![]() |
|
Log-Analyse und Auswertung: Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, bei meinem Vista-Rechner habe ich seit einigen Wochen Probleme mit dem Internetzugang gehabt. Zugang über Firefox und IE war kaum möglich. Einzig über Chrome war der Zugang teilweise möglich. Manchmal nicht einmal das. Also kein Internetzugang möglich. Internetverbindung allerdings stets aktiv. Heute habe ich einmal einen Scan mit MBAM durchgeführt. Dieser hat insgesamt 192 (!) Funde angezeigt. Bei der Bereinigung ist allerdings MBAM abgestürzt, so dass es leider kein LOG gibt, welches ich hier anhängen kann. Bei zwei weiteren Versuchen war es ähnlich. Danach bin ich allerdings wieder ins Internet gekommen. Auch mit Firefox und IE. Allerdings denke ich, dass der Rechner bestimmt noch nicht sauber ist. Zudem wird auch die Geschwindigkeit des Rechners immer langsamer. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:52 on 26/02/2014 (Gabriele) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01 Ran by Gabriele (administrator) on GABRIELE-PC on 26-02-2014 20:54:42 Running from C:\Users\Gabriele\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\bcmwltry.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE () C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Dell Inc. and SightSpeed Inc.) C:\Program Files\Dell Video Chat\DellVideoChat.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (Logitech, Inc.) C:\Users\Gabriele\Downloads\SetPoint\SetPoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( ) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-08-05] (Dell Inc.) HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.) HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.) HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe [57344 2005-06-23] (Adobe Systems Incorporated) HKLM\...\Run: [IR_SERVER] - C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-29] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2014-02-04] (Geek Software GmbH) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks) HKLM\...\RunOnce: [DSC3 updater] - "C:\Users\Gabriele\Downloads\aulauncher.exe" /launchrunonce [1748448 2011-04-06] (Dell Inc) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [SightSpeed] - C:\Program Files\Dell Video Chat\DellVideoChat.exe [4812664 2008-08-15] (Dell Inc. and SightSpeed Inc.) HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation) HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.6\Espresso.dll (Hewlett-Packard) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212 FF user.js: detected! => C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\user.js FF DefaultSearchEngine: awesomehp FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Quick Start - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\lightningnewtab@gmail.com [2014-02-19] FF Extension: Extension_Protected - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17] FF Extension: Adblock Plus - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2011-04-06] Chrome: ======= CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923 CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07] CHR Extension: (Google-Suche) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07] CHR Extension: (Google Wallet) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06] CHR Extension: (Google Mail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-29] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation) S2 gupdate1c9e137e18a018; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-30] (Google Inc.) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin) R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-29] (IDT, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.) S3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [245720 2009-02-18] (AfaTech ) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG) R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation) R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. ) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-26] (Malwarebytes Corporation) R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.) R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.) S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt 2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST 2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log 2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable 2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe 2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe 2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe 2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe 2014-02-26 19:26 - 2014-02-26 20:08 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-26 19:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip 2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG 2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip 2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip 2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip 2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell 2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue 2014-02-17 20:36 - 2014-02-26 20:17 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect 2014-02-12 10:04 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing 2014-02-12 09:57 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 09:57 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 09:57 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-02-12 09:57 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-02-12 09:57 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-12 09:57 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 09:57 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 09:57 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-02-12 09:57 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 09:57 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod 2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iTunes 2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe 2014-02-10 14:01 - 2014-02-23 22:16 - 00000000 ____D () C:\Program Files\Amazon 2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll 2014-02-10 13:58 - 2014-02-10 17:06 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak 2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe 2014-02-04 18:13 - 2014-02-04 18:14 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher 2014-02-04 15:54 - 2014-02-11 16:03 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG 2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe 2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe 2014-02-04 15:23 - 2014-02-26 19:46 - 00000000 ____D () C:\Program Files\SearchProtect 2014-02-04 15:23 - 2014-02-04 15:24 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect 2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END 2014-02-04 15:22 - 2014-02-26 19:46 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide 2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe 2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi 2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice 2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24 2014-01-30 19:04 - 2014-02-04 15:49 - 00000000 ____D () C:\Program Files\PDF24 2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-30 19:00 - 2014-01-30 19:01 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe 2014-01-30 18:59 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-30 18:40 - 2014-01-30 18:42 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe 2014-01-30 17:05 - 2014-01-05 16:51 - 00013673 _____ () C:\Users\Gabriele\Ebay-text.odt 2014-01-30 17:05 - 2011-06-09 13:50 - 00027136 _____ () C:\Users\Gabriele\Vertragsrücksendung.wps 2014-01-30 17:05 - 2011-03-06 20:13 - 00027648 _____ () C:\Users\Gabriele\Anschreiben_Ulrike.txt.wps ==================== One Month Modified Files and Folders ======= 2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt 2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST 2014-02-26 20:54 - 2012-10-26 10:18 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\FRITZ! 2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log 2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable 2014-02-26 20:52 - 2008-11-07 15:35 - 00000000 ____D () C:\Users\Gabriele 2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe 2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe 2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe 2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-26 20:26 - 2013-12-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-26 20:26 - 2008-11-05 08:28 - 01083212 _____ () C:\Windows\WindowsUpdate.log 2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe 2014-02-26 20:23 - 2012-11-16 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-26 20:21 - 2011-04-06 18:53 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SoftThinks 2014-02-26 20:20 - 2009-07-01 20:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-26 20:20 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-26 20:17 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-26 20:08 - 2014-02-26 19:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-26 20:06 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-26 20:00 - 2009-07-01 20:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-26 19:46 - 2014-02-04 15:23 - 00000000 ____D () C:\Program Files\SearchProtect 2014-02-26 19:46 - 2014-02-04 15:22 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide 2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip 2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG 2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip 2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip 2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip 2014-02-25 19:25 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-25 19:23 - 2008-11-08 15:23 - 00032530 _____ () C:\Users\Gabriele\AppData\Roaming\wklnhst.dat 2014-02-25 19:19 - 2008-11-17 20:48 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Neues 2014-02-25 19:10 - 2011-04-19 13:40 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Sonstiges 2014-02-25 19:08 - 2011-04-06 18:50 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup 2014-02-25 18:44 - 2014-01-17 17:05 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell 2014-02-24 22:14 - 2008-11-10 13:29 - 00000432 _____ () C:\Windows\BRWMARK.INI 2014-02-24 22:14 - 2008-11-10 13:29 - 00000034 _____ () C:\Windows\system32\BD2030.DAT 2014-02-24 13:31 - 2010-06-03 16:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\CrashDumps 2014-02-24 12:54 - 2008-01-21 03:47 - 00713982 _____ () C:\Windows\PFRO.log 2014-02-23 22:32 - 2011-03-04 18:14 - 00000000 ____D () C:\ProgramData\EPSON 2014-02-23 22:25 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing 2014-02-23 22:25 - 2012-12-14 19:43 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-23 22:25 - 2008-11-21 20:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Apple Computer 2014-02-23 22:16 - 2014-02-10 14:01 - 00000000 ____D () C:\Program Files\Amazon 2014-02-23 17:27 - 2012-11-16 17:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-23 17:27 - 2011-08-18 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-23 17:20 - 2008-12-04 13:27 - 00007052 _____ () C:\Users\Gabriele\AppData\Local\d3d9caps.dat 2014-02-23 17:14 - 2013-07-07 11:54 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-23 14:17 - 2008-11-07 15:40 - 00000951 _____ () C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-19 22:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-02-19 22:39 - 2006-11-02 11:22 - 43778048 _____ () C:\Windows\system32\config\software_previous 2014-02-19 22:39 - 2006-11-02 11:22 - 42467328 _____ () C:\Windows\system32\config\components_previous 2014-02-19 22:39 - 2006-11-02 11:22 - 26738688 _____ () C:\Windows\system32\config\system_previous 2014-02-19 22:39 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue 2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM 2014-02-13 17:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect 2014-02-12 11:24 - 2013-08-16 19:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-12 11:21 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-11 16:03 - 2014-02-04 15:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG 2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod 2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\Program Files\iTunes 2014-02-10 18:29 - 2009-05-29 18:48 - 00000000 ____D () C:\ProgramData\Apple 2014-02-10 17:06 - 2014-02-10 13:58 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak 2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe 2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll 2014-02-10 14:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe 2014-02-10 13:20 - 2008-11-10 15:35 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Adobe 2014-02-04 18:14 - 2014-02-04 18:13 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher 2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-02-04 15:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Program Files\PDF24 2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe 2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe 2014-02-04 15:24 - 2014-02-04 15:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect 2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END 2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe 2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi 2014-02-02 21:10 - 2014-02-12 09:57 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-02 21:10 - 2014-02-12 09:57 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-02 21:10 - 2014-02-12 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2014-02-02 12:20 - 2014-01-17 17:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\HpUpdate 2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice 2014-02-02 11:12 - 2006-11-02 13:47 - 00306232 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-01 23:54 - 2014-02-12 09:57 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-02-01 23:47 - 2014-02-12 09:57 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-01 23:47 - 2014-02-12 09:57 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-01 23:46 - 2014-02-12 09:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-01 23:46 - 2014-02-12 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-31 16:53 - 2008-11-07 15:35 - 00074200 _____ () C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24 2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-30 19:01 - 2014-01-30 19:00 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe 2014-01-30 19:00 - 2014-01-30 18:59 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-30 18:59 - 2011-04-06 18:01 - 00000000 ____D () C:\Program Files\OpenOffice.org 3 2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-30 18:42 - 2014-01-30 18:40 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe 2014-01-28 18:28 - 2011-03-13 12:12 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Spiritualität Files to move or delete: ==================== C:\Users\Gabriele\AppData\Roaming\desktop.ini C:\Users\Public\AlexaNSISPlugin.6872.dll Some content of TEMP: ==================== C:\Users\Gabriele\AppData\Local\Temp\APNStub.exe C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe C:\Users\Gabriele\AppData\Local\Temp\BackupSetup.exe C:\Users\Gabriele\AppData\Local\Temp\contentDATs.exe C:\Users\Gabriele\AppData\Local\Temp\FileSystemView.dll C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate05.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate06.exe C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate07.exe C:\Users\Gabriele\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe C:\Users\Gabriele\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Gabriele\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe C:\Users\Gabriele\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Gabriele\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Gabriele\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Gabriele\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe C:\Users\Gabriele\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Gabriele\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Gabriele\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Gabriele\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Gabriele\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Gabriele\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Gabriele\AppData\Local\Temp\setup.exe C:\Users\Gabriele\AppData\Local\Temp\{D39E6783-6B9A-4ADA-8DE0-83C86F0080B8}.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-26 20:26 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01 Ran by Gabriele at 2014-02-26 20:55:13 Running from C:\Users\Gabriele\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - ) Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.260 - ArcSoft) ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0407.2138 - ) AuthenTec Fingerprint System (HKLM\...\{140BF0D0-E848-405C-9A01-D3256B918B6D}) (Version: 8.0.26.22 - AuthenTec, Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin) AVM FRITZ!DSL (HKLM\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother HL-2030 (HKLM\...\{671FE013-B628-4624-B5EF-1B4E9F35423C}) (Version: 1.00 - Brother) Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0407.2139.36897 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0407.2139.36897 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Danish (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Dutch (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help English (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Finnish (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help French (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help German (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Italian (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Japanese (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Korean (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Norwegian (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Portuguese (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Russian (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Spanish (Version: 2008.0407.2138.36897 - ATI) Hidden CCC Help Swedish (Version: 2008.0407.2138.36897 - ATI) Hidden ccc-core-static (Version: 2008.0407.2139.36897 - ATI) Hidden ccc-utility (Version: 2008.0407.2139.36897 - ATI) Hidden CDDRV_Installer (Version: 4.60 - Logitech) Hidden Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell) Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell) Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell) Dell Handbuch zum Einstieg (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.) Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.104 - Alps Electric) Dell Video Chat (remove only) (HKLM\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.) Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: - ) Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell) Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.) DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.02.3769 - DigitalPersona, Inc.) EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - ) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Garmin City Navigator Europe (Unicode) NT 2012.30 Update (HKLM\...\{402754E1-22AD-42D9-86C5-B0AC52C7D70D}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: - - Google) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - ) HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{DB1F11B1-A35C-45C1-904C-68A6D1481D80}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Smart Print 2.6 (HKLM\...\{602847AC-F50C-41B0-B080-EC190B195FAF}) (Version: 2.6.0.238 - Hewlett-Packard) HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) Integrated Webcam Driver (1.06.03.0309) (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.) Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) ITECIR Driver (Version: 1.00.000 - ITE) Hidden iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd) Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF24 Creator 6.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.0.12 - Dell Inc.) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd) Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden SA32xx Device Manager (HKLM\...\{7CDC26F7-D6BF-442A-B599-0075A48310F7}) (Version: 01.01.00.1022 - Philips) SA32xx Media Converter (HKLM\...\{D57ACD92-6A27-43BB-B3AE-894930940D41}) (Version: 1.0.6.1013 - Philips) SA32xx Media Converter (Version: 1.0.6.1013 - Philips) Hidden Skins (Version: 2008.0407.2139.36897 - ATI) Hidden Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{A8F97B7C-7D31-4D52-B7DD-BF3C20DFE5F9}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) ==================== Restore Points ========================= 13-01-2014 17:31:15 Geplanter Prüfpunkt 17-01-2014 15:59:21 Gerätetreiber-Paketinstallation: HP Drucker 17-01-2014 15:59:28 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte 17-01-2014 16:01:02 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte 17-01-2014 16:02:53 Gerätetreiber-Paketinstallation: Hewlett-Packard USB-Controller 17-01-2014 19:08:19 Installed Java 7 Update 51 18-01-2014 09:16:59 Windows Update 19-01-2014 11:59:22 Geplanter Prüfpunkt 21-01-2014 17:10:44 Installed PDF Split And Merge Basic 30-01-2014 06:04:45 Windows Update 30-01-2014 17:55:29 OpenOffice 4.0.1 wird installiert 31-01-2014 08:20:01 Geplanter Prüfpunkt 03-02-2014 18:37:40 Geplanter Prüfpunkt 04-02-2014 13:41:09 Geplanter Prüfpunkt 12-02-2014 10:16:14 Windows Update 17-02-2014 19:36:13 Uniblue SpeedUpMyPC installation 19-02-2014 21:35:07 Wiederherstellungsvorgang 20-02-2014 18:15:55 Windows Update 23-02-2014 21:02:03 Removed Ask Toolbar. 23-02-2014 21:37:33 Windows Update 25-02-2014 17:43:41 Installed HP Smart Print 2.6 ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2C114D4C-2842-47DB-AB5A-A1FE75B98C18} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3855BA1A-918D-423C-80DF-4D0829E58744} - System32\Tasks\HP AR Program Upload - 13dbbf79990d408bb0e6d5332c5cf5f455671535982341cbb5f496956aafcb96 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3E9BB38D-A227-4E12-A466-C50EDFAC788B} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {59BE70FD-4732-4A83-BF8B-0558099C9FFD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gabriele => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {5CD57C23-1E5F-40A3-BF10-A7086825B64A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated) Task: {7A935A20-97AB-4373-ADB0-C22A5F21CDE9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {DE3478E4-EFEF-444B-AC83-152C0F273667} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F56DFD22-4840-45F1-8963-EE5FC754210C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.) Task: {FA21E3B3-DF6C-4807-9459-CF1487BA7117} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.) Task: {FC335229-B4D4-4F24-8E91-7C1FAD265B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-11-05 07:47 - 2008-08-05 13:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE 2008-11-05 07:47 - 2008-08-05 13:16 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll 2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2008-11-05 16:21 - 2008-05-04 09:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2012-12-17 10:10 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-04-06 18:50 - 2011-01-13 19:39 - 00783680 _____ () C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe 2011-04-06 18:50 - 2011-01-13 19:37 - 00128320 _____ () C:\Program Files\Dell DataSafe Local Backup\STLog.dll 2011-04-06 18:50 - 2011-01-13 19:36 - 01123648 _____ () C:\Program Files\Dell DataSafe Local Backup\LibXml2.dll 2011-04-06 18:50 - 2011-01-13 19:37 - 00079168 _____ () C:\Program Files\Dell DataSafe Local Backup\zlib1.dll 2011-04-06 18:50 - 2011-01-13 19:37 - 00234816 _____ () C:\Program Files\Dell DataSafe Local Backup\STFiles.dll 2011-04-06 18:50 - 2011-01-13 19:37 - 00075072 _____ () C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll 2011-04-06 18:50 - 2011-01-13 19:37 - 00111936 _____ () C:\Program Files\Dell DataSafe Local Backup\STPE.dll 2011-04-06 18:50 - 2011-01-13 19:37 - 00121152 _____ () C:\Program Files\Dell DataSafe Local Backup\STNLS.dll 2008-08-15 22:00 - 2008-08-15 22:00 - 01657168 _____ () C:\Program Files\Dell Video Chat\QtCore4.dll 2008-08-15 22:00 - 2008-08-15 22:00 - 06510416 _____ () C:\Program Files\Dell Video Chat\QtGui4.dll 2008-08-15 22:00 - 2008-08-15 22:00 - 00026960 _____ () C:\Program Files\Dell Video Chat\SDL.dll 2008-08-15 22:00 - 2008-08-15 22:00 - 00366928 _____ () C:\Program Files\Dell Video Chat\QtNetwork4.dll 2008-08-15 22:00 - 2008-08-15 22:00 - 00396112 _____ () C:\Program Files\Dell Video Chat\QtOpenGL4.dll 2009-11-02 19:57 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll 2009-09-19 18:38 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll 2009-11-02 19:57 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll 2009-11-02 19:57 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll 2014-02-26 20:26 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 08:08:01 PM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (02/26/2014 08:06:12 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/26/2014 08:05:31 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1694 Anfangszeit: 01cf33238c4c8915 Zeitpunkt der Beendigung: 12 Error: (02/26/2014 07:49:39 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 11fc Anfangszeit: 01cf33205068fda5 Zeitpunkt der Beendigung: 49 Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 05:39:32 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 05:06:22 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors: ============= Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: AFD avipbb avkmgr DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv Tcpip tdx Wanarpv6 ws2ifsl Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: TCP/IP Registry CompatibilityTCP/IP-Protokolltreiber%%31 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: NLA (Network Location Awareness)TCP/IP-Protokolltreiber%%31 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068 Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Bonjour"TCP/IP-Protokolltreiber%%31 Microsoft Office Sessions: ========================= Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 08:08:01 PM) (Source: EventSystem)(User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (02/26/2014 08:06:12 PM) (Source: EventSystem)(User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/26/2014 08:05:31 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.1169401cf33238c4c891512 Error: (02/26/2014 07:49:39 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.111fc01cf33205068fda549 Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 05:39:32 PM) (Source: EventSystem)(User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2014 05:06:22 PM) (Source: EventSystem)(User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} CodeIntegrity Errors: =================================== Date: 2010-11-01 10:14:19.702 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:19.560 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:19.415 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:19.216 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:06.417 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:06.271 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:06.130 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-11-01 10:14:05.960 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-10-08 17:59:50.724 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2010-10-08 17:59:50.601 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 3069.24 MB Available physical RAM: 1630.52 MB Total Pagefile: 6358.76 MB Available Pagefile: 4677.07 MB Total Virtual: 2047.88 MB Available Virtual: 1892.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:287.92 GB) (Free:172.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 08000000) Partition 1: (Not Active) - (Size=173 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-02-26 21:13:15 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\Gabriele\AppData\Local\Temp\pwlyrkob.sys ---- System - GMER 2.1 ---- SSDT 8CEB199E ZwCreateSection SSDT 8CEB19A8 ZwRequestWaitReplyPort SSDT 8CEB19A3 ZwSetContextThread SSDT 8CEB19AD ZwSetSecurityObject SSDT 8CEB19B2 ZwSystemDebugControl SSDT 8CEB193F ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 826E4860 4 Bytes [9E, 19, EB, 8C] .text ntkrnlpa.exe!KeSetEvent + 539 826E4B84 4 Bytes [A8, 19, EB, 8C] {TEST AL, 0x19; JMP 0xffffff90} .text ntkrnlpa.exe!KeSetEvent + 56D 826E4BB8 4 Bytes [A3, 19, EB, 8C] .text ntkrnlpa.exe!KeSetEvent + 5D1 826E4C1C 4 Bytes [AD, 19, EB, 8C] .text ntkrnlpa.exe!KeSetEvent + 619 826E4C64 4 Bytes [B2, 19, EB, 8C] {MOV DL, 0x19; JMP 0xffffff90} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E00D000, 0x1FB0FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[176] ntdll.dll!LdrLoadDll 77589378 5 Bytes JMP 748C1FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!HeapSetInformation + 26 7600A8B0 7 Bytes JMP 5C095A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!LockResource + C 76026ACB 7 Bytes JMP 5C48049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!VirtualAllocEx + 54 7602AF50 7 Bytes JMP 5C480455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 256 76F3745C 2 Bytes JMP 5C4804C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 259 76F3745F 4 Bytes [54, E5, EB, F9] {PUSH ESP; IN EAX, 0xeb; STC } ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- Gruß Hasenfuß |
Themen zu Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam |
antivir, awesomehp, awesomehp entfernen, bonjour, branding, error, google, hängen, ip-hilfsdienst, lightning, ntdll.dll, programm, pup.optional.iepluginservice.a, pup.optional.regcleanerpro.a, pup.optional.searchprotect.a, pup.optional.wpmanager.a, security, svchost.exe, win32/webprefix.b, windows |