\Windows\erdnt
2014-01-30 19:41 - 2014-01-30 16:19 - 00001099 _____ () C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 19:28 - 2014-01-30 19:28 - 00281448 _____ () C:\Windows\Minidump\013014-29218-01.dmp
2014-01-30 19:28 - 2013-12-17 17:13 - 00000000 ____D () C:\Windows\Minidump
2014-01-30 19:28 - 2013-12-13 16:26 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-30 19:28 - 2013-12-13 16:26 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-30 19:27 - 2013-12-17 17:12 - 767558405 _____ () C:\Windows\MEMORY.DMP
2014-01-30 18:55 - 2014-01-30 15:47 - 00000490 _____ () C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ () C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ () C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:55 - 2014-01-30 15:54 - 00035204 _____ () C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-01-30 15:52 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ () C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:48 - 2013-04-21 12:12 - 00000000 ____D () C:\Users\Kerstin Stangl
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ () C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-28 16:23 - 2013-04-21 12:46 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Local\DoNotTrackPlus
2014-01-25 20:13 - 2013-12-13 16:27 - 00003390 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 20:13 - 2013-12-13 16:27 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:33 - 2014-01-25 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:10 - 2014-01-23 16:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ () C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-17 14:32 - 2014-01-07 17:43 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-01-16 13:31 - 2009-07-14 05:45 - 00410064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:42 - 2013-08-20 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 18:42 - 2013-04-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 18:40 - 2012-02-21 20:44 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ () C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-15 16:51 - 2014-01-15 16:51 - 08740774 _____ () C:\Users\Kerstin Stangl\Desktop\Keinohrhase und Zweiohrkuken (2013) - Full HD Trailer Kids Family Animation Deutsch German 1080p - YouTube12.mp4
2014-01-14 14:07 - 2013-12-18 19:07 - 00000083 _____ () C:\Users\Kerstin Stangl\AppData\Roaming\WB.CFG
2014-01-08 15:40 - 2013-04-21 13:22 - 00000000 ____D () C:\Users\Kerstin Stangl\Documents\Schule
Files to move or delete:
====================
C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs
Some content of TEMP:
====================
C:\Users\Kerstin Stangl\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin Stangl\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 10:10
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Kerstin Stangl at 2014-01-30 15:54:21
Running from C:\Users\Kerstin Stangl\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
ALDI SÜD Mah Jong (x32 Version: - )
AMI VR-pulse OS Switcher (Version: 1.1 - American Megatrends Inc.)
Ashampoo Burning Studio (x32 Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (x32 Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (x32 Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (x32 Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ask Toolbar (x32 Version: 1.15.24.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.5.42066 - Ask.com)
AWIN NotenBox 7 (x32 Version: 7 - AWIN Software)
Canon MG5200 series Benutzerregistrierung (x32 Version: - )
Canon MG5200 series MP Drivers (Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
CD-LabelPrint (x32 Version: - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.1.2414a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.1.2414a - CyberLink Corp.) Hidden
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.) Hidden
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3621 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 9.0.0.3621 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.1402 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.1402 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (x32 Version: - Visual Tools) <==== ATTENTION
dm-Fotowelt (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11 - Dolby Laboratories Inc)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.13.925 (x32 Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (x32 Version: 3.0.12.0 - Intel Corporation)
Intel(R) Wireless Display (Version: - )
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.5.3 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20 - Oracle)
Java(TM) 7 Update 2 (x32 Version: 7.0.20 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Klett Nussknacker 3 (x32 Version: - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Mein CEWE FOTOBUCH (x32 Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
PCSUITE SHREDDER (x32 Version: - Markement GmbH)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
PHotkey (x32 Version: 1.00.0055 - Pegatron Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (Version: 16.0.0.3 - Synaptics Incorporated)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
watchmi (x32 Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
11-12-2013 19:57:07 Windows Update
16-12-2013 15:10:42 Windows Update
28-12-2013 09:35:08 Geplanter Prüfpunkt
04-01-2014 14:11:53 Geplanter Prüfpunkt
15-01-2014 17:39:45 Windows Update
23-01-2014 14:16:30 Geplanter Prüfpunkt
25-01-2014 15:41:49 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {07BD7BF3-1271-41B6-BC51-A042FE7263CD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {183F8C73-8574-4E3F-8D32-BDA5C03C02D1} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {2FB62FAB-4C1D-400C-86CB-45CA5C11483E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4B4FC734-61D4-43FF-B2A2-A0AB384DD875} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {6A87B932-A2E6-43C5-94F2-1F102E82F2F3} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {6E8AB62A-4ABB-4360-8986-1FA32F694D07} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {745B02FA-2140-4974-B19A-EB8FE30CCBB8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {80B6DAEB-4AC1-45AB-919C-E9339AD4117C} - System32\Tasks\Dealply => C:\Users\KERSTI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A372BA14-669C-400A-B346-A0F4E86DAFEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B425CCE3-5E96-4342-A826-8D787CA520F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DEAE7F32-7C0F-4EC4-89AA-134285C11D0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {F014CFC9-EC3B-40E3-BDC8-3856D8D3393F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {F49F5341-4645-461D-9AA8-451E40DE577A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-01] ()
Task: {FA49A021-71F6-4F74-B92F-AC9B379257FD} - System32\Tasks\EPUpdater => C:\Users\Kerstin Stangl\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {FB103E04-D047-4B48-BFA6-CB8796B33F0F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\KERSTI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-21 23:09 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-31 10:24 - 2012-01-31 10:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2013-04-21 12:01 - 2013-04-21 12:01 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2013-04-21 12:41 - 2013-01-25 08:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-22 17:36 - 2009-12-19 00:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-02-22 17:36 - 2009-12-19 00:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-01 12:00 - 2013-04-01 12:00 - 00597880 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll
2013-04-01 12:00 - 2013-04-01 12:00 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-08-21 12:49 - 2013-08-21 12:49 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-02-21 23:36 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-21 23:21 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2014 03:41:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 03:40:11 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/30/2014 11:13:10 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/30/2014 09:33:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 09:33:10 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/28/2014 06:12:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2014 06:12:33 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/28/2014 04:26:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/28/2014 03:08:41 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/28/2014 02:42:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/30/2014 03:40:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/30/2014 03:40:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/30/2014 03:40:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF Architect Service erreicht.
Error: (01/30/2014 09:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/30/2014 09:33:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/30/2014 09:33:08 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.
Error: (01/28/2014 06:15:01 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/28/2014 06:12:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2014 02:41:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2014 03:31:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "STEC3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/10/2014 05:13:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2880 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (01/06/2014 07:35:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/11/2013 06:57:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2123 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (07/30/2013 02:04:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 259 seconds with 240 seconds of active time. This session ended with a crash.
Error: (07/30/2013 02:00:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1099 seconds with 1080 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8086.47 MB
Available physical RAM: 5555.93 MB
Total Pagefile: 16171.12 MB
Available Pagefile: 13213.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:208.18 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:22.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
04.02.2014, 21:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
C:\Program Files (x86)\Ask.com
Startup: C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs ()
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [Enhance views Hack Tool] - C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs [1161270 2013-10-29] () <===== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2014, 21:11
| #13 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2014
Ran by Kerstin Stangl at 2014-02-05 21:07:05 Run:1
Running from C:\Users\Kerstin Stangl\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
C:\Program Files (x86)\Ask.com
Startup: C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs ()
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [Enhance views Hack Tool] - C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs [1161270 2013-10-29] () <===== ATTENTION
*****************
Could not move "C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs" => Scheduled to move on reboot.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enhance views Hack Tool.vbs => Moved successfully.
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Enhance views Hack Tool => Value deleted successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-05 21:09:39)<=
C:\Users\Kerstin Stangl\AppData\Local\Temp\Enhance views Hack Tool.vbs => Is moved successfully.
==== End of Fixlog ====
|
|
06.02.2014, 03:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt Frische FRST Logs bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2014, 22:13
| #15 |
| | Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandeltFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by Kerstin Stangl (administrator) on KERSTINSTANGL on 06-02-2014 22:10:57
Running from C:\Users\Kerstin Stangl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\Run: [Enhance views Hack Tool] - wscript.exe //B "C:\Users\KERSTI~1\AppData\Local\Temp\Enhance views Hack Tool.vbs" <===== ATTENTION
HKU\S-1-5-21-311215860-1499064387-1487374865-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-11] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Kerstin Stangl\AppData\Roaming\Mozilla\Firefox\Profiles\8vwavm8a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-13]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (YouTube) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google-Suche) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (RealDownloader) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Google Mail) - C:\Users\Kerstin Stangl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Kerstin Stangl\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 STEC3; \??\C:\Windows\system32\STEC3.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 21:06 - 2014-02-06 22:07 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\FRST-OlderVersion
2014-02-04 21:01 - 2014-02-06 22:07 - 02079744 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-02-04 20:58 - 2014-02-04 20:58 - 00004530 _____ () C:\Users\Kerstin Stangl\Desktop\JRT.txt
2014-02-04 20:51 - 2014-02-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 20:49 - 2014-02-04 20:49 - 01037530 _____ (Thisisu) C:\Users\Kerstin Stangl\Desktop\JRT.exe
2014-02-04 20:48 - 2014-02-04 20:44 - 00013205 _____ () C:\Users\Kerstin Stangl\Desktop\AdwCleaner[S0].txt
2014-02-04 20:43 - 2014-02-04 20:44 - 00000000 ____D () C:\AdwCleaner
2014-02-04 20:43 - 2014-02-04 20:43 - 01166132 _____ () C:\Users\Kerstin Stangl\Desktop\adwcleaner.exe
2014-02-04 20:40 - 2014-02-04 20:40 - 00017075 _____ () C:\Users\Kerstin Stangl\Desktop\GTqSw3ZB.htm
2014-02-03 21:48 - 2014-02-03 22:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-03 21:47 - 2014-02-03 22:35 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\mbar
2014-02-03 21:45 - 2014-02-03 21:46 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Kerstin Stangl\Desktop\mbar-1.07.0.1009.exe
2014-02-01 14:40 - 2014-02-01 14:40 - 00030275 _____ () C:\ComboFix.txt
2014-02-01 14:21 - 2014-02-01 14:22 - 05179159 ____R (Swearware) C:\Users\Kerstin Stangl\Desktop\ComboFix.exe
2014-01-31 12:39 - 2014-01-31 12:39 - 01587612 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-30 21:10 - 2014-02-01 14:40 - 00000000 ____D () C:\Qoobox
2014-01-30 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-30 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-30 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-30 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-30 21:09 - 2014-01-30 21:33 - 00000000 ____D () C:\Windows\erdnt
2014-01-30 19:28 - 2014-01-30 19:28 - 00281448 _____ () C:\Windows\Minidump\013014-29218-01.dmp
2014-01-30 16:19 - 2014-01-30 19:41 - 00001099 _____ () C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ () C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ () C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:54 - 2014-01-30 15:55 - 00035204 _____ () C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-02-06 22:10 - 00018877 _____ () C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-01-30 15:53 - 2014-02-06 22:10 - 00000000 ____D () C:\FRST
2014-01-30 15:52 - 2014-01-30 15:53 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ () C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:47 - 2014-01-30 18:55 - 00000490 _____ () C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ () C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-25 13:19 - 2014-01-25 13:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:09 - 2014-01-23 16:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ () C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ () C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-15 16:51 - 2014-01-15 16:51 - 08740774 _____ () C:\Users\Kerstin Stangl\Desktop\Keinohrhase und Zweiohrkuken (2013) - Full HD Trailer Kids Family Animation Deutsch German 1080p - YouTube12.mp4
2014-01-15 14:54 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:54 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:54 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:54 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 17:43 - 2014-01-17 14:32 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
==================== One Month Modified Files and Folders =======
2014-02-06 22:11 - 2014-01-30 15:53 - 00018877 _____ () C:\Users\Kerstin Stangl\Desktop\FRST.txt
2014-02-06 22:10 - 2014-01-30 15:53 - 00000000 ____D () C:\FRST
2014-02-06 22:07 - 2014-02-05 21:06 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\FRST-OlderVersion
2014-02-06 22:07 - 2014-02-04 21:01 - 02079744 _____ (Farbar) C:\Users\Kerstin Stangl\Desktop\FRST64.exe
2014-02-06 22:07 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 22:07 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 22:05 - 2013-04-21 11:58 - 01595086 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 22:01 - 2013-04-21 12:19 - 00000000 ____D () C:\Users\Kerstin Stangl\Documents\Youcam
2014-02-06 21:59 - 2013-08-21 11:20 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 21:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 21:59 - 2009-07-14 05:51 - 00063012 _____ () C:\Windows\setupact.log
2014-02-06 09:32 - 2013-05-02 07:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 08:43 - 2013-08-21 11:20 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 21:32 - 2013-05-02 07:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 21:32 - 2013-05-02 07:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 21:32 - 2012-02-21 22:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 21:07 - 2013-04-21 12:13 - 00000000 ___RD () C:\Users\Kerstin Stangl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-05 19:06 - 2012-02-21 19:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-02-05 19:06 - 2012-02-21 19:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-02-05 19:06 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 20:58 - 2014-02-04 20:58 - 00004530 _____ () C:\Users\Kerstin Stangl\Desktop\JRT.txt
2014-02-04 20:55 - 2013-04-21 12:43 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Local\APN
2014-02-04 20:51 - 2014-02-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 20:49 - 2014-02-04 20:49 - 01037530 _____ (Thisisu) C:\Users\Kerstin Stangl\Desktop\JRT.exe
2014-02-04 20:44 - 2014-02-04 20:48 - 00013205 _____ () C:\Users\Kerstin Stangl\Desktop\AdwCleaner[S0].txt
2014-02-04 20:44 - 2014-02-04 20:43 - 00000000 ____D () C:\AdwCleaner
2014-02-04 20:43 - 2014-02-04 20:43 - 01166132 _____ () C:\Users\Kerstin Stangl\Desktop\adwcleaner.exe
2014-02-04 20:43 - 2013-08-21 11:20 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 20:40 - 2014-02-04 20:40 - 00017075 _____ () C:\Users\Kerstin Stangl\Desktop\GTqSw3ZB.htm
2014-02-04 17:28 - 2014-01-03 22:51 - 02304009 _____ () C:\Users\Kerstin Stangl\Desktop\PPP.pptx
2014-02-04 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-03 22:35 - 2014-02-03 21:47 - 00000000 ____D () C:\Users\Kerstin Stangl\Desktop\mbar
2014-02-03 22:15 - 2014-02-03 21:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-03 21:46 - 2014-02-03 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Kerstin Stangl\Desktop\mbar-1.07.0.1009.exe
2014-02-01 17:50 - 2013-05-14 12:16 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-01 17:28 - 2010-11-21 04:47 - 00205716 _____ () C:\Windows\PFRO.log
2014-02-01 14:40 - 2014-02-01 14:40 - 00030275 _____ () C:\ComboFix.txt
2014-02-01 14:40 - 2014-01-30 21:10 - 00000000 ____D () C:\Qoobox
2014-02-01 14:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-01 14:22 - 2014-02-01 14:21 - 05179159 ____R (Swearware) C:\Users\Kerstin Stangl\Desktop\ComboFix.exe
2014-01-31 12:39 - 2014-01-31 12:39 - 01587612 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-30 21:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-01-30 21:33 - 2014-01-30 21:09 - 00000000 ____D () C:\Windows\erdnt
2014-01-30 19:41 - 2014-01-30 16:19 - 00001099 _____ () C:\Users\Kerstin Stangl\Desktop\gmer.txt
2014-01-30 19:28 - 2014-01-30 19:28 - 00281448 _____ () C:\Windows\Minidump\013014-29218-01.dmp
2014-01-30 19:28 - 2013-12-17 17:13 - 00000000 ____D () C:\Windows\Minidump
2014-01-30 19:28 - 2013-12-13 16:26 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-30 19:28 - 2013-12-13 16:26 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-30 19:27 - 2013-12-17 17:12 - 767558405 _____ () C:\Windows\MEMORY.DMP
2014-01-30 18:55 - 2014-01-30 15:47 - 00000490 _____ () C:\Users\Kerstin Stangl\Desktop\defogger_disable.log
2014-01-30 16:12 - 2014-01-30 16:12 - 00282616 _____ () C:\Windows\Minidump\013014-29905-01.dmp
2014-01-30 15:56 - 2014-01-30 15:56 - 00380416 _____ () C:\Users\Kerstin Stangl\Desktop\Gmer-19357.exe
2014-01-30 15:55 - 2014-01-30 15:54 - 00035204 _____ () C:\Users\Kerstin Stangl\Desktop\Addition.txt
2014-01-30 15:53 - 2014-01-30 15:52 - 01137152 _____ (Farbar) C:\Users\Kerstin Stangl\Downloads\FRST.exe
2014-01-30 15:48 - 2014-01-30 15:48 - 00000000 _____ () C:\Users\Kerstin Stangl\defogger_reenable
2014-01-30 15:48 - 2013-04-21 12:12 - 00000000 ____D () C:\Users\Kerstin Stangl
2014-01-30 15:46 - 2014-01-30 15:46 - 00050477 _____ () C:\Users\Kerstin Stangl\Desktop\Defogger.exe
2014-01-28 16:23 - 2013-04-21 12:46 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Local\DoNotTrackPlus
2014-01-25 20:13 - 2013-12-13 16:27 - 00003390 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 20:13 - 2013-12-13 16:27 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-311215860-1499064387-1487374865-1000
2014-01-25 13:35 - 2014-01-25 13:35 - 00000000 ____D () C:\Users\Kerstin Stangl\AppData\Roaming\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-25 13:34 - 2014-01-25 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:33 - 2014-01-25 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-23 16:10 - 2014-01-23 16:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kerstin Stangl\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 17:07 - 2014-01-20 17:07 - 00095744 _____ () C:\Users\Kerstin Stangl\Downloads\Lesekino.pub
2014-01-17 14:32 - 2014-01-07 17:43 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-16 13:48 - 2014-01-16 13:48 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-01-16 13:31 - 2009-07-14 05:45 - 00410064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:42 - 2013-08-20 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 18:42 - 2013-04-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 18:40 - 2012-02-21 20:44 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:01 - 2014-01-15 18:01 - 00199454 _____ () C:\Users\Kerstin Stangl\Downloads\Arbeitsformen_bei_Gef%0d%0a ühls-_u._Verhaltenss%0d%0a törungen_Dr._Unger.p%0d%0a df
2014-01-15 16:51 - 2014-01-15 16:51 - 08740774 _____ () C:\Users\Kerstin Stangl\Desktop\Keinohrhase und Zweiohrkuken (2013) - Full HD Trailer Kids Family Animation Deutsch German 1080p - YouTube12.mp4
2014-01-14 14:07 - 2013-12-18 19:07 - 00000083 _____ () C:\Users\Kerstin Stangl\AppData\Roaming\WB.CFG
2014-01-08 15:40 - 2013-04-21 13:22 - 00000000 ____D () C:\Users\Kerstin Stangl\Documents\Schule
Some content of TEMP:
====================
C:\Users\Kerstin Stangl\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin Stangl\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 10:10
==================== End Of Log ============================
Ich hoffe das war richtig, dass ich den FRST erneut scannen lies! |
|
| Themen zu Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt |
| adware.agent, appdatalow, install.exe, pup.bprotector, pup.dealply, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.crx.a, pup.optional.datamngr.a, pup.optional.dealply, pup.optional.dealply.a, pup.optional.delta, pup.optional.delta.a, pup.optional.deltatb, pup.optional.filescout.a, pup.optional.filesfrog.a, pup.optional.mediasoft, pup.optional.opencandy, pup.optional.optimizepro.a, pup.optional.optimuminstaller.a, pup.optional.optimzerpro.a, pup.optional.performersoft.a, pup.optional.pricepeep.a, pup.optional.somoto.a, pup.optional.wajam, pup.optional.wajam.a |
Linear-Darstellung
