Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner, DOS Fenster schliesst automatisch bei netstat -a

Trojaner, DOS Fenster schliesst automatisch bei netstat -a


Plagegeister aller Art und deren Bekämpfung: Trojaner, DOS Fenster schliesst automatisch bei netstat -a

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.04.2014, 09:39   #1
Rickywicky
 
Trojaner, DOS Fenster schliesst automatisch bei netstat -a - Unglücklich

Trojaner, DOS Fenster schliesst automatisch bei netstat -a


Tachchen,

Also genau weiss ich nicht ob ich nen Virus habe, habe seit einigen Wochen ne 50.000der Leitung aber auf allen meinen Geräten läuft alles sehr sehr langsam, mein Netzwerk ist verschlüsselt. Habe mir verschiedene Seit bei Google durchforstet was es sein kann uns stoss auf hxxp://www.gaijin.at/mantrojan.php , im Normalfall sollte es ja so aussehen:

Ausgabe des Netstat-Befehls im "Normalfall"
C:\WINDOWS>netstat -a

Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
UDP localhost:microsoft-ds *:*
UDP localhost:ntp *:*
...

Bei mir sieht es so aus, und bevor es bis zum Ende läuft schliesst sich das DOS Fenster von selber:

Proto Dirección local Dirección remota Estado
TCP 0.0.0.0:135 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:445 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:554 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:1110 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:2869 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:5357 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:10243 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:11001 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:11002 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:12321 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:49152 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:49153 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:49154 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:49156 alexandra-iulia:0 LISTENING
TCP 0.0.0.0:49158 alexandra-iulia:0 LISTENING
TCP 127.0.0.1:2559 alexandra-iulia:0 LISTENING
TCP 192.168.178.25:139 alexandra-iulia:0 LISTENING
TCP 192.168.178.25:49228 157.55.236.101:https ESTABLISHED
TCP 192.168.178.25:49230 62.156.238.87:http ESTABLISHED
TCP 192.168.178.25:49231 62.156.238.87:http ESTABLISHED
TCP 192.168.178.25:49232 62.156.238.57:http ESTABLISHED
TCP 192.168.178.25:49233 62.156.238.57:http ESTABLISHED
...

Habe Windows 8, Kaspersky Pure 3.0 und ein Trojaner Entferner, hat alles nichts geklappt und die Anleitungen einen Trojaner selber zu löschen find ich ziemlich schwer

Vieleicht kann mir ja jemand helfen.

Alt 01.04.2014, 10:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner, DOS Fenster schliesst automatisch bei netstat -a - Standard

Trojaner, DOS Fenster schliesst automatisch bei netstat -a


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 01.04.2014, 11:18   #3
Rickywicky
 
Trojaner, DOS Fenster schliesst automatisch bei netstat -a - Standard

Trojaner, DOS Fenster schliesst automatisch bei netstat -a


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Alexandra (administrator) on ALEXANDRA-IULIA on 01-04-2014 11:52:44
Running from C:\Users\Alexandra\Downloads
Windows 8 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LManager] - [X]
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-13] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1661856 2014-04-01] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-196469193-554630403-456293167-1002\...\Run: [Facebook Update] - "C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-196469193-554630403-456293167-1002\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-196469193-554630403-456293167-1002\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-196469193-554630403-456293167-1002\...\MountPoints2: {308de03e-4e57-11e3-be83-20898466db54} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-196469193-554630403-456293167-1002\...\MountPoints2: {308de091-4e57-11e3-be83-20898466db54} - "F:\.\Setup.exe" AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0FtB0E0C0B0C0F0EtD0FzytN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=497127118&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0FtB0E0C0B0C0F0EtD0FzytN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=497127118&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0FtB0E0C0B0C0F0EtD0FzytN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=497127118&ir=
SearchScopes: HKLM - DefaultScope {5A335A3F-ADEB-44B2-AA4C-0FA2F32E97D2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {5A335A3F-ADEB-44B2-AA4C-0FA2F32E97D2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 - DefaultScope {5A335A3F-ADEB-44B2-AA4C-0FA2F32E97D2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {5A335A3F-ADEB-44B2-AA4C-0FA2F32E97D2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {B1779A69-5C99-4028-A7F3-AAFBF878BC3A} URL = hxxp://es.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {5A335A3F-ADEB-44B2-AA4C-0FA2F32E97D2} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {B1779A69-5C99-4028-A7F3-AAFBF878BC3A} URL = hxxp://es.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {C0FEF210-065C-4C17-8EAC-92AFD4CA8F77} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0FtB0E0C0B0C0F0EtD0FzytN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=497127118&ir=
BHO: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.es/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-30]
CHR Extension: (Google Drive) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-30]
CHR Extension: (YouTube) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-30]
CHR Extension: (Búsqueda de Google) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-30]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-31]
CHR Extension: (AdBlock) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-09]
CHR Extension: (Safe Money) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-31]
CHR Extension: (Content Blocker) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-31]
CHR Extension: (Virtual Keyboard) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-31]
CHR Extension: (Cath Kidston) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2013-08-30]
CHR Extension: (Google Wallet) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-30]
CHR Extension: (Anti-Banner) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-31]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ALEXAN~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-06]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ALEXAN~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ALEXAN~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-11-20] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2650696 2013-07-10] (Acer Incorporated)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-27] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-13] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-13] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2013-11-20] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [28504 2013-11-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-13] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 11:52 - 2014-04-01 11:52 - 02157056 _____ (Farbar) C:\Users\Alexandra\Downloads\FRST64.exe
2014-04-01 11:52 - 2014-04-01 11:52 - 00019890 _____ () C:\Users\Alexandra\Downloads\FRST.txt
2014-04-01 11:52 - 2014-04-01 11:52 - 00000000 ____D () C:\FRST
2014-04-01 10:35 - 2014-04-01 10:35 - 00000116 ____H () C:\Users\Alexandra\Desktop\.~lock.Nuevo documento de texto (2).txt#
2014-04-01 10:13 - 2014-04-01 10:24 - 00002095 _____ () C:\Users\Alexandra\Desktop\Nuevo documento de texto (2).txt
2014-04-01 10:00 - 2014-04-01 10:00 - 00321600 _____ () C:\Windows\Minidump\040114-50875-01.dmp
2014-04-01 10:00 - 2014-04-01 10:00 - 00307608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 09:56 - 2014-04-01 09:56 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-01 09:55 - 2014-04-01 09:55 - 00001131 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Users\Alexandra\Documents\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-04-01 09:54 - 2014-04-01 09:54 - 21407864 _____ (Simply Super Software ) C:\Users\Alexandra\Downloads\trjsetup690.exe
2014-04-01 08:41 - 2014-04-01 09:05 - 00000000 ____D () C:\Users\Alexandra\Desktop\Philipp
2014-03-31 21:31 - 2014-03-31 21:31 - 00002216 _____ () C:\Users\Alexandra\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-31 21:31 - 2014-03-31 21:31 - 00001255 _____ () C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-03-31 21:30 - 2014-03-31 21:30 - 00001082 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-03-31 21:30 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-03-31 21:29 - 2012-12-10 15:14 - 00098064 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-03-31 21:29 - 2012-12-10 15:14 - 00067344 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-03-31 21:28 - 2014-04-01 10:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-31 21:28 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-31 21:28 - 2013-11-11 19:13 - 00625760 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-31 21:28 - 2013-11-11 19:13 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-31 21:19 - 2014-03-31 21:27 - 194045080 _____ (Kaspersky Lab) C:\Users\Alexandra\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-03-31 21:18 - 2014-03-31 21:19 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-31 21:17 - 2014-03-31 21:18 - 13922034 _____ (Kaspersky Lab) C:\Users\Alexandra\Downloads\Sin confirmar 187479.crdownload
2014-03-31 21:15 - 2014-03-31 21:15 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexandra\Downloads\avira_de_av___ws.exe
2014-03-29 00:14 - 2014-03-29 00:14 - 00000000 ____D () C:\Users\Alexandra\Documents\clear.fi
2014-03-27 14:09 - 2014-03-27 14:09 - 00423873 _____ () C:\Users\Alexandra\Downloads\Documentos.zip
2014-03-21 15:49 - 2014-03-21 15:49 - 00061176 _____ () C:\Users\Alexandra\Downloads\Alexandra Julia Szekely  - Ihr Aufnahmeantrag in die pronova BKK.zip
2014-03-17 00:26 - 2014-03-17 00:31 - 00000000 ____D () C:\Users\Alexandra\Desktop\leipzig
2014-03-12 17:44 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:44 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:44 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 17:44 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 17:44 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:44 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:44 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:44 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:44 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:44 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 17:44 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 17:44 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 17:44 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 17:44 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:44 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 17:44 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 17:44 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:44 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:44 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 17:44 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 17:44 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 17:44 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 17:44 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 17:44 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 17:44 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-09 14:13 - 2014-03-09 14:40 - 00000000 ____D () C:\Users\Alexandra\Desktop\berliiin 08-03-2014
2014-03-06 18:05 - 2014-03-06 18:05 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\mp3DirectCut
2014-03-06 18:04 - 2014-03-06 18:04 - 00001055 _____ () C:\Users\Alexandra\Desktop\mp3DirectCut.lnk
2014-03-06 18:04 - 2014-03-06 18:04 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-03-02 22:10 - 2014-03-25 12:01 - 00009216 ____H () C:\Users\Alexandra\Documents\photothumb.db

==================== One Month Modified Files and Folders =======

2014-04-01 11:52 - 2014-04-01 11:52 - 02157056 _____ (Farbar) C:\Users\Alexandra\Downloads\FRST64.exe
2014-04-01 11:52 - 2014-04-01 11:52 - 00019890 _____ () C:\Users\Alexandra\Downloads\FRST.txt
2014-04-01 11:52 - 2014-04-01 11:52 - 00000000 ____D () C:\FRST
2014-04-01 11:51 - 2013-03-14 05:36 - 00799280 _____ () C:\Windows\system32\perfh00A.dat
2014-04-01 11:51 - 2013-03-14 05:36 - 00163056 _____ () C:\Windows\system32\perfc00A.dat
2014-04-01 11:51 - 2012-07-26 09:28 - 01798556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-01 10:58 - 2013-08-30 12:37 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 10:35 - 2014-04-01 10:35 - 00000116 ____H () C:\Users\Alexandra\Desktop\.~lock.Nuevo documento de texto (2).txt#
2014-04-01 10:26 - 2014-03-31 21:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-01 10:24 - 2014-04-01 10:13 - 00002095 _____ () C:\Users\Alexandra\Desktop\Nuevo documento de texto (2).txt
2014-04-01 10:19 - 2013-08-28 02:44 - 01874176 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 10:08 - 2013-08-30 12:37 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 10:08 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 10:07 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-04-01 10:00 - 2014-04-01 10:00 - 00321600 _____ () C:\Windows\Minidump\040114-50875-01.dmp
2014-04-01 10:00 - 2014-04-01 10:00 - 00307608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 10:00 - 2014-02-02 17:57 - 645080823 _____ () C:\Windows\MEMORY.DMP
2014-04-01 10:00 - 2014-02-02 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-01 10:00 - 2013-11-10 12:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-01 10:00 - 2012-11-23 07:52 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-01 10:00 - 2012-11-23 07:21 - 00090484 _____ () C:\Windows\PFRO.log
2014-04-01 09:56 - 2014-04-01 09:56 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-01 09:56 - 2014-01-06 23:46 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\newnext.me
2014-04-01 09:55 - 2014-04-01 09:55 - 00001131 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Users\Alexandra\Documents\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-01 09:55 - 2014-04-01 09:55 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-04-01 09:54 - 2014-04-01 09:54 - 21407864 _____ (Simply Super Software ) C:\Users\Alexandra\Downloads\trjsetup690.exe
2014-04-01 09:05 - 2014-04-01 08:41 - 00000000 ____D () C:\Users\Alexandra\Desktop\Philipp
2014-04-01 09:04 - 2013-09-17 08:36 - 00000976 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002UA.job
2014-04-01 08:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-01 00:04 - 2013-09-17 08:36 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002Core.job
2014-03-31 21:31 - 2014-03-31 21:31 - 00002216 _____ () C:\Users\Alexandra\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-31 21:31 - 2014-03-31 21:31 - 00001255 _____ () C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-03-31 21:30 - 2014-03-31 21:30 - 00001082 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-03-31 21:30 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-31 21:28 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-31 21:28 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-31 21:27 - 2014-03-31 21:19 - 194045080 _____ (Kaspersky Lab) C:\Users\Alexandra\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-03-31 21:19 - 2014-03-31 21:18 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-31 21:18 - 2014-03-31 21:17 - 13922034 _____ (Kaspersky Lab) C:\Users\Alexandra\Downloads\Sin confirmar 187479.crdownload
2014-03-31 21:18 - 2013-11-10 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-31 21:18 - 2012-11-23 07:52 - 00000000 ____D () C:\Program Files\mcafee
2014-03-31 21:15 - 2014-03-31 21:15 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexandra\Downloads\avira_de_av___ws.exe
2014-03-31 10:05 - 2013-08-31 13:19 - 03676160 ___SH () C:\Users\Alexandra\Downloads\Thumbs.db
2014-03-29 00:14 - 2014-03-29 00:14 - 00000000 ____D () C:\Users\Alexandra\Documents\clear.fi
2014-03-27 14:09 - 2014-03-27 14:09 - 00423873 _____ () C:\Users\Alexandra\Downloads\Documentos.zip
2014-03-27 13:00 - 2012-11-23 07:49 - 00002430 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-03-27 13:00 - 2012-11-23 07:49 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-03-25 13:20 - 2013-08-27 21:22 - 01569280 ___SH () C:\Users\Alexandra\Desktop\Thumbs.db
2014-03-25 12:08 - 2013-12-10 22:43 - 00063488 ____H () C:\Users\Alexandra\Desktop\photothumb.db
2014-03-25 12:08 - 2013-11-08 14:30 - 00000000 ___HD () C:\Users\Alexandra\Desktop\.picasaoriginals
2014-03-25 12:01 - 2014-03-02 22:10 - 00009216 ____H () C:\Users\Alexandra\Documents\photothumb.db
2014-03-21 15:49 - 2014-03-21 15:49 - 00061176 _____ () C:\Users\Alexandra\Downloads\Alexandra Julia Szekely  - Ihr Aufnahmeantrag in die pronova BKK.zip
2014-03-19 23:36 - 2014-02-18 00:43 - 00029696 ___SH () C:\Users\Alexandra\Documents\Thumbs.db
2014-03-19 12:33 - 2013-09-01 14:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 12:32 - 2013-09-01 14:49 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 00:31 - 2014-03-17 00:26 - 00000000 ____D () C:\Users\Alexandra\Desktop\leipzig
2014-03-16 16:33 - 2013-08-28 02:45 - 00000000 ___RD () C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:33 - 2013-08-28 02:45 - 00000000 ___RD () C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 00:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-15 23:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-15 23:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 23:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 23:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 23:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 14:00 - 2013-08-30 17:04 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-11 20:49 - 2013-10-11 13:53 - 00000000 ___RD () C:\Users\Alexandra\Desktop\Documentos y CV
2014-03-09 14:40 - 2014-03-09 14:13 - 00000000 ____D () C:\Users\Alexandra\Desktop\berliiin 08-03-2014
2014-03-06 18:05 - 2014-03-06 18:05 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\mp3DirectCut
2014-03-06 18:04 - 2014-03-06 18:04 - 00001055 _____ () C:\Users\Alexandra\Desktop\mp3DirectCut.lnk
2014-03-06 18:04 - 2014-03-06 18:04 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-03-06 17:14 - 2012-07-26 09:21 - 00054984 _____ () C:\Windows\setupact.log
2014-03-05 00:52 - 2013-11-16 02:39 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2013-11-16 02:39 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 18:59 - 2013-08-28 02:51 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-196469193-554630403-456293167-1002
2014-03-04 18:26 - 2013-09-19 09:39 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 14:52

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Alexandra at 2014-04-01 12:16:16
Running from C:\Users\Alexandra\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3006.4 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3013 - Acer Incorporated)
Actualización de NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Canales de juegos (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 7.1.0.17 - WildTangent, Inc.)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dziobas Rar Player 0.009.52 (HKLM-x32\...\Dziobas Rar Player_is1) (Version:  - Kamil Dzióbek)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MultiTranse 6.3 (HKLM-x32\...\MultiTranse_is1) (Version:  - Tialsoft software)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
NVIDIA Controlador de gráficos 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA Software del sistema PhysX 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Panel de control de NVIDIA 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Trojan Remover 6.9.1.2929 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

12-03-2014 13:49:51 Punto de control programado
19-03-2014 10:31:00 Windows Update
28-03-2014 13:12:27 Punto de control programado

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-11-12 09:41 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2BCAA86D-4E13-4B08-A18B-A6BD656CBA9A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {3D8F8775-2AF5-4697-861A-6A8AB5223DDF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002Core => C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {50122B58-1656-43B5-B103-9616784B31EB} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated)
Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {5C187025-1E1E-4F91-9349-E0E83B4B9C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {6AACCD39-DFA9-4B36-AE40-2F41D0BF9992} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {991E44CF-D4AB-45CC-944B-A605E402AB3D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A0AA94C6-A0AC-4C1C-A375-0A342B06DDA6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002UA => C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC9ACE78-1F08-467D-9C3D-FFAAA1541A9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB0A9C5D-6E5B-4E4C-930F-20A42B41FBEE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002Core.job => C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-196469193-554630403-456293167-1002UA.job => C:\Users\Alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-20 13:58 - 2013-11-20 13:59 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-01-21 22:37 - 2014-01-21 22:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-23 07:14 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-20 13:58 - 2013-11-20 13:59 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-09-23 14:54 - 2013-05-24 19:06 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2013-03-13 21:01 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 14:00 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:40005364
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 03:02:17 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (04/01/2014 03:02:17 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (04/01/2014 03:02:17 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.

Error: (03/31/2014 01:20:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (03/31/2014 09:57:58 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (03/31/2014 09:44:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: alexandra-iulia)
Description: La aplicación Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic no se inició dentro del tiempo asignado.

Error: (03/28/2014 02:56:06 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "asmv2:clrClassInvocation1". Error en el archivo de manifiesto o directiva "asmv2:clrClassInvocation2" en la línea asmv2:clrClassInvocation3.
El elemento asmv2:clrClassInvocation aparece como un secundario del elemento urn:schemas-microsoft-com:asm.v1^entryPoint que no se admite en esta versión de Windows.


System errors:
=============
Error: (04/01/2014 10:00:53 AM) (Source: BugCheck) (User: )
Description: 0x000000ef (0xfffffa8007ed2040, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP040114-50875-01

Error: (04/01/2014 10:00:43 AM) (Source: EventLog) (User: )
Description: El cierre anterior del sistema a las 9:38:08 del ‎01/‎04/‎2014 resultó inesperado.

Error: (03/27/2014 00:37:32 PM) (Source: NetBT) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.178.25.
El equipo la con dirección IP 192.168.178.1 no admite el nombre reclamado por este equipo.

Error: (03/25/2014 11:56:43 PM) (Source: NetBT) (User: )
Description: Se detectó un nombre duplicado en la red TCP. La dirección IP del
equipo que envió el mensaje está en los datos. Use nbtstat -n en 
una ventana de comandos para ver el nombre que está en conflicto.

Error: (03/25/2014 11:51:30 PM) (Source: NetBT) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.178.25.
El equipo la con dirección IP 192.168.178.1 no admite el nombre reclamado por este equipo.

Error: (03/24/2014 05:41:15 PM) (Source: NetBT) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.178.25.
El equipo la con dirección IP 192.168.178.1 no admite el nombre reclamado por este equipo.

Error: (03/21/2014 05:25:26 PM) (Source: bowser) (User: )
Description: El explorador maestro recibió una notificación del equipo FRITZ-NAS
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{AB7890C1-59D1-4A53-B374-AAB641D99D91}.
El explorador maestro está detenido o se está forzando una elección.

Error: (03/05/2014 10:48:32 PM) (Source: NetBT) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.178.25.
El equipo la con dirección IP 192.168.178.1 no admite el nombre reclamado por este equipo.

Error: (03/05/2014 10:43:20 PM) (Source: NetBT) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.178.25.
El equipo la con dirección IP 192.168.178.1 no admite el nombre reclamado por este equipo.

Error: (03/05/2014 04:38:44 PM) (Source: NetBT) (User: )
Description: Se detectó un nombre duplicado en la red TCP. La dirección IP del
equipo que envió el mensaje está en los datos. Use nbtstat -n en 
una ventana de comandos para ver el nombre que está en conflicto.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 03:02:17 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (04/01/2014 03:02:17 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (04/01/2014 03:02:17 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (04/01/2014 03:01:45 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (03/31/2014 01:20:51 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (03/31/2014 09:57:58 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (03/31/2014 09:44:52 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: alexandra-iulia)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic

Error: (03/28/2014 02:56:06 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3911.27 MB
Available physical RAM: 2242.86 MB
Total Pagefile: 9031.27 MB
Available Pagefile: 7015.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:380.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9F678496)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---
__________________
Alt 02.04.2014, 08:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner, DOS Fenster schliesst automatisch bei netstat -a - Standard

Trojaner, DOS Fenster schliesst automatisch bei netstat -a


hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner, DOS Fenster schliesst automatisch bei netstat -a
127.0.0.1, adresse, alexa, automatisch, dos, dos fenster, dos fenter, fenster, google, kaspersky, langsam, liste, localhost, lokale, löschen, netstat, netzwerk, nichts, schwer, tcp, trojaner, udp, verschiedene, virus, windows, woche, wochen


« Windows MS13-052 Security Update - HILFE! :( | windows vista aktives fenster minimier sich selbstständig »


Ähnliche Themen: Trojaner, DOS Fenster schliesst automatisch bei netstat -a


  1. Meine fenster schliessen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (1)
  2. Alle Fenster minimieren sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 20.06.2015 (35)
  3. Chrome öffnet Ads Fenster automatisch
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (26)
  4. IE öffnet automatisch Fenster im Firefox
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (23)
  5. Fenster öffnet sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (1)
  6. Fenster werden automatisch inaktiv
    Alles rund um Windows - 02.03.2013 (2)
  7. Fenster werden automatisch inaktiv
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (18)
  8. Unbekanntes Fenster öffnet und schliesst sich sofort wieder!Virus?Bitte Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (50)
  9. Fenster werden automatisch inaktiv
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (23)
  10. Fenster schließen automatisch
    Log-Analyse und Auswertung - 14.09.2011 (1)
  11. Trojaner TR/PCK: Firefox öffnet automatisch neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (5)
  12. Fenster schließen sich automatisch
    Log-Analyse und Auswertung - 18.11.2009 (20)
  13. Explorer Fenster öffnen sich automatisch ...Trojaner oder virus..was kann ich tun?
    Log-Analyse und Auswertung - 12.09.2009 (1)
  14. Fenster öffnen sich automatisch im IE
    Log-Analyse und Auswertung - 21.02.2008 (4)
  15. IE-Fenster öffnet sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 20.07.2006 (8)
  16. Fenster schliessen sich Automatisch
    Plagegeister aller Art und deren Bekämpfung - 30.12.2005 (7)
  17. Dailer, Trojaner, automatisch öffnende Fenster trotz Norton - HILFE
    Log-Analyse und Auswertung - 17.12.2004 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner, DOS Fenster schliesst automatisch bei netstat -a - Tachchen, Also genau weiss ich nicht ob ich nen Virus habe, habe seit einigen Wochen ne 50.000der Leitung aber auf allen meinen Geräten läuft alles sehr sehr langsam, mein Netzwerk - Trojaner, DOS Fenster schliesst automatisch bei netstat -a...
Archiv
Du betrachtest: Trojaner, DOS Fenster schliesst automatisch bei netstat -a auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131