Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch

Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


Plagegeister aller Art und deren Bekämpfung: Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2014, 23:20   #1
Steffi_
 
Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch - Standard

Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


Hallo zusammen,

mein Sohn lädt sich gerne Spiele runter und seit einer Weile ist unser Laptop sehr langsam. Gerade das Internet macht viele Probleme. Ich habe nun heute mehrmals Malwarebytes durchlaufen lassen. Der letzte Stand waren o. g. Meldungen. Wie kann ich diese Dateien von meinem Laptop entfernen?

Ich habe das Farbar Recovery Scan Tool durchlaufen lassen, wie auch in anderen Posts empfohlen und die folgenden Meldungen erhalten:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Stefanie Votta (administrator) on STEFANIEVOTTA on 16-07-2014 00:03:16
Running from C:\Users\Stefanie Votta\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(ASUS) C:\Windows\AsScrPro.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Philips Austria GmbH - Speech Processing) C:\Program Files (x86)\Philips Speech\DPM Mounter Service\DPMMounterSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Users\Stefanie Votta\AppData\Roaming\BrowserCompanion\tcbhn.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [PhilipsSpeechDriverConfiguration] => PhilipsSpeechDriverConfiguration.exe
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [t4pc_en_6] => [X]
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-489845446-4219064374-2679351751-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-30] (Electronic Arts)
HKU\S-1-5-21-489845446-4219064374-2679351751-1000\...\Run: [word_06202008] => /r
HKU\S-1-5-21-489845446-4219064374-2679351751-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-12] (Valve Corporation)
HKU\S-1-5-21-489845446-4219064374-2679351751-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-489845446-4219064374-2679351751-1000\...\MountPoints2: {acf6d23f-b724-11e1-828e-806e6f6e6963} - E:\RunGame.exe
HKU\S-1-5-21-489845446-4219064374-2679351751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-30] (Electronic Arts)
HKU\S-1-5-21-489845446-4219064374-2679351751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [word_06202008] => /r
HKU\S-1-5-21-489845446-4219064374-2679351751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-12] (Valve Corporation)
HKU\S-1-5-21-489845446-4219064374-2679351751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-489845446-4219064374-2679351751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {acf6d23f-b724-11e1-828e-806e6f6e6963} - E:\RunGame.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\Stefanie Votta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Stefanie Votta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
ShortcutTarget: tcbhn.lnk -> C:\Users\Stefanie Votta\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403294882&from=tugs&uid=TOSHIBAXMQ01ABD050_42TIF2SJSXX42TIF2SJS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403294882&from=tugs&uid=TOSHIBAXMQ01ABD050_42TIF2SJSXX42TIF2SJS&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4397F576-66A2-4EFC-86BF-85EBBF324D2E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b809c0e9-61f6-40c7-ba83-0eaafb8ca211&apn_sauid=81D4D054-C42A-4A34-B288-7FEB6243B7FC
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hppp&ts=1403331490&from=adks&uid=TOSHIBAXMQ01ABD050_42TIF2SJSXX42TIF2SJS
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\user.js
FF SearchPlugin: C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\searchplugins\mngr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\Extensions\abs@avira.com [2014-07-15]
FF Extension: Amazon-Icon - C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\Extensions\amazon-icon@giga.de [2014-04-05]
FF Extension: Browser Companion Helper - C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\Extensions\bbrs_002@blabbers.com [2012-11-20]
FF Extension: Internet Download Manager Squared - C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\Extensions\idmsq@idmsq.com [2014-03-29]
FF Extension: Adblock Plus - C:\Users\Stefanie Votta\AppData\Roaming\Mozilla\Firefox\Profiles\vfikbigi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-06-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\staged [2014-06-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2014-06-20]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-29]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-04] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 Philips Speech DPM mounter; C:\Program Files (x86)\Philips Speech\DPM Mounter Service\DPMMounterSvc.exe [264192 2011-06-30] (Philips Austria GmbH - Speech Processing) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

U0 atghuq; C:\Windows\System32\drivers\nmypxut.sys [79064 2014-07-15] (Malwarebytes Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 23:40 - 2014-07-15 23:40 - 00001266 _____ () C:\Users\Stefanie Votta\Desktop\Revo Uninstaller.lnk
2014-07-15 23:40 - 2014-07-15 23:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-15 23:39 - 2014-07-15 23:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefanie Votta\Downloads\revosetup95.exe
2014-07-15 23:29 - 2014-07-15 23:31 - 00044481 _____ () C:\Users\Stefanie Votta\Downloads\Addition.txt
2014-07-15 23:28 - 2014-07-16 00:03 - 00018559 _____ () C:\Users\Stefanie Votta\Downloads\FRST.txt
2014-07-15 23:28 - 2014-07-16 00:03 - 00000000 ____D () C:\FRST
2014-07-15 23:27 - 2014-07-15 23:27 - 02086912 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST64(1).exe
2014-07-15 23:26 - 2014-07-15 23:26 - 02086912 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST64.exe
2014-07-15 23:25 - 2014-07-15 23:25 - 01077248 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST.exe
2014-07-15 23:19 - 2014-07-15 23:19 - 00018057 _____ () C:\Users\Stefanie Votta\Documents\Malware Export 15.07..txt
2014-07-15 21:51 - 2014-07-15 21:51 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av___ws2(1).exe
2014-07-15 21:46 - 2014-07-15 21:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av___ws2.exe
2014-07-15 20:08 - 2014-07-15 20:08 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\nmypxut.sys
2014-07-15 19:29 - 2014-07-15 21:51 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-15 19:29 - 2014-07-15 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-15 19:19 - 2014-07-15 19:19 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-15 19:19 - 2014-07-15 19:19 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-15 19:19 - 2014-07-15 19:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-15 19:18 - 2014-07-15 19:18 - 00284288 _____ (Mozilla) C:\Users\Stefanie Votta\Downloads\Firefox Setup Stub 30.0.exe
2014-07-15 19:07 - 2014-07-15 19:07 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4100076707__ws.exe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 19:03 - 2014-07-15 19:03 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-15 18:21 - 2014-07-15 18:21 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\{237768CB-9074-45BC-A9E4-F61466B23759}
2014-07-15 17:28 - 2014-07-15 22:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 17:28 - 2014-07-15 17:28 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 17:27 - 2014-07-15 17:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 17:27 - 2014-07-15 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 17:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 17:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 17:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 17:26 - 2014-07-15 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-15 17:26 - 2014-07-15 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-15 17:24 - 2014-07-15 17:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 17:24 - 2014-07-15 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-15 17:23 - 2014-07-15 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 18:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 18:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 18:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 18:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 18:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 18:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 18:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 18:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 18:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 18:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 18:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 18:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 18:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 18:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 18:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 18:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 18:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 18:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 18:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 18:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 18:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 18:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 18:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 18:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 18:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 18:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 18:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 18:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 18:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 18:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 18:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 18:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 18:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 18:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 18:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 18:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 18:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 18:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 18:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 18:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 18:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 18:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 18:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 18:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 18:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 18:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 18:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 18:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 18:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 18:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 18:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 18:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 18:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 18:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 18:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 18:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 18:14 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 18:14 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 18:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 18:12 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 18:12 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 18:11 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 18:11 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 18:11 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 18:11 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 18:11 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 18:10 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 18:10 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 18:10 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 16:12 - 2014-07-06 16:12 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\rightbackup
2014-07-06 15:41 - 2014-07-06 15:41 - 00734815 _____ () C:\Users\Stefanie Votta\Downloads\Skies_and_more.7z
2014-07-06 15:37 - 2014-07-06 15:37 - 00022669 _____ () C:\Users\Stefanie Votta\Downloads\SteamApps.zip
2014-07-06 09:08 - 2014-07-06 09:08 - 00000222 _____ () C:\Users\Stefanie Votta\Desktop\OMSI 2.url
2014-07-06 08:41 - 2014-07-06 08:42 - 00000000 ____D () C:\Users\Stefanie Votta\Downloads\AS_OMSI2
2014-07-06 08:23 - 2014-07-06 08:24 - 39573652 _____ () C:\Users\Stefanie Votta\Downloads\AS_OMSI2.7z
2014-07-06 08:20 - 2014-07-06 08:20 - 52431220 _____ () C:\Users\Stefanie Votta\Downloads\AS_OMSI2.zip
2014-06-28 11:02 - 2014-06-28 11:02 - 00001114 _____ () C:\Users\Public\Desktop\Seilbahn Simulator 2014.lnk
2014-06-28 11:01 - 2014-06-28 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seilbahn Simulator 2014
2014-06-28 10:50 - 2014-06-28 11:01 - 00000000 ____D () C:\Program Files (x86)\Seilbahn Simulator 2014
2014-06-21 20:25 - 2014-06-21 20:25 - 00000000 ____D () C:\TempDump
2014-06-20 22:32 - 2014-07-15 19:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-20 22:31 - 2014-06-20 22:31 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4040962039__ws (1).exe
2014-06-20 22:12 - 2014-06-20 22:35 - 00000000 ____D () C:\Program Files (x86)\t4pc_en_6
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-20 22:08 - 2014-06-20 22:47 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\word_06202008
2014-06-20 22:07 - 2014-06-20 22:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-20 22:06 - 2014-06-20 22:06 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4040962039__ws.exe
2014-06-20 21:40 - 2014-06-20 21:40 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(3).exe
2014-06-20 21:35 - 2014-07-15 19:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 21:30 - 2014-06-20 21:30 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(2).exe
2014-06-20 21:30 - 2014-06-20 21:30 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(1).exe
2014-06-20 21:14 - 2014-06-20 21:15 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\Deployment
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\Apps\2.0
2014-06-20 21:10 - 2014-06-20 21:10 - 00000221 _____ () C:\Users\Stefanie Votta\Desktop\Train Simulator 2014.url
2014-06-20 21:07 - 2014-06-20 21:07 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\dlg
2014-06-20 21:06 - 2014-07-06 16:15 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-20 21:06 - 2014-06-20 21:06 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\globalUpdate
2014-06-20 21:05 - 2014-06-20 21:05 - 00119296 _____ () C:\Windows\system32\mshtmlfr.exe
2014-06-20 21:01 - 2014-06-20 21:01 - 00000000 __SHD () C:\Users\Stefanie Votta\AppData\Local\EmieUserList
2014-06-20 21:01 - 2014-06-20 21:01 - 00000000 __SHD () C:\Users\Stefanie Votta\AppData\Local\EmieSiteList
2014-06-20 18:44 - 2014-07-15 20:07 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\BrowserSafeguard
2014-06-20 18:27 - 2014-06-20 18:27 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\SupTab
2014-06-20 18:27 - 2014-06-20 18:27 - 00000000 ____D () C:\Program Files\003
2014-06-20 17:39 - 2014-07-06 09:08 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 17:25 - 2014-07-15 18:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 17:25 - 2014-07-06 08:50 - 00000919 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-20 17:25 - 2014-07-06 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 17:25 - 2014-06-20 17:26 - 01141680 _____ () C:\Users\Stefanie Votta\Downloads\SteamSetup (1).exe
2014-06-20 17:25 - 2014-06-20 17:25 - 01141680 _____ () C:\Users\Stefanie Votta\Downloads\SteamSetup.exe

==================== One Month Modified Files and Folders =======

2014-07-16 00:04 - 2014-07-15 23:28 - 00018559 _____ () C:\Users\Stefanie Votta\Downloads\FRST.txt
2014-07-16 00:03 - 2014-07-15 23:28 - 00000000 ____D () C:\FRST
2014-07-15 23:55 - 2012-11-20 21:33 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\BrowserCompanion
2014-07-15 23:40 - 2014-07-15 23:40 - 00001266 _____ () C:\Users\Stefanie Votta\Desktop\Revo Uninstaller.lnk
2014-07-15 23:40 - 2014-07-15 23:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-15 23:39 - 2014-07-15 23:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefanie Votta\Downloads\revosetup95.exe
2014-07-15 23:31 - 2014-07-15 23:29 - 00044481 _____ () C:\Users\Stefanie Votta\Downloads\Addition.txt
2014-07-15 23:27 - 2014-07-15 23:27 - 02086912 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST64(1).exe
2014-07-15 23:26 - 2014-07-15 23:26 - 02086912 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST64.exe
2014-07-15 23:25 - 2014-07-15 23:25 - 01077248 _____ (Farbar) C:\Users\Stefanie Votta\Downloads\FRST.exe
2014-07-15 23:22 - 2013-11-03 14:45 - 00356864 ___SH () C:\Users\Stefanie Votta\Documents\Thumbs.db
2014-07-15 23:19 - 2014-07-15 23:19 - 00018057 _____ () C:\Users\Stefanie Votta\Documents\Malware Export 15.07..txt
2014-07-15 23:00 - 2012-06-15 21:56 - 01957385 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 22:21 - 2014-07-15 17:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 21:51 - 2014-07-15 21:51 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av___ws2(1).exe
2014-07-15 21:51 - 2014-07-15 19:29 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-15 21:46 - 2014-07-15 21:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av___ws2.exe
2014-07-15 20:55 - 2014-05-30 12:24 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-15 20:55 - 2014-05-30 12:24 - 00001092 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-15 20:08 - 2014-07-15 20:08 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\nmypxut.sys
2014-07-15 20:07 - 2014-06-20 18:44 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\BrowserSafeguard
2014-07-15 19:29 - 2014-07-15 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-15 19:29 - 2014-06-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-15 19:29 - 2012-11-25 11:57 - 00000000 ____D () C:\ProgramData\Avira
2014-07-15 19:24 - 2012-08-05 12:58 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\Google
2014-07-15 19:24 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-15 19:23 - 2012-02-24 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-15 19:21 - 2012-08-05 12:57 - 00000000 ____D () C:\ProgramData\Google
2014-07-15 19:19 - 2014-07-15 19:19 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-15 19:19 - 2014-07-15 19:19 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-15 19:19 - 2014-07-15 19:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-15 19:19 - 2014-06-20 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-15 19:18 - 2014-07-15 19:18 - 00284288 _____ (Mozilla) C:\Users\Stefanie Votta\Downloads\Firefox Setup Stub 30.0.exe
2014-07-15 19:07 - 2014-07-15 19:07 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4100076707__ws.exe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 19:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 19:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 19:03 - 2014-07-15 19:03 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-15 18:58 - 2014-05-30 19:30 - 00000000 ____D () C:\ProgramData\Origin
2014-07-15 18:56 - 2014-06-20 17:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-15 18:56 - 2014-05-30 19:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-15 18:55 - 2012-07-29 09:28 - 00000000 ___HD () C:\ASUS.DAT
2014-07-15 18:55 - 2012-07-29 09:27 - 00000380 _____ () C:\Users\Stefanie Votta\AppData\Roaming\sp_data.sys
2014-07-15 18:48 - 2012-02-24 03:34 - 00582384 _____ () C:\Windows\PFRO.log
2014-07-15 18:41 - 2012-06-15 22:09 - 00002079 _____ () C:\Windows\system32\ServiceFilter.ini
2014-07-15 18:21 - 2014-07-15 18:21 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\{237768CB-9074-45BC-A9E4-F61466B23759}
2014-07-15 18:01 - 2014-03-29 23:37 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\PerformerSoft
2014-07-15 18:01 - 2013-11-09 19:32 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\DigitalSite
2014-07-15 18:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-15 17:58 - 2014-06-04 11:27 - 00000000 ____D () C:\Users\Stefanie Votta\Documents\Steuer 2014
2014-07-15 17:28 - 2014-07-15 17:28 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-15 17:28 - 2014-07-15 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 17:28 - 2014-07-15 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 17:27 - 2014-07-15 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 17:27 - 2014-07-15 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-15 17:26 - 2014-07-15 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-15 17:25 - 2014-07-15 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 17:24 - 2014-07-15 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-15 17:24 - 2014-07-15 17:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Stefanie Votta\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-11 16:08 - 2009-07-14 06:45 - 00414440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 16:06 - 2014-05-06 21:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 16:06 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 16:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 16:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 18:57 - 2013-08-14 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 18:52 - 2012-08-03 22:24 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-06 16:16 - 2014-02-20 22:29 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\systweak
2014-07-06 16:15 - 2014-06-20 21:06 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-06 16:12 - 2014-07-06 16:12 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\rightbackup
2014-07-06 15:41 - 2014-07-06 15:41 - 00734815 _____ () C:\Users\Stefanie Votta\Downloads\Skies_and_more.7z
2014-07-06 15:37 - 2014-07-06 15:37 - 00022669 _____ () C:\Users\Stefanie Votta\Downloads\SteamApps.zip
2014-07-06 12:35 - 2012-06-15 22:09 - 00002164 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-06 09:34 - 2012-02-24 04:31 - 00081604 _____ () C:\Windows\DirectX.log
2014-07-06 09:08 - 2014-07-06 09:08 - 00000222 _____ () C:\Users\Stefanie Votta\Desktop\OMSI 2.url
2014-07-06 09:08 - 2014-06-20 17:39 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-06 08:50 - 2014-06-20 17:25 - 00000919 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-06 08:50 - 2012-07-29 09:27 - 00000000 ____D () C:\Users\Stefanie Votta
2014-07-06 08:46 - 2014-06-20 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-06 08:42 - 2014-07-06 08:41 - 00000000 ____D () C:\Users\Stefanie Votta\Downloads\AS_OMSI2
2014-07-06 08:24 - 2014-07-06 08:23 - 39573652 _____ () C:\Users\Stefanie Votta\Downloads\AS_OMSI2.7z
2014-07-06 08:20 - 2014-07-06 08:20 - 52431220 _____ () C:\Users\Stefanie Votta\Downloads\AS_OMSI2.zip
2014-06-30 04:09 - 2014-07-10 18:12 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 18:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 11:02 - 2014-06-28 11:02 - 00001114 _____ () C:\Users\Public\Desktop\Seilbahn Simulator 2014.lnk
2014-06-28 11:01 - 2014-06-28 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seilbahn Simulator 2014
2014-06-28 11:01 - 2014-06-28 10:50 - 00000000 ____D () C:\Program Files (x86)\Seilbahn Simulator 2014
2014-06-21 20:25 - 2014-06-21 20:25 - 00000000 ____D () C:\TempDump
2014-06-21 19:57 - 2012-12-20 13:56 - 00000000 ____D () C:\Users\Stefanie Votta\Documents\PAS
2014-06-20 22:48 - 2014-06-20 22:07 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-20 22:47 - 2014-06-20 22:08 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\word_06202008
2014-06-20 22:35 - 2014-06-20 22:12 - 00000000 ____D () C:\Program Files (x86)\t4pc_en_6
2014-06-20 22:31 - 2014-06-20 22:31 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4040962039__ws (1).exe
2014-06-20 22:14 - 2014-07-10 18:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-20 22:09 - 2012-06-15 22:10 - 00000000 ____D () C:\ProgramData\Temp
2014-06-20 22:08 - 2012-07-29 09:28 - 00001639 _____ () C:\Users\Stefanie Votta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-20 22:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-20 22:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-20 22:06 - 2014-06-20 22:06 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie Votta\Downloads\avira_de_av_4040962039__ws.exe
2014-06-20 21:40 - 2014-06-20 21:40 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(3).exe
2014-06-20 21:39 - 2014-07-10 18:14 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 21:30 - 2014-06-20 21:30 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(2).exe
2014-06-20 21:30 - 2014-06-20 21:30 - 00895120 _____ (Google Inc.) C:\Users\Stefanie Votta\Downloads\ChromeSetup(1).exe
2014-06-20 21:15 - 2014-06-20 21:14 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\Deployment
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\Apps\2.0
2014-06-20 21:10 - 2014-06-20 21:10 - 00000221 _____ () C:\Users\Stefanie Votta\Desktop\Train Simulator 2014.url
2014-06-20 21:07 - 2014-06-20 21:07 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\dlg
2014-06-20 21:06 - 2014-06-20 21:06 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Local\globalUpdate
2014-06-20 21:05 - 2014-06-20 21:05 - 00119296 _____ () C:\Windows\system32\mshtmlfr.exe
2014-06-20 21:01 - 2014-06-20 21:01 - 00000000 __SHD () C:\Users\Stefanie Votta\AppData\Local\EmieUserList
2014-06-20 21:01 - 2014-06-20 21:01 - 00000000 __SHD () C:\Users\Stefanie Votta\AppData\Local\EmieSiteList
2014-06-20 18:27 - 2014-06-20 18:27 - 00000000 ____D () C:\Users\Stefanie Votta\AppData\Roaming\SupTab
2014-06-20 18:27 - 2014-06-20 18:27 - 00000000 ____D () C:\Program Files\003
2014-06-20 17:26 - 2014-06-20 17:25 - 01141680 _____ () C:\Users\Stefanie Votta\Downloads\SteamSetup (1).exe
2014-06-20 17:25 - 2014-06-20 17:25 - 01141680 _____ () C:\Users\Stefanie Votta\Downloads\SteamSetup.exe
2014-06-19 03:39 - 2014-07-10 18:14 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-10 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-10 18:14 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-10 18:14 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-10 18:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-10 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-10 18:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-10 18:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-10 18:14 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-10 18:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-10 18:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-10 18:14 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-10 18:14 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-10 18:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-10 18:14 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-10 18:14 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-10 18:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-10 18:14 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-10 18:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-10 18:14 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-10 18:14 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-10 18:14 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-10 18:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-10 18:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 18:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-10 18:14 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-10 18:14 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-10 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 18:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-10 18:14 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-10 18:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-10 18:14 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-10 18:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-10 18:14 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-10 18:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 18:14 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 18:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-10 18:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 18:14 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-10 18:14 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 18:14 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-10 18:14 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-10 18:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 18:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 18:14 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 18:14 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-10 18:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-10 18:14 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-10 18:14 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-10 18:14 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-10 18:14 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-10 18:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 18:11 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 18:11 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-07 19:25

==================== End Of Log ============================

Ich habe auch den Run Hunter runtergeladen, nur ich wußte nicht weiter. Bitte um Hilfe.

Danke und viele Grüße

Steffi

Alt 16.07.2014, 05:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch - Standard

Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Addition.txt fehlt noch.
__________________

__________________
Alt 16.07.2014, 19:19   #3
Steffi_
 
Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch - Standard

Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


Sorry, ich bekomme das nicht hin. Also Strg + A, Strg. + C ist kein Problem. Aber ich weiß nicht, wo ich das Zeichen # im Editor finden soll, auf der Tastatur ist klar. Und wenn ich klicke, ist der Text weg aber Klammerausdrücke sind keine da.
__________________
Alt 17.07.2014, 15:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch - Standard

Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


Das findest Du nicht im Editor. Sondern hier im Forum, in der Antwortbox, dort ist das # Zeichen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
.dll, administrator, adobe, amazon-icon, avira, desktop, dvdvideosoft ltd., entfernen, explorer, firefox, focus, home, homepage, iexplore.exe, internet, mozilla, newtab, opera, realtek, registry, revo uninstaller, scan, secur, services.exe, software, svchost.exe, system, trojaner, windows, winlogon.exe


« Sicherheitsmeldung AVIRA: C:Windows\Temp\RSTUpdater.exe; TR/Dropper.Gen | Mein Computer wurde Ferngesteuert und somit mein Steam Account hijacked »


Ähnliche Themen: Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch


  1. Amazon Konto gehackt, Schädlinge PUP.OPTIONAL.MetacrawlerBAR.A + PUP.OPTIONAL.Crossrider.A gefunden
    Log-Analyse und Auswertung - 16.07.2015 (13)
  2. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  3. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  4. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  5. PUP.Optional.DomalQ / PUP.Optional.BProtector / PUP.Optional.InstallMonetizer.A
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  6. PUP.Optinonal.Wajam.A, PUP.Optinonal.Babylon.A, PUP.BProtector, PUP.Optional.DataMgr.A, PUP.Optional.Babylon.Toolbar.A
    Log-Analyse und Auswertung - 11.12.2013 (11)
  7. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  8. Win7 - 'PUP.Optional.Babylon.A' und 'PUP.Optional.DownloadSponsor.A' gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  9. Fund von PUP.Optional.Crossrider und PUP.Optional.OptimizerPro.A
    Log-Analyse und Auswertung - 13.10.2013 (13)
  10. PC läuft langsam Adware Agent,Pup Optional B..,Pup Optional S..,wurde von Malewarebytes gefunden
    Log-Analyse und Auswertung - 04.10.2013 (41)
  11. Malwarebytes und Avira finden PUP.Optional.OpenCandy, PUP.Optional.Softonic, ADWARE/InstallCo.HF
    Log-Analyse und Auswertung - 14.09.2013 (9)
  12. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  13. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  14. PUP Optional. Browser Defender A und PUP Optional. Babylon A von Malwarebytes gelöscht?
    Log-Analyse und Auswertung - 28.08.2013 (14)
  15. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  16. PUP.Optional.Babylon.A 2 x und PUP.Optional.OpenCandy 1 x
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (17)
  17. Windows 7 Ultimate 64bit: Malewarebytes findet PUP.Optional.Conduit.A/PUP.Optional.Softonic
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch - Hallo zusammen, mein Sohn lädt sich gerne Spiele runter und seit einer Weile ist unser Laptop sehr langsam. Gerade das Internet macht viele Probleme. Ich habe nun heute mehrmals Malwarebytes - Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch...
Archiv
Du betrachtest: Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24