| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/BProtector.Gen2, danach fliegende UFO'sWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.03.2014, 23:43
| #9 |
 |  TR/BProtector.Gen2, danach fliegende UFO's Hallo, nicht böse sein, finde auch unter Verlauf, Anwendungsprotokolle nicht die Log Dateien. Ich weiß leider noch nicht mal wo der Verlauf ist.  Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 21:37:46
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Monika - MONIKA-PC
# Gestartet von : C:\Users\Monika\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Websteroids
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Monika\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Monika\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Monika\AppData\Roaming\Babylon
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\invalidprefs.js
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\user.js
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\853888ce03fea17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "cefed36f000000000000000000000000");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15887");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.523:09:18");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119556&tsp=4930");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=077E4031-5A5E-447F-A881-A701BF803AB9&n=77fce259&p2=^AW7^xdm013^YY^de&si=11417");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2013061721");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xdm013^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "11417");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.toolbarId", "077E4031-5A5E-447F-A881-A701BF803AB9");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1371497883974");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "safepcrepair@mindspark.com");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
*************************
AdwCleaner[R0].txt - [11932 octets] - [26/03/2014 21:32:15]
AdwCleaner[S0].txt - [11373 octets] - [26/03/2014 21:37:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11434 octets] ##########
FRST Logfile:
FRST Logfile:
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Monika (administrator) on MONIKA-PC on 26-03-2014 22:24:32 Running from C:\Users\Monika\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (SoftPerfect Research) C:\Program Files\NetWorx\networx.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\windows\System32\WScript.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4874960 2013-09-17] (SoftPerfect Research) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: I - I:\AutoRun.exe HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a57c-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a5b8-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060dc2-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060de8-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {15eb48f9-d613-11e2-8448-902b3478eb45} - I:\AutoRun.exe HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {86d27dc9-b950-11e2-b48e-902b3478eb45} - I:\AutoRun.exe HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80083-b359-11e2-8985-902b3478eb45} - I:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80093-b359-11e2-8985-902b3478eb45} - I:\AutoRun.exe Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {FDEF202F-835B-422A-9925-F59454AF7241} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{67A130DC-DFB0-41CA-A0E7-26C7A30671EB}: [NameServer]212.23.115.84 212.23.115.148 FireFox: ======== FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03] ==================== Services (Whitelisted) ================= R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-05-26] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.) R3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.) S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-02] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys [85504 2013-05-02] (Huawei Technologies Co., Ltd.) R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-05-02] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com) S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider) S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] () S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] () S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe 2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt 2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe 2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT 2014-03-26 21:29 - 2014-03-26 21:37 - 00000000 ____D () C:\AdwCleaner 2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe 2014-03-26 16:15 - 2014-03-26 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 16:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-26 16:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-03-26 16:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-26 16:10 - 2014-03-26 16:11 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt 2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt 2014-03-25 14:24 - 2014-03-26 22:24 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt 2014-03-25 14:24 - 2014-03-25 16:03 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt 2014-03-25 14:23 - 2014-03-26 22:24 - 00000000 ____D () C:\FRST 2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk 2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe 2014-03-24 17:09 - 2014-03-26 21:39 - 00026562 _____ () C:\windows\PFRO.log 2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail 2014-03-24 08:46 - 2014-03-26 21:40 - 00000336 _____ () C:\windows\setupact.log 2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log 2014-03-23 13:24 - 2014-03-26 20:54 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype 2014-03-23 13:24 - 2014-03-23 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype 2014-03-23 13:21 - 2014-03-23 13:22 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe 2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax 2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll 2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3) 2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner 2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2) 2014-03-13 12:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-13 12:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-13 12:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-13 12:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-13 12:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-13 12:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-13 12:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-13 12:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-13 12:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-13 12:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-13 12:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-13 12:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-13 12:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-13 12:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-13 12:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-13 12:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-13 12:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-13 12:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-13 12:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-13 12:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-13 12:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-13 12:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-13 12:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-13 12:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-13 12:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-13 12:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-13 12:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-13 12:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-13 12:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-13 12:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-13 12:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-13 12:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-13 12:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-13 12:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-13 12:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-13 12:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-13 12:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-13 12:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-13 12:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-13 12:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-13 12:54 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-13 12:54 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-03-13 12:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2014-03-13 12:54 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-03-13 12:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-03-13 12:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-13 12:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-03-13 12:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-02-27 00:25 - 2014-02-27 23:41 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI ==================== One Month Modified Files and Folders ======= 2014-03-26 22:24 - 2014-03-25 14:24 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt 2014-03-26 22:24 - 2014-03-25 14:23 - 00000000 ____D () C:\FRST 2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe 2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt 2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe 2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT 2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-26 21:44 - 2014-01-14 10:21 - 01901848 _____ () C:\windows\WindowsUpdate.log 2014-03-26 21:44 - 2011-04-12 08:43 - 00699432 _____ () C:\windows\system32\perfh007.dat 2014-03-26 21:44 - 2011-04-12 08:43 - 00149572 _____ () C:\windows\system32\perfc007.dat 2014-03-26 21:44 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-26 21:41 - 2014-03-26 16:15 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 21:40 - 2014-03-24 08:46 - 00000336 _____ () C:\windows\setupact.log 2014-03-26 21:40 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-26 21:39 - 2014-03-24 17:09 - 00026562 _____ () C:\windows\PFRO.log 2014-03-26 21:37 - 2014-03-26 21:29 - 00000000 ____D () C:\AdwCleaner 2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe 2014-03-26 20:54 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype 2014-03-26 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\TAPI 2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 16:11 - 2014-03-26 16:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 12:29 - 2013-04-22 17:36 - 00000000 ____D () C:\Users\Monika 2014-03-26 12:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration 2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt 2014-03-25 16:03 - 2014-03-25 14:24 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt 2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt 2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk 2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe 2014-03-24 15:39 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\ALDITALKVerbindungsassistent 2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail 2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log 2014-03-23 13:25 - 2014-03-23 13:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype 2014-03-23 13:22 - 2014-03-23 13:21 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe 2014-03-23 11:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax 2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll 2014-03-20 00:48 - 2013-08-07 23:53 - 00000000 ____D () C:\windows\system32\MRT 2014-03-20 00:47 - 2012-09-17 09:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3) 2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner 2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2) 2014-03-05 09:26 - 2014-03-26 16:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-26 16:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-26 16:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-01 07:05 - 2014-03-13 12:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-13 12:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-13 12:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-13 12:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-13 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-13 12:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-13 12:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-13 12:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-13 12:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-13 12:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-13 12:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-13 12:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-13 12:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-13 12:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-13 12:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-13 12:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-13 12:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-13 12:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 12:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-13 12:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 12:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-13 12:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-13 12:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-13 12:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-13 12:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-13 12:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-13 12:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-13 12:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-13 12:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-13 12:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-13 12:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 12:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 12:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-13 12:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-13 12:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-13 12:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-13 12:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-13 12:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-27 23:41 - 2014-02-27 00:25 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI Files to move or delete: ==================== C:\ProgramData\winiml.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 00:34 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Monika at 2014-03-26 22:24:45
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
IM Lock (HKLM-x32\...\IMLock) (Version: - Comvigo, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NetWorx 5.2.10 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.71 - Creative Island Media, LLC) <==== ATTENTION
Windows 7 Games deluxe 1 (HKLM-x32\...\Windows 7 Games deluxe) (Version: 1 - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {6250116A-FA32-45F6-B896-B06167FDC556} - \Scheduled Update for Ask Toolbar No Task File
Task: {78855E1D-611E-4DF5-93E2-85C5B5976C6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CE24EA7A-3EE6-457B-B7B0-916F26B2E5E2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
==================== Loaded Modules (whitelisted) =============
2013-05-02 20:01 - 2013-05-26 16:47 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-14 10:04 - 2013-07-19 14:20 - 00687616 _____ () C:\Program Files\NetWorx\sqlite.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-05-02 20:01 - 2013-05-26 16:47 - 01780280 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
2013-06-17 22:34 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00102400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00106496 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00090112 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00196608 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00086016 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00012288 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00073728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00569344 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00139264 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00204800 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll
2013-05-02 20:01 - 2007-02-27 18:44 - 00823296 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00126976 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 01097728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\NDISAPI.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00614400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00303104 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll
2014-02-14 14:51 - 2014-02-14 14:51 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2f069b57965f456c3c25fb82419a363d\IsdiInterop.ni.dll
2012-09-17 09:06 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-18 13:26 - 2014-02-18 13:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-02 20:01 - 2013-07-02 20:01 - 16033160 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3981.28 MB
Available physical RAM: 2343.71 MB
Total Pagefile: 7960.74 MB
Available Pagefile: 6015.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:455.66 GB) (Free:415.76 GB) NTFS
Drive i: (Mobile Partner) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1ADCEB2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)
==================== End Of Log ============================
|
| Themen zu TR/BProtector.Gen2, danach fliegende UFO's |
| avira, bilder, chip.de, datei, einfach, entfernen, erneut, freundin, gen, hallo zusammen, installation, kleine, klicke, löscht, maus, neue, neuen, nichts, programm, quarantäne, revo uninstaller, seite, systemsteuerung, tab, tr/bprotector.gen2, trojaner, unerwünschtes programm, untertassen, virus, öffnen |
Baum-Darstellung