| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Installer und ständig Werbund und Pop Ups, neue Fenster im BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2014, 19:43
| #1 |
| |  Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Hallo zusammen, ich hoffe, ich mache alles richtig, das ist mein erster Post hier. Ich glaube, wir haben uns auf dem Laptop einen Virus oder so etwas eingefangen. Ständig möchte ein Windows Installer auf Englisch etwas installieren, allerdings sieht der schon merkwürdig aus. Außerdem können wir nicht mehr im Internet surfen. Ständig öffnet sich ein neues Fenster, Pop up oder Werbung wird eingeblendet... Der Avira Antivirus hat auch schon ein paar Mal zugeschlagen, ich weiß gar nicht, ob wir das dann auch richtig gehandelt haben. Ich hoffe, mir kann hier jemand helfen. Ich weiß nämlich ehrlich gesagt nicht mehr wirklich, was ich jetzt tun kann. Vielen Dank schon einmal vorab fürs Lesen! Mfg, Kabimaus |
|
19.07.2014, 19:54
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.07.2014, 20:17
| #3 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Danke für die schnelle Beantwortung. Danke auch weiterhin!
__________________Erst die FRST.txt und dann die Addition.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by admin (administrator) on ADMIN-PC on 19-07-2014 20:54:42
Running from C:\Users\admin\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2013-10-14] (Broadcom Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_77] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [fst_de_76] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1983403286-1626189231-2232492376-1011\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1983403286-1626189231-2232492376-1011\...\MountPoints2: {6cd97987-37d5-11e3-8e43-208984c46682} - G:\ting.exe
HKU\S-1-5-21-1983403286-1626189231-2232492376-1011\...\MountPoints2: {b8f7b09b-6ad7-11e3-8c14-208984c46682} - F:\LGAutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D3F423B5CE1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyE0CyEyCyCzztB0E0F0F0BtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StB0AyE0AyBtB0EyCtGtD0B0DyCtG0DtD0CtDtG0FyEtD0BtGtDyB0FtAyCtByEyE0CtCtBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByD0C0AtB0B0FtGtDyDyByEtG0F0EyB0BtG0A0CzyyDtGyC0EtCtAzztAtD0DyB0C0Czy2Q&cr=186596587&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyE0CyEyCyCzztB0E0F0F0BtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StB0AyE0AyBtB0EyCtGtD0B0DyCtG0DtD0CtDtG0FyEtD0BtGtDyB0FtAyCtByEyE0CtCtBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByD0C0AtB0B0FtGtDyDyByEtG0F0EyB0BtG0A0CzyyDtGyC0EtCtAzztAtD0DyB0C0Czy2Q&cr=186596587&ir=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M187AFFA5-A199-40D6-B6DC-A6DA64627258&SearchSource=58&CUI=&UM=2&UP=SP90158D8F-DD9A-4F4E-87B1-6EC0CD96F9D1&q={searchTerms}&SSPV=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Savings Advisor - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\ciuvo-extension@avira.de [2014-07-04]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-04]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\w7k71tpw.default-1397410510911\extensions\faststartff@gmail.com
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-07-03]
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-03] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-03] (globalUpdate) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-10-14] (Broadcom Corporation) [File not signed]
S2 Util NetCrawl; "C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-02] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [61120 2014-07-02] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-19 20:54 - 2014-07-19 20:55 - 00016506 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:54 - 2014-07-19 20:54 - 02089984 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-19 20:54 - 2014-07-19 20:54 - 00000000 ____D () C:\FRST
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:28 - 2014-07-19 20:28 - 00001091 _____ () C:\Users\admin\Desktop\Continue VuuPC Installation.lnk
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-19 20:20 - 2014-07-19 20:20 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-09 10:47 - 2014-07-09 10:46 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-09 09:09 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:09 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:09 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:09 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:09 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:09 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:09 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:09 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:09 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:09 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:09 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:09 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:09 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:09 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:09 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:09 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:09 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:09 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:09 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:09 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:08 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:08 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 21:38 - 2014-07-10 20:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-04 11:06 - 2014-07-10 15:00 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 11:02 - 2014-07-04 11:02 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:01 - 2014-07-04 11:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 10:44 - 2014-07-04 10:52 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-04 10:41 - 2014-07-04 11:01 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:08 - 2014-07-19 20:23 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-07-04 10:08 - 2014-07-17 17:21 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:26 - 2014-07-03 23:26 - 00301608 _____ (VuuPC Limited) C:\Users\admin\AppData\Local\nsi9826.tmp
2014-07-03 23:23 - 2014-02-12 23:21 - 00000426 _____ () C:\AVScanner.ini
2014-07-03 14:08 - 2014-07-19 20:33 - 00002188 _____ () C:\Windows\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4.job
2014-07-03 14:08 - 2014-07-19 20:33 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-03 14:08 - 2014-07-19 20:13 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-03 14:08 - 2014-07-03 14:08 - 00005218 _____ () C:\Windows\System32\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4
2014-07-03 14:08 - 2014-07-03 14:08 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-03 14:08 - 2014-07-03 14:08 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Users\admin\AppData\Local\globalUpdate
2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-03 13:37 - 2014-07-02 12:08 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-03 10:31 - 2014-07-03 13:35 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:10 - 2014-07-19 20:10 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-07-03 10:10 - 2014-07-03 10:10 - 00003232 _____ () C:\Windows\System32\Tasks\Rocket Updater
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RocketUpdater
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-03 10:09 - 2014-07-03 10:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Advanced System Protector
2014-07-02 22:05 - 2014-07-02 12:29 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 21:07 - 2014-07-03 23:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\systweak
2014-07-02 21:06 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-07-02 21:05 - 2014-07-19 20:29 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-02 21:04 - 2014-07-04 11:08 - 00000000 ____D () C:\Program Files\003
2014-07-02 21:03 - 2014-07-02 21:03 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-02 10:23 - 2014-07-02 10:23 - 00000000 ____D () C:\ProgramData\374311380
2014-07-02 08:16 - 2014-07-03 23:23 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 07:53 - 2014-07-02 07:53 - 00000000 ____D () C:\Users\admin\Documents\Optimizer Pro
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:51 - 2014-07-03 07:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-02 07:51 - 2014-07-02 10:25 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-02 07:51 - 2014-07-02 08:11 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-02 07:51 - 2014-07-02 07:52 - 00000318 _____ () C:\Users\admin\AppData\Roaming\aps.uninstall.scan.results
2014-07-02 07:51 - 2014-07-02 07:51 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-02 07:51 - 2014-07-02 07:51 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-02 07:51 - 2014-07-02 07:51 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-02 07:49 - 2014-07-19 20:35 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-02 07:49 - 2014-07-11 11:27 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SupTab
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-02 07:47 - 2014-07-02 10:23 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-02 07:44 - 2014-07-02 07:44 - 00623672 _____ (Click Me In Limited) C:\Users\admin\AppData\Local\nsw3A2E.tmp
2014-07-02 07:42 - 2014-07-02 21:03 - 00000000 ____D () C:\Users\admin\AppData\Local\SearchProtect
2014-07-02 07:42 - 2014-07-02 07:42 - 00000000 _____ () C:\END
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
==================== One Month Modified Files and Folders =======
2014-07-19 20:55 - 2014-07-19 20:54 - 00016506 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:54 - 2014-07-19 20:54 - 02089984 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-19 20:54 - 2014-07-19 20:54 - 00000000 ____D () C:\FRST
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:53 - 2013-10-14 00:41 - 00000000 ____D () C:\Users\admin
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:41 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 20:41 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:37 - 2013-10-14 00:41 - 01789310 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 20:35 - 2014-07-02 07:49 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-19 20:33 - 2014-07-03 14:08 - 00002188 _____ () C:\Windows\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4.job
2014-07-19 20:33 - 2014-07-03 14:08 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-19 20:33 - 2010-11-21 05:47 - 00818006 _____ () C:\Windows\PFRO.log
2014-07-19 20:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 20:33 - 2009-07-14 06:51 - 00088016 _____ () C:\Windows\setupact.log
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:29 - 2014-07-02 21:05 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-19 20:28 - 2014-07-19 20:28 - 00001091 _____ () C:\Users\admin\Desktop\Continue VuuPC Installation.lnk
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-19 20:23 - 2014-07-04 10:08 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-07-19 20:20 - 2014-07-19 20:20 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-19 20:18 - 2013-10-13 01:28 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-07-19 20:18 - 2013-10-13 01:28 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-07-19 20:18 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 20:13 - 2014-07-03 14:08 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-19 20:10 - 2014-07-03 10:10 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-07-19 19:56 - 2013-10-16 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 19:54 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-07-19 11:30 - 2014-01-01 20:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-19 10:35 - 2013-11-17 07:44 - 00000237 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-07-17 17:21 - 2014-07-04 10:08 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-17 17:20 - 2013-10-14 00:42 - 00058016 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 17:20 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-11 11:27 - 2014-07-02 07:49 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-10 20:30 - 2014-07-06 21:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-10 15:00 - 2014-07-04 11:06 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-10 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:04 - 2013-10-12 11:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2013-10-12 11:30 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:47 - 2014-03-19 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-09 10:46 - 2014-07-09 10:47 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:56 - 2013-10-16 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-04 11:08 - 2014-07-02 21:04 - 00000000 ____D () C:\Program Files\003
2014-07-04 11:02 - 2014-07-04 11:02 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:02 - 2014-07-04 11:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-07-04 10:41 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 10:52 - 2014-07-04 10:44 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-04 10:52 - 2014-06-18 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:27 - 2013-10-12 12:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 23:26 - 2014-07-03 23:26 - 00301608 _____ (VuuPC Limited) C:\Users\admin\AppData\Local\nsi9826.tmp
2014-07-03 23:26 - 2014-07-02 21:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\systweak
2014-07-03 23:23 - 2014-07-02 08:16 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-03 14:08 - 2014-07-03 14:08 - 00005218 _____ () C:\Windows\System32\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4
2014-07-03 14:08 - 2014-07-03 14:08 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-03 14:08 - 2014-07-03 14:08 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Users\admin\AppData\Local\globalUpdate
2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-03 13:35 - 2014-07-03 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:15 - 2014-07-03 10:09 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Advanced System Protector
2014-07-03 10:10 - 2014-07-03 10:10 - 00003232 _____ () C:\Windows\System32\Tasks\Rocket Updater
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RocketUpdater
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-03 07:51 - 2014-07-02 07:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 21:52 - 2014-05-23 14:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-02 21:03 - 2014-07-02 21:03 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-02 21:03 - 2014-07-02 07:42 - 00000000 ____D () C:\Users\admin\AppData\Local\SearchProtect
2014-07-02 12:29 - 2014-07-02 22:05 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
2014-07-02 12:08 - 2014-07-03 13:37 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-02 10:25 - 2014-07-02 07:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-02 10:23 - 2014-07-02 10:23 - 00000000 ____D () C:\ProgramData\374311380
2014-07-02 10:23 - 2014-07-02 07:47 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-02 08:11 - 2014-07-02 07:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-02 07:53 - 2014-07-02 07:53 - 00000000 ____D () C:\Users\admin\Documents\Optimizer Pro
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:52 - 2014-07-02 07:51 - 00000318 _____ () C:\Users\admin\AppData\Roaming\aps.uninstall.scan.results
2014-07-02 07:51 - 2014-07-02 07:51 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-02 07:51 - 2014-07-02 07:51 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-02 07:51 - 2014-07-02 07:51 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SupTab
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-02 07:48 - 2013-10-14 00:42 - 00001649 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-02 07:44 - 2014-07-02 07:44 - 00623672 _____ (Click Me In Limited) C:\Users\admin\AppData\Local\nsw3A2E.tmp
2014-07-02 07:42 - 2014-07-02 07:42 - 00000000 _____ () C:\END
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
2014-07-02 00:19 - 2014-05-07 17:11 - 00000000 ____D () C:\Users\admin\Documents\my games
2014-07-02 00:18 - 2014-01-04 02:18 - 00199781 _____ () C:\Windows\DirectX.log
2014-06-30 04:09 - 2014-07-09 09:08 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 09:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 20:39 - 2014-07-04 11:01 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 11:01 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 11:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-24 15:09 - 2014-01-13 19:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-06-20 22:14 - 2014-07-09 09:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 09:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 13:12 - 2014-05-09 22:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-06-19 03:39 - 2014-07-09 09:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 09:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 09:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 09:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 09:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 09:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 09:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 09:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 09:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 09:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 09:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 09:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 09:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 09:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 09:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 09:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 09:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 09:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 09:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 09:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 09:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 09:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 09:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 09:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 09:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 09:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 09:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 09:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 09:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 09:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 09:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 09:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 09:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 09:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 09:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 09:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 09:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 09:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 09:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 09:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 09:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 09:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 09:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 09:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 09:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 09:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 09:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 09:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 09:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 09:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 09:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 09:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 09:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 09:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AutoRun.exe
C:\Users\admin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\BackupSetup.exe
C:\Users\admin\AppData\Local\Temp\CloudBackup3763.exe
C:\Users\admin\AppData\Local\Temp\dlLogic.exe
C:\Users\admin\AppData\Local\Temp\dltr.exe
C:\Users\admin\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\admin\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\admin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\admin\AppData\Local\Temp\EAD11EA.exe
C:\Users\admin\AppData\Local\Temp\EAD28F.exe
C:\Users\admin\AppData\Local\Temp\EAD453.exe
C:\Users\admin\AppData\Local\Temp\EAD5946.exe
C:\Users\admin\AppData\Local\Temp\EAD96F1.exe
C:\Users\admin\AppData\Local\Temp\EADD5D4.exe
C:\Users\admin\AppData\Local\Temp\EAInstall.dll
C:\Users\admin\AppData\Local\Temp\GCVerifier.dll
C:\Users\admin\AppData\Local\Temp\Gw2.exe
C:\Users\admin\AppData\Local\Temp\nsa3EEA.exe
C:\Users\admin\AppData\Local\Temp\nsl36ED.exe
C:\Users\admin\AppData\Local\Temp\nsl7348.exe
C:\Users\admin\AppData\Local\Temp\nsmFC3A.tmp.exe
C:\Users\admin\AppData\Local\Temp\nsq6DEA.exe
C:\Users\admin\AppData\Local\Temp\nsv3B22.exe
C:\Users\admin\AppData\Local\Temp\nsv7867.exe
C:\Users\admin\AppData\Local\Temp\optprosetup.exe
C:\Users\admin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\admin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\admin\AppData\Local\Temp\Uninstall.exe
C:\Users\admin\AppData\Local\Temp\UninstallEADM.dll
C:\Users\admin\AppData\Local\Temp\verifier.exe
C:\Users\admin\AppData\Local\Temp\war3_Install.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 00:32
==================== End Of Log ============================
Jetzt die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by admin at 2014-07-19 20:55:53
Running from C:\Users\admin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.66.2 - Electronic Arts)
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version: - TT Games)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version: - Traveller's Tales)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
10-07-2014 01:00:22 Windows Update
12-07-2014 19:15:30 OpenOffice Beta 4.1.0 wird entfernt
12-07-2014 19:18:24 Removed Microsoft Office Excel Viewer
19-07-2014 18:30:46 Entfernt LG United Mobile Driver
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-07-03 10:08 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 d3oxij66pru1i3.cloudfront.net
==================== Scheduled Tasks (whitelisted) =============
Task: {060B8335-7441-4565-B54B-D75561138560} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1B27EDA9-33D0-4354-8E42-B758297F605D} - System32\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4 => C:\Program Files (x86)\V-9.1HD\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4.exe
Task: {20E2F5AE-2788-461F-9308-544A41ED0BA6} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {72F636D3-B0EC-4346-A4E0-2AD3A3F7400A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {783AAD34-2CD2-4B33-926A-68ADA9063BB0} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-03] (globalUpdate) <==== ATTENTION
Task: {7AED6F6C-1FC5-4036-9289-B7F92380FD92} - System32\Tasks\Rocket Updater => C:\Users\admin\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {9B04B1D9-42FD-4E2A-9803-D3C6C2402429} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-03] (globalUpdate) <==== ATTENTION
Task: {C25EF6D7-352C-4F1E-AE99-FC0DDD02638C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DAC56DB7-7FCC-44D7-B8C1-FDC12A486BF4} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {ECABDED8-FD1E-4488-99D4-77D0D3B9D282} - System32\Tasks\DigitalSite => C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {F964EFEB-4D48-468A-8D41-326410A32DCC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4.job => C:\Program Files (x86)\V-9.1HD\2c7ed5dd-6ed8-4996-9693-bc4036c96faa-4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\admin\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-12 10:42 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-24 10:54 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2013-06-24 10:54 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-06-24 10:54 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-06-24 10:54 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-06-24 10:54 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 10:54 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-06-24 10:54 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-06-24 10:54 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-06-24 10:54 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-06-24 10:54 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2014-07-04 10:52 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-13 04:30 - 2014-02-13 04:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-10-12 10:41 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-12 10:45 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: AnyProtect Tray => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
MSCONFIG\startupreg: fst_de_76 => "C:\Program Files (x86)\fst_de_76\fst_de_76.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2014 08:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 08:24:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 08:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1740
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/19/2014 07:57:01 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files (x86)\globalUpdate\CrashReports\ed91d176-f905-4e54-a6f0-9e4778609a0b.dmp
Error: (07/19/2014 00:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/19/2014 00:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a30
Startzeit: 01cfa33a16da2664
Endzeit: 20
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 97da8bf8-0f2f-11e4-8e75-208984c46682
Error: (07/17/2014 05:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 08:58:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2014 10:23:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/10/2014 03:22:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/19/2014 08:33:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util NetCrawl" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/19/2014 08:23:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util NetCrawl" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/19/2014 07:56:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {577975B8-C40E-43E6-B0DE-4C6B44088B52}
Error: (07/19/2014 11:30:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/19/2014 11:30:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (07/14/2014 07:27:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (07/13/2014 00:30:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/13/2014 00:30:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (07/11/2014 00:13:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/11/2014 00:13:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Microsoft Office Sessions:
=========================
Error: (07/19/2014 08:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 08:24:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 08:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b174001cfa37c83f82f70C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll15b5bc59-0f71-11e4-8e75-208984c46682
Error: (07/19/2014 07:57:01 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files (x86)\globalUpdate\CrashReports\ed91d176-f905-4e54-a6f0-9e4778609a0b.dmp
Error: (07/19/2014 00:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bdc801cfa33a1a5432b1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll993c9226-0f2f-11e4-8e75-208984c46682
Error: (07/19/2014 00:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269a3001cfa33a16da266420C:\Program Files (x86)\Mozilla Firefox\firefox.exe97da8bf8-0f2f-11e4-8e75-208984c46682
Error: (07/17/2014 05:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2014 08:58:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2014 10:23:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/10/2014 03:22:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8010.36 MB
Available physical RAM: 6258.09 MB
Total Pagefile: 16018.89 MB
Available Pagefile: 14140.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.78 GB) (Free:99.14 GB) NTFS
Drive d: () (Fixed) (Total:232.82 GB) (Free:220.3 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABFF84B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=0C)
==================== End Of Log ============================
|
|
20.07.2014, 16:18
| #4 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2014, 17:34
| #5 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Vielen Dank =) Die Programme gingen alle mit dem Revo Uninstaller löschen. Wars das jetzt schon? Oder muss ich noch weitere Schritte machen? Ich freue mich hier gerade ganz doll, weils dem Anschein nach schon besser aussieht. Muss ich das mit ComboFix auch machen, oder nicht? Gruß, Kabimaus Geändert von Kabimaus (20.07.2014 um 18:28 Uhr) |
|
20.07.2014, 21:10
| #6 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Ja bitte Combofix machen 
__________________ --> Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser |
|
20.07.2014, 22:15
| #7 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Also, hab das Avira ausgeschaltet, trotzdem hat es was angezeigt, nachdem ich ComboFix gestartet hatte, das habe ich ignoriert. Dann kam zwischendrin (beim Scan vom ComboFix) die Meldung pev.3xe kann nicht richtig ausgeführt werden, das habe ich weg geklickt, da combofix sonst nichts gemacht hätte. Ich hoffe, das war alles richtig so? Code:
ATTFilter ComboFix 14-07-20.02 - admin 20.07.2014 23:02:27.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8010.6269 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\48ba88db-7b52-4a48-8d4a-bda2a6918dc8.jpg
c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\NetCrawl_iels
c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\sizlsearch_iels
c:\users\admin\AppData\Local\nsi9826.tmp
c:\users\admin\AppData\Local\nsw3A2E.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-20 bis 2014-07-20 ))))))))))))))))))))))))))))))
.
.
2014-07-20 21:06 . 2014-07-20 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-20 16:23 . 2014-07-20 16:23 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-07-20 07:31 . 2014-07-20 07:31 -------- d-----w- c:\users\admin\AppData\Roaming\Paltalk
2014-07-20 07:31 . 2014-07-20 07:32 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2014-07-20 07:27 . 2014-07-20 07:27 -------- d-----w- c:\program files (x86)\FreeTime
2014-07-19 18:54 . 2014-07-19 18:56 -------- d-----w- C:\FRST
2014-07-19 18:20 . 2014-07-19 18:20 -------- d-----w- c:\program files (x86)\predm
2014-07-16 18:23 . 2014-07-16 18:23 -------- d-----w- c:\programdata\Riot Games
2014-07-11 20:54 . 2014-07-11 20:54 -------- d-----w- c:\users\admin\AppData\Local\WorldofTanks
2014-07-09 08:47 . 2014-07-09 08:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-09 08:47 . 2014-07-09 08:46 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-09 08:47 . 2014-07-09 08:46 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-09 08:47 . 2014-07-09 08:46 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-09 08:47 . 2014-07-09 08:46 190888 ----a-w- c:\windows\system32\java.exe
2014-07-09 08:46 . 2014-07-09 08:46 -------- d-----w- c:\program files\Java
2014-07-09 07:08 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 07:08 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 07:08 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 07:08 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 07:08 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 07:08 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 07:08 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 07:08 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 07:08 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 07:08 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-09 07:03 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 07:03 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 07:03 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-06 19:38 . 2014-07-20 07:26 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2014-07-04 09:06 . 2014-07-10 13:00 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-04 09:02 . 2014-07-04 09:02 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2014-07-04 09:01 . 2014-06-24 18:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-07-04 09:01 . 2014-06-24 18:39 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-07-04 09:01 . 2014-06-24 18:39 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-04 09:01 . 2014-07-20 16:27 -------- d-----w- c:\program files (x86)\Avira
2014-07-04 09:01 . 2014-07-04 09:01 -------- d-----w- c:\programdata\Avira
2014-07-04 08:08 . 2014-07-19 18:23 -------- d-----w- c:\program files (x86)\Bench
2014-07-03 21:31 . 2014-07-03 21:31 -------- d-----w- c:\program files\VideoLAN
2014-07-03 12:08 . 2014-07-20 00:13 -------- d-----w- c:\program files (x86)\globalUpdate
2014-07-03 12:08 . 2014-07-03 12:08 -------- d-----w- c:\users\admin\AppData\Local\globalUpdate
2014-07-03 11:37 . 2014-07-02 10:08 61112 ----a-w- c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-03 08:31 . 2014-07-03 11:35 -------- d-----w- c:\programdata\Norton
2014-07-03 08:10 . 2014-07-03 08:10 -------- d-----w- c:\users\admin\AppData\Roaming\Media Player Classic
2014-07-03 08:10 . 2014-07-03 08:10 -------- d-----w- c:\users\admin\AppData\Roaming\RocketUpdater
2014-07-03 08:09 . 2014-07-03 08:15 -------- d-----w- c:\users\admin\AppData\Roaming\Advanced System Protector
2014-07-02 20:05 . 2014-07-02 10:29 61120 ----a-w- c:\windows\system32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
2014-07-02 19:55 . 2014-07-02 19:55 -------- d-----w- c:\windows\system32\appmgmt
2014-07-02 19:07 . 2014-07-03 21:26 -------- d-----w- c:\users\admin\AppData\Roaming\systweak
2014-07-02 19:06 . 2014-04-25 12:49 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-07-02 19:05 . 2014-07-19 18:29 -------- d-----w- c:\program files\suprasavings
2014-07-02 19:04 . 2014-07-04 09:08 -------- d-----w- c:\program files\003
2014-07-02 19:03 . 2014-07-02 19:03 -------- d-----w- c:\program files (x86)\SearchProtect
2014-07-02 08:23 . 2014-07-02 08:23 -------- d-----w- c:\programdata\374311380
2014-07-02 05:49 . 2014-07-19 18:35 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-07-02 05:49 . 2014-07-02 05:49 -------- d-----w- c:\users\admin\AppData\Roaming\SupTab
2014-07-02 05:49 . 2014-07-11 09:27 -------- d-----w- c:\programdata\IePluginServices
2014-07-02 05:49 . 2014-07-02 05:49 -------- d-----w- c:\program files (x86)\SupTab
2014-07-02 05:49 . 2014-07-02 05:49 -------- d-----w- c:\users\admin\AppData\Local\com
2014-07-02 05:47 . 2014-07-02 08:23 -------- d-----w- c:\program files (x86)\Optimizer Pro
2014-07-02 05:42 . 2014-07-20 16:29 -------- d-----w- c:\users\admin\AppData\Local\SearchProtect
2014-07-01 22:19 . 2014-07-01 22:19 -------- d-----w- c:\programdata\Steam
2014-07-01 12:13 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7494D36-DE01-4114-A202-1CE7408342C5}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:02 . 2013-10-12 09:30 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 19:56 . 2013-10-16 18:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:56 . 2013-10-16 18:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 19:05 . 2014-06-12 19:05 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-05-08 09:32 . 2014-06-12 19:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 19:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-12 19:32 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 19:32 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2013-06-20 391040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-06-24 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe nas [2014-6-24 7975504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Util NetCrawl;Util NetCrawl;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys;c:\windows\SYSNATIVE\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [x]
S1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;c:\windows\system32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16 19:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-10-13 7138816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-fst_de_77 - (no file)
Wow6432Node-HKLM-Run-fst_de_76 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1983403286-1626189231-2232492376-1011\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:05,8a,ca,5d,50,1d,d1,60,e5,4c,22,7d,2f,66,82,7d,01,93,1e,c8,12,
46,06,97,72,fa,4a,0b,60,16,42,74,fc,16,5e,4f,4f,db,12,f8,e1,24,33,19,d5,1c,\
"rkeysecu"=hex:93,c0,b7,0a,5b,bd,07,8c,c4,f3,52,1f,ed,16,51,2c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-20 23:07:51
ComboFix-quarantined-files.txt 2014-07-20 21:07
.
Vor Suchlauf: 11 Verzeichnis(se), 104.910.770.176 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 105.744.072.704 Bytes frei
.
- - End Of File - - 609AEF1A935B05EBE6C2C9B926FF5565
|
|
21.07.2014, 12:15
| #8 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2014, 18:08
| #9 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.07.2014 Suchlauf-Zeit: 18:32:30 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.21.05 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 287269 Verstrichene Zeit: 8 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 29 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [54d5edb54a313105a1a2322ae31fad53], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [54d5edb54a313105a1a2322ae31fad53], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [c96092104734a294cf1b6fe81fe3db25], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Löschen bei Neustart, [6cbd7a288ceffd39f7f4570046bc14ec], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [6cbd7a288ceffd39f7f4570046bc14ec], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64, In Quarantäne, [e148c8da5e1d05319e933989738f24dc], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64, In Quarantäne, [86a37c26b8c3a690a58ce1e138cad828], PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, In Quarantäne, [6bbe475be299ff3721cc556cf40ea15f], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, In Quarantäne, [32f7b2f075064aec2e6e11b2a0627a86], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4adf80221863e254ea047598db2953ad], PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FrEeSoFtOdAy, In Quarantäne, [ef3acfd38cefca6cea8e784d3fc3e51b], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [191041618cefae882c45cc56c4400ef2], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [3decd3cf3f3c9e98911fc41b19e9b848], PUP.Optional.Aartemis.A, HKLM\SOFTWARE\WOW6432NODE\AARTEMISSOFTWARE\aartemishp, In Quarantäne, [8d9cbfe3daa158dea6ba519d3bc78d73], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, In Quarantäne, [ea3fc1e10675e84eb7e5fec505fd4eb2], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [71b800a2364516206e80010c45bfc43c], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [8d9c59490b7061d5f9b212b4778b26da], PUP.Optional.NetCrawl.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util NetCrawl, In Quarantäne, [1f0a851dcfacf73f9e78e1e9b54d18e8], PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [a7824d552259af87311324b99b675aa6], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\V-9.1HD, Löschen bei Neustart, [e742e9b9b7c49d99e95fed36bc4812ee], PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Löschen bei Neustart, [bf6a1191502b14224114c6449f658b75], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Löschen bei Neustart, [8f9a386a77043df9380503db07fb9a66], PUP.Optional.RocketTab.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibnjmihbbanannlbobkbmnmckjnmdnom, Löschen bei Neustart, [4fda455d2457ab8b6637c102986a1ee2], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [a1883b67344787af2904fbf1e22049b7], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [f138e2c028533bfb83bb59a99e6657a9], PUP.Optional.Ciuvo.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, Löschen bei Neustart, [0e1b4161f487f442223ed4f41ce6b34d], PUP.Optional.SuperFish.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Löschen bei Neustart, [64c5386ae9926dc92f30b5136b978977], PUP.Optional.Qone8, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [1b0ed4ce85f6d5611ecfb25b53b17090], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [c267a6fcd4a769cd6446e5e11be7629e], Registrierungswerte: 3 PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\w7k71tpw.default-1397410510911\extensions\faststartff@gmail.com, In Quarantäne, [b376138fceadef470483928f22e2d12f] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, Löschen bei Neustart, [f138e2c028533bfb83bb59a99e6657a9] PUP.Optional.FastStart.A, HKU\S-1-5-21-1983403286-1626189231-2232492376-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [74b5c9d9f388e74f614320a7b74b926e] Registrierungsdaten: 8 PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SearchProtect64.dll, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SearchProtect64.dll),Ersetzt,[5ccdf9a97902ca6c3f907a1348b9f709] PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SearchProtect32.dll, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SearchProtect32.dll),Ersetzt,[ee3b851d4c2f9a9c0fc0f4993cc548b8] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2),Ersetzt,[0326752d4734280e373a465b3ec6d22e] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[c66310922655d561b1ef505b11f3718f] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2&q={searchTerms}),Ersetzt,[e544a101c9b2b87eb7b84859798b7090] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2),Ersetzt,[fb2e1290205b68cec0ada2ffc3410cf4] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1404280088&from=tugs&uid=WDCXWD5000LPVX-22V0TT0_WD-WXE1E13HHPC2HHPC2),Ersetzt,[16139b07df9c270f4f2220817f85e51b] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[73b69e045f1cf93d7729298248bcb34d] Ordner: 68 PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, In Quarantäne, [06232c76136884b27008faeea06243bd], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [f138bee41a6184b2586f1a7a56ac8977], PUP.Optional.OpenCandy, C:\Users\admin\AppData\Roaming\OpenCandy, In Quarantäne, [2aff178ba0db46f0bab0e5bfdc2647b9], PUP.Optional.OpenCandy, C:\Users\admin\AppData\Roaming\OpenCandy\0DE31C843F324607A6422B2256D0A209, In Quarantäne, [2aff178ba0db46f0bab0e5bfdc2647b9], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [0227386a1c5f3ef8421c7a2b3ac87090], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [0227386a1c5f3ef8421c7a2b3ac87090], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [0227386a1c5f3ef8421c7a2b3ac87090], PUP.Optional.BonanzaDeals.A, C:\Users\admin\AppData\Local\BonanzaDealsLive, In Quarantäne, [8b9e09995f1c61d55f0000a5fc0636ca], PUP.Optional.BonanzaDeals.A, C:\Users\admin\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [8b9e09995f1c61d55f0000a5fc0636ca], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [a386eab8d4a73ef89cc5aafb917106fa], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [a386eab8d4a73ef89cc5aafb917106fa], PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService, In Quarantäne, [9990f1b194e7ec4af29cfdabb74b4db3], PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe, In Quarantäne, [1a0fd7cbeb906cca02d2bfeb6d95619f], PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.76_0, In Quarantäne, [1a0fd7cbeb906cca02d2bfeb6d95619f], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, In Quarantäne, [9891e4bed1aadf57e1105e4d20e27d83], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SSL, In Quarantäne, [9891e4bed1aadf57e1105e4d20e27d83], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [70b9dbc71b60ed49dd647842ac567888], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [70b9dbc71b60ed49dd647842ac567888], PUP.Optional.SearchProtect.A, C:\Users\admin\AppData\Local\SearchProtect, In Quarantäne, [a7826c36f7845cda51f1625831d1c63a], PUP.Optional.RocketFind.A, C:\Users\admin\AppData\Roaming\RocketUpdater\UpdateProc, In Quarantäne, [f930604281fa2e08526203b87d85af51], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [3dec8f13413ae74f31845a6238ca0cf4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [3dec8f13413ae74f31845a6238ca0cf4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [3dec8f13413ae74f31845a6238ca0cf4], PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\systweak\ssd, In Quarantäne, [2207ccd6f38873c367f1635aa85ac040], Dateien: 151 PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [5ccdf9a97902ca6c3f907a1348b9f709], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [ee3b851d4c2f9a9c0fc0f4993cc548b8], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [54d5edb54a313105a1a2322ae31fad53], PUP.Optional.DigitalSites.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe, In Quarantäne, [af7a673b4e2d9e98944cbb7ee31e7090], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys, In Quarantäne, [e148c8da5e1d05319e933989738f24dc], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys, In Quarantäne, [86a37c26b8c3a690a58ce1e138cad828], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [d653039f0972072fe6cc5a858082ed13], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, In Quarantäne, [06232c76136884b27008faeea06243bd], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [ba6fd4ce2952b5814fa6feeaf80a1de3], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\config.dat, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\info.dat, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.DigitalSite.A, C:\Users\admin\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, In Quarantäne, [7baedcc6d1aaec4aa7474f9f57ab916f], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [1217d2d062198da97fd5e923857f1be5], Rogue.Multiple, C:\ProgramData\374311380\BIT5A6C.tmp, In Quarantäne, [f138bee41a6184b2586f1a7a56ac8977], PUP.Optional.OpenCandy, C:\Users\admin\AppData\Roaming\OpenCandy\0DE31C843F324607A6422B2256D0A209\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [2aff178ba0db46f0bab0e5bfdc2647b9], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [0227386a1c5f3ef8421c7a2b3ac87090], PUP.Optional.RocketFind.A, C:\Users\admin\AppData\Roaming\RocketUpdater\UpdateProc\config.dat, In Quarantäne, [f930604281fa2e08526203b87d85af51], PUP.Optional.RocketFind.A, C:\Users\admin\AppData\Roaming\RocketUpdater\UpdateProc\info.dat, In Quarantäne, [f930604281fa2e08526203b87d85af51], PUP.Optional.RocketFind.A, C:\Users\admin\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe, In Quarantäne, [f930604281fa2e08526203b87d85af51], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-07-02[07-49-41-838].log, In Quarantäne, [3dec8f13413ae74f31845a6238ca0cf4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [3dec8f13413ae74f31845a6238ca0cf4], PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [2207ccd6f38873c367f1635aa85ac040], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 21/07/2014 um 18:52:19
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - ADMIN-PC
# Gestartet von : C:\Users\admin\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\admin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\admin\Documents\Optimizer Pro
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\admin\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\admin\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\DigitalSite
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [LManager]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2B47855E-B429-4DF6-8293-E1DBF2381A07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6812 octets] - [21/07/2014 18:51:46]
AdwCleaner[S0].txt - [5672 octets] - [21/07/2014 18:52:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5732 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 21.07.2014 at 18:55:37,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\3k71wec3.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2014 at 19:01:00,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by admin (administrator) on ADMIN-PC on 21-07-2014 19:03:32
Running from C:\Users\admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2013-10-14] (Broadcom Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D3F423B5CE1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-04]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-10-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-21 19:01 - 2014-07-21 19:01 - 00000756 _____ () C:\Users\admin\Desktop\JRT.txt
2014-07-21 18:55 - 2014-07-21 18:55 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 18:53 - 2014-07-21 18:53 - 00005824 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-07-21 18:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 18:51 - 2014-07-21 18:52 - 00000000 ____D () C:\AdwCleaner
2014-07-21 18:50 - 2014-07-21 18:50 - 01354223 _____ () C:\Users\admin\Desktop\adwcleaner_3.216.exe
2014-07-21 18:50 - 2014-07-21 18:50 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 00040111 _____ () C:\Users\admin\Desktop\mbam.txt
2014-07-21 18:30 - 2014-07-21 18:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 18:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 18:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 18:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 18:27 - 2014-07-21 18:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:07 - 2014-07-20 23:07 - 00021756 _____ () C:\Users\admin\Desktop\ComboFix.txt
2014-07-20 22:36 - 2014-07-20 23:07 - 00000000 ____D () C:\Qoobox
2014-07-20 22:36 - 2014-07-20 23:06 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 22:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 22:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 22:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 22:33 - 2014-07-20 22:34 - 05561612 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Downloads\revosetup95.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-07-20 18:23 - 2014-07-20 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 09:28 - 2014-07-20 09:28 - 00001202 _____ () C:\Users\admin\Desktop\Format Factory.lnk
2014-07-20 09:28 - 2014-07-20 09:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-20 09:28 - 2014-06-25 19:14 - 48888704 _____ (AVM Software Inc.) C:\Users\admin\Documents\pal_install_a4650_r131001_p127000.exe
2014-07-20 09:27 - 2014-07-20 09:27 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-20 09:23 - 2014-07-20 09:27 - 53647808 _____ (Free Time) C:\Users\admin\Downloads\FFSetup_3.3.5.0.exe
2014-07-19 21:14 - 2014-07-19 21:14 - 539557340 _____ () C:\Windows\MEMORY.DMP
2014-07-19 21:14 - 2014-07-19 21:14 - 00280472 _____ () C:\Windows\Minidump\071914-17924-01.dmp
2014-07-19 21:14 - 2014-07-19 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 21:09 - 2014-07-19 21:09 - 00001338 _____ () C:\Users\admin\Desktop\Gmer.log
2014-07-19 20:58 - 2014-07-21 19:03 - 00009393 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-19 20:58 - 2014-07-19 20:58 - 00024514 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-19 20:56 - 2014-07-19 20:57 - 00380416 _____ () C:\Users\admin\Downloads\Gmer-19357.exe
2014-07-19 20:55 - 2014-07-19 20:56 - 00024514 _____ () C:\Users\admin\Downloads\Addition.txt
2014-07-19 20:54 - 2014-07-21 19:03 - 00000000 ____D () C:\FRST
2014-07-19 20:54 - 2014-07-19 20:56 - 00056293 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:54 - 2014-07-19 20:54 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-09 10:47 - 2014-07-09 10:46 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-09 09:09 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:09 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:09 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:09 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:09 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:09 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:09 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:09 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:09 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:09 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:09 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:09 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:09 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:09 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:09 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:09 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:09 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:09 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:09 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:09 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:08 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:08 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 21:38 - 2014-07-20 09:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-04 11:06 - 2014-07-10 15:00 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:01 - 2014-07-20 18:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 10:44 - 2014-07-04 10:52 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-04 10:41 - 2014-07-04 11:01 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:08 - 2014-07-17 17:21 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:23 - 2014-02-12 23:21 - 00000426 _____ () C:\AVScanner.ini
2014-07-03 10:31 - 2014-07-03 13:35 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 08:16 - 2014-07-03 23:23 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
==================== One Month Modified Files and Folders =======
2014-07-21 19:04 - 2014-07-19 20:58 - 00009393 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-21 19:03 - 2014-07-19 20:54 - 00000000 ____D () C:\FRST
2014-07-21 19:01 - 2014-07-21 19:01 - 00000756 _____ () C:\Users\admin\Desktop\JRT.txt
2014-07-21 19:00 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 19:00 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 18:56 - 2013-10-16 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 18:55 - 2014-07-21 18:55 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 18:53 - 2014-07-21 18:53 - 00005824 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-07-21 18:52 - 2014-07-21 18:51 - 00000000 ____D () C:\AdwCleaner
2014-07-21 18:52 - 2013-10-14 00:42 - 00000995 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-21 18:52 - 2013-10-14 00:41 - 01854775 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 18:52 - 2010-11-21 05:47 - 00878190 _____ () C:\Windows\PFRO.log
2014-07-21 18:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 18:52 - 2009-07-14 06:51 - 00089373 _____ () C:\Windows\setupact.log
2014-07-21 18:50 - 2014-07-21 18:50 - 01354223 _____ () C:\Users\admin\Desktop\adwcleaner_3.216.exe
2014-07-21 18:50 - 2014-07-21 18:50 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 00040111 _____ () C:\Users\admin\Desktop\mbam.txt
2014-07-21 18:48 - 2014-07-21 18:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 18:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 18:28 - 2014-07-21 18:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-21 09:47 - 2014-01-01 20:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-20 23:07 - 2014-07-20 23:07 - 00021756 _____ () C:\Users\admin\Desktop\ComboFix.txt
2014-07-20 23:07 - 2014-07-20 22:36 - 00000000 ____D () C:\Qoobox
2014-07-20 23:06 - 2014-07-20 22:36 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 22:34 - 2014-07-20 22:33 - 05561612 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-20 18:47 - 2013-10-13 01:28 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-07-20 18:47 - 2013-10-13 01:28 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-07-20 18:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 18:27 - 2014-07-04 11:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-20 18:23 - 2014-07-20 18:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Downloads\revosetup95.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-07-20 18:23 - 2014-07-20 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 09:28 - 2014-07-20 09:28 - 00001202 _____ () C:\Users\admin\Desktop\Format Factory.lnk
2014-07-20 09:28 - 2014-07-20 09:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-20 09:27 - 2014-07-20 09:27 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-20 09:27 - 2014-07-20 09:23 - 53647808 _____ (Free Time) C:\Users\admin\Downloads\FFSetup_3.3.5.0.exe
2014-07-20 09:26 - 2014-07-06 21:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-19 21:14 - 2014-07-19 21:14 - 539557340 _____ () C:\Windows\MEMORY.DMP
2014-07-19 21:14 - 2014-07-19 21:14 - 00280472 _____ () C:\Windows\Minidump\071914-17924-01.dmp
2014-07-19 21:14 - 2014-07-19 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 21:09 - 2014-07-19 21:09 - 00001338 _____ () C:\Users\admin\Desktop\Gmer.log
2014-07-19 20:58 - 2014-07-19 20:58 - 00024514 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-19 20:57 - 2014-07-19 20:56 - 00380416 _____ () C:\Users\admin\Downloads\Gmer-19357.exe
2014-07-19 20:56 - 2014-07-19 20:55 - 00024514 _____ () C:\Users\admin\Downloads\Addition.txt
2014-07-19 20:56 - 2014-07-19 20:54 - 00056293 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:54 - 2014-07-19 20:54 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:53 - 2013-10-14 00:41 - 00000000 ____D () C:\Users\admin
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-19 19:54 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-07-19 10:35 - 2013-11-17 07:44 - 00000237 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-07-17 17:21 - 2014-07-04 10:08 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-17 17:20 - 2013-10-14 00:42 - 00058016 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 17:20 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-10 15:00 - 2014-07-04 11:06 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-10 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:04 - 2013-10-12 11:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2013-10-12 11:30 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:47 - 2014-03-19 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-09 10:46 - 2014-07-09 10:47 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:56 - 2013-10-16 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-07-04 10:41 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 10:52 - 2014-07-04 10:44 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-04 10:52 - 2014-06-18 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:27 - 2013-10-12 12:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 23:23 - 2014-07-02 08:16 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-03 13:35 - 2014-07-03 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 21:52 - 2014-05-23 14:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
2014-07-02 00:19 - 2014-05-07 17:11 - 00000000 ____D () C:\Users\admin\Documents\my games
2014-07-02 00:18 - 2014-01-04 02:18 - 00199781 _____ () C:\Windows\DirectX.log
2014-06-30 04:09 - 2014-07-09 09:08 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 09:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 19:14 - 2014-07-20 09:28 - 48888704 _____ (AVM Software Inc.) C:\Users\admin\Documents\pal_install_a4650_r131001_p127000.exe
2014-06-24 20:39 - 2014-07-04 11:01 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 11:01 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 11:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-24 15:09 - 2014-01-13 19:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 00:32
==================== End Of Log ============================
|
|
22.07.2014, 11:00
| #10 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im BrowserESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2014, 18:56
| #11 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Hallo, also es sind keine Werbungen und Pop Ups mehr da, aber ich weiß nicht so genau, ob jetzt wirklich alles weg ist. Hier das log von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c5577dc75f389140a00e7ec4527e6e5a
# engine=19349
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-25 04:09:05
# local_time=2014-07-25 06:09:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 2271 2669400 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1981627 157934395 0 0
# scanned=55247
# found=3
# cleaned=0
# scan_time=943
sh=E3BB76053BC0CF1B40697894D905AA3531209393 ft=1 fh=2753a842676d717b vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWK7E3PK\Setup[1].exe"
sh=CA34873691A351E2E16CEC14D08B2EAB03B4E6BD ft=1 fh=2d1e42a515297156 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=9C860E0B0EAFF9D2912642BC3940BA098C00BBCE ft=1 fh=41f2b86635803f1b vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\admin\Downloads\vlc-2.1.0-win64.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c5577dc75f389140a00e7ec4527e6e5a
# engine=19349
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-25 05:42:58
# local_time=2014-07-25 07:42:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 7904 2675033 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1987260 157940028 0 0
# scanned=197402
# found=6
# cleaned=0
# scan_time=5519
sh=D5F81E940DF0CA88EE270E1B9A597FEFFCABAE81 ft=1 fh=a38c288313053c89 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe"
sh=E3BB76053BC0CF1B40697894D905AA3531209393 ft=1 fh=2753a842676d717b vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWK7E3PK\Setup[1].exe"
sh=5C936497F44E3698891616EE6EAF05A071CB2405 ft=1 fh=891c55dc47c1f734 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\admin\Documents\pal_install_a4650_r131001_p127000.exe"
sh=A5102072B4D392DD837EDB635480D4854C0F74B0 ft=1 fh=7c9992a00115a484 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\admin\Downloads\FFSetup_3.3.5.0.exe"
sh=CA34873691A351E2E16CEC14D08B2EAB03B4E6BD ft=1 fh=2d1e42a515297156 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=9C860E0B0EAFF9D2912642BC3940BA098C00BBCE ft=1 fh=41f2b86635803f1b vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\admin\Downloads\vlc-2.1.0-win64.exe"
checkup: Code:
ATTFilter Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by admin (administrator) on ADMIN-PC on 25-07-2014 19:54:37
Running from C:\Users\admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2013-10-14] (Broadcom Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D3F423B5CE1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-04]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3k71wec3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-10-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 19:48 - 2014-07-25 19:54 - 00000776 _____ () C:\Users\admin\Desktop\checkup.txt
2014-07-25 19:48 - 2014-07-25 19:48 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-25 19:46 - 2014-07-25 19:46 - 00854390 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2014-07-25 00:23 - 2014-07-25 00:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\java
2014-07-25 00:22 - 2014-07-25 17:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2014-07-25 00:21 - 2014-07-25 00:22 - 00675988 _____ () C:\Users\admin\Downloads\Minecraft.exe
2014-07-23 20:45 - 2014-07-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 20:19 - 2014-07-22 20:19 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe
2014-07-21 19:01 - 2014-07-21 19:01 - 00000756 _____ () C:\Users\admin\Desktop\JRT.txt
2014-07-21 18:55 - 2014-07-21 18:55 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 18:53 - 2014-07-21 18:53 - 00005824 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-07-21 18:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 18:51 - 2014-07-21 18:52 - 00000000 ____D () C:\AdwCleaner
2014-07-21 18:50 - 2014-07-21 18:50 - 01354223 _____ () C:\Users\admin\Desktop\adwcleaner_3.216.exe
2014-07-21 18:50 - 2014-07-21 18:50 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 00040111 _____ () C:\Users\admin\Desktop\mbam.txt
2014-07-21 18:30 - 2014-07-21 18:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 18:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 18:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 18:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 18:27 - 2014-07-21 18:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:07 - 2014-07-20 23:07 - 00021756 _____ () C:\Users\admin\Desktop\ComboFix.txt
2014-07-20 22:36 - 2014-07-20 23:07 - 00000000 ____D () C:\Qoobox
2014-07-20 22:36 - 2014-07-20 23:06 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 22:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 22:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 22:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 22:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 22:33 - 2014-07-20 22:34 - 05561612 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Downloads\revosetup95.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-07-20 18:23 - 2014-07-20 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 09:28 - 2014-07-20 09:28 - 00001202 _____ () C:\Users\admin\Desktop\Format Factory.lnk
2014-07-20 09:28 - 2014-07-20 09:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-20 09:28 - 2014-06-25 19:14 - 48888704 _____ (AVM Software Inc.) C:\Users\admin\Documents\pal_install_a4650_r131001_p127000.exe
2014-07-20 09:27 - 2014-07-20 09:27 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-20 09:23 - 2014-07-20 09:27 - 53647808 _____ (Free Time) C:\Users\admin\Downloads\FFSetup_3.3.5.0.exe
2014-07-19 21:14 - 2014-07-19 21:14 - 539557340 _____ () C:\Windows\MEMORY.DMP
2014-07-19 21:14 - 2014-07-19 21:14 - 00280472 _____ () C:\Windows\Minidump\071914-17924-01.dmp
2014-07-19 21:14 - 2014-07-19 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 21:09 - 2014-07-19 21:09 - 00001338 _____ () C:\Users\admin\Desktop\Gmer.log
2014-07-19 20:58 - 2014-07-25 19:54 - 00010449 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-19 20:58 - 2014-07-19 20:58 - 00024514 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-19 20:56 - 2014-07-19 20:57 - 00380416 _____ () C:\Users\admin\Downloads\Gmer-19357.exe
2014-07-19 20:55 - 2014-07-19 20:56 - 00024514 _____ () C:\Users\admin\Downloads\Addition.txt
2014-07-19 20:54 - 2014-07-25 19:54 - 00000000 ____D () C:\FRST
2014-07-19 20:54 - 2014-07-25 19:48 - 02093568 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-19 20:54 - 2014-07-19 20:56 - 00056293 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-09 10:47 - 2014-07-09 10:46 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:47 - 2014-07-09 10:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-09 09:09 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:09 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:09 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:09 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:09 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:09 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:09 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:09 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:09 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:09 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:09 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:09 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:09 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:09 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:09 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:09 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:09 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:09 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:09 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:09 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:09 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:09 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:09 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:09 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:09 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:09 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:09 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:09 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:09 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:09 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:09 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:09 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:09 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:09 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:09 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:09 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:08 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:08 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 21:38 - 2014-07-20 09:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-04 11:06 - 2014-07-10 15:00 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:01 - 2014-07-20 18:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 11:01 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:44 - 2014-07-04 10:52 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-04 10:41 - 2014-07-04 11:01 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:08 - 2014-07-17 17:21 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:23 - 2014-02-12 23:21 - 00000426 _____ () C:\AVScanner.ini
2014-07-03 10:31 - 2014-07-03 13:35 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 08:16 - 2014-07-03 23:23 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 19:54 - 2014-07-25 19:48 - 00000776 _____ () C:\Users\admin\Desktop\checkup.txt
2014-07-25 19:54 - 2014-07-19 20:58 - 00010449 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-25 19:54 - 2014-07-19 20:54 - 00000000 ____D () C:\FRST
2014-07-25 19:48 - 2014-07-25 19:48 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-25 19:48 - 2014-07-19 20:54 - 02093568 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-25 19:46 - 2014-07-25 19:46 - 00854390 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2014-07-25 19:45 - 2013-10-14 00:41 - 01927661 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 18:56 - 2013-10-16 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 17:44 - 2014-07-25 00:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2014-07-25 14:10 - 2009-07-14 06:51 - 00090493 _____ () C:\Windows\setupact.log
2014-07-25 12:30 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 12:30 - 2009-07-14 06:45 - 00035824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 00:23 - 2014-07-25 00:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\java
2014-07-25 00:22 - 2014-07-25 00:21 - 00675988 _____ () C:\Users\admin\Downloads\Minecraft.exe
2014-07-23 20:45 - 2014-07-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 20:45 - 2014-07-04 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 20:19 - 2014-07-22 20:19 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe
2014-07-22 16:55 - 2013-10-13 01:28 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-07-22 16:55 - 2013-10-13 01:28 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-07-22 16:55 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 16:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 19:01 - 2014-07-21 19:01 - 00000756 _____ () C:\Users\admin\Desktop\JRT.txt
2014-07-21 18:55 - 2014-07-21 18:55 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 18:53 - 2014-07-21 18:53 - 00005824 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-07-21 18:52 - 2014-07-21 18:51 - 00000000 ____D () C:\AdwCleaner
2014-07-21 18:52 - 2013-10-14 00:42 - 00000995 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-21 18:52 - 2010-11-21 05:47 - 00878190 _____ () C:\Windows\PFRO.log
2014-07-21 18:50 - 2014-07-21 18:50 - 01354223 _____ () C:\Users\admin\Desktop\adwcleaner_3.216.exe
2014-07-21 18:50 - 2014-07-21 18:50 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 00040111 _____ () C:\Users\admin\Desktop\mbam.txt
2014-07-21 18:48 - 2014-07-21 18:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 18:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 18:30 - 2014-07-21 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 18:28 - 2014-07-21 18:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-21 09:47 - 2014-01-01 20:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-20 23:07 - 2014-07-20 23:07 - 00021756 _____ () C:\Users\admin\Desktop\ComboFix.txt
2014-07-20 23:07 - 2014-07-20 22:36 - 00000000 ____D () C:\Qoobox
2014-07-20 23:06 - 2014-07-20 22:36 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 22:34 - 2014-07-20 22:33 - 05561612 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-20 18:27 - 2014-07-04 11:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-20 18:23 - 2014-07-20 18:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Downloads\revosetup95.exe
2014-07-20 18:23 - 2014-07-20 18:23 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-07-20 18:23 - 2014-07-20 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 09:28 - 2014-07-20 09:28 - 00001202 _____ () C:\Users\admin\Desktop\Format Factory.lnk
2014-07-20 09:28 - 2014-07-20 09:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-20 09:27 - 2014-07-20 09:27 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-20 09:27 - 2014-07-20 09:23 - 53647808 _____ (Free Time) C:\Users\admin\Downloads\FFSetup_3.3.5.0.exe
2014-07-20 09:26 - 2014-07-06 21:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-07-19 21:14 - 2014-07-19 21:14 - 539557340 _____ () C:\Windows\MEMORY.DMP
2014-07-19 21:14 - 2014-07-19 21:14 - 00280472 _____ () C:\Windows\Minidump\071914-17924-01.dmp
2014-07-19 21:14 - 2014-07-19 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 21:09 - 2014-07-19 21:09 - 00001338 _____ () C:\Users\admin\Desktop\Gmer.log
2014-07-19 20:58 - 2014-07-19 20:58 - 00024514 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-19 20:57 - 2014-07-19 20:56 - 00380416 _____ () C:\Users\admin\Downloads\Gmer-19357.exe
2014-07-19 20:56 - 2014-07-19 20:55 - 00024514 _____ () C:\Users\admin\Downloads\Addition.txt
2014-07-19 20:56 - 2014-07-19 20:54 - 00056293 _____ () C:\Users\admin\Downloads\FRST.txt
2014-07-19 20:53 - 2014-07-19 20:53 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2014-07-19 20:53 - 2014-07-19 20:53 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-07-19 20:53 - 2013-10-14 00:41 - 00000000 ____D () C:\Users\admin
2014-07-19 20:51 - 2014-07-19 20:51 - 00050477 _____ () C:\Users\admin\Downloads\Defogger.exe
2014-07-19 20:39 - 2014-07-19 20:39 - 00055826 _____ () C:\Users\admin\Desktop\Ereignisse.txt
2014-07-19 20:29 - 2014-07-19 20:29 - 00003102 _____ () C:\Windows\System32\Tasks\{C996C0DB-51F0-4514-B8C3-5BDC0F040DF5}
2014-07-19 20:27 - 2014-07-19 20:27 - 00003172 _____ () C:\Windows\System32\Tasks\{4C311FA7-4673-49BD-B8AA-75D55BF820DE}
2014-07-19 19:54 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-07-19 10:35 - 2013-11-17 07:44 - 00000237 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-07-17 17:21 - 2014-07-04 10:08 - 00000003 _____ () C:\Users\admin\AppData\Local\proxy.log
2014-07-17 17:20 - 2013-10-14 00:42 - 00058016 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 17:20 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 20:23 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 22:54 - 2014-07-11 22:54 - 00000000 ____D () C:\Users\admin\AppData\Local\WorldofTanks
2014-07-10 15:00 - 2014-07-04 11:06 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-10 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:04 - 2013-10-12 11:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2013-10-12 11:30 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:47 - 2014-03-19 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-09 10:46 - 2014-07-09 10:47 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 10:46 - 2014-07-09 10:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-09 10:46 - 2014-07-09 10:46 - 00000000 ____D () C:\Program Files\Java
2014-07-09 10:41 - 2014-07-09 10:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:56 - 2013-10-16 20:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:56 - 2013-10-16 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-04 11:02 - 2014-07-04 11:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-07-04 11:02 - 2014-07-04 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 11:01 - 2014-07-04 11:01 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 11:01 - 2014-07-04 10:41 - 141865920 _____ () C:\Users\admin\Downloads\avira_free_antivirus45_de.exe
2014-07-04 10:59 - 2014-07-04 10:59 - 00000000 ____D () C:\Users\admin\Downloads\backups
2014-07-04 10:54 - 2014-07-04 10:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HiJackThis204.exe
2014-07-04 10:54 - 2014-07-04 10:54 - 00011743 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-07-04 10:52 - 2014-07-04 10:52 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-04 10:52 - 2014-07-04 10:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-07-04 10:52 - 2014-07-04 10:44 - 29677544 _____ (Mozilla) C:\Users\admin\Downloads\Firefox_Setup_de30.0.exe
2014-07-03 23:31 - 2014-07-03 23:31 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 23:31 - 2014-07-03 23:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-03 23:27 - 2013-10-12 12:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 23:23 - 2014-07-02 08:16 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-03 13:35 - 2014-07-03 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Media Player Classic
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-02 21:52 - 2014-05-23 14:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-02 08:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:49 - 2014-07-02 07:49 - 00000000 ____D () C:\Users\admin\AppData\Local\com
2014-07-02 00:19 - 2014-07-02 00:19 - 00000000 ____D () C:\ProgramData\Steam
2014-07-02 00:19 - 2014-05-07 17:11 - 00000000 ____D () C:\Users\admin\Documents\my games
2014-07-02 00:18 - 2014-01-04 02:18 - 00199781 _____ () C:\Windows\DirectX.log
2014-06-30 04:09 - 2014-07-09 09:08 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 09:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 19:14 - 2014-07-20 09:28 - 48888704 _____ (AVM Software Inc.) C:\Users\admin\Documents\pal_install_a4650_r131001_p127000.exe
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 00:32
==================== End Of Log ============================
--- --- --- |
|
26.07.2014, 18:36
| #12 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.07.2014, 07:59
| #13 |
| | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser Hallo, leider habe ich überlesen, dass ich die Fixlog.txt posten soll und habe alles gelöscht, wie aufgefordert  War das schlimm? Was muss ich nun machen? Vielen Dank für deine großartige und schnelle Hilfe. LG; Kabimaus |
|
27.07.2014, 13:47
| #14 |
| /// the machine /// TB-Ausbilder | Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser passt schon
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
