|
Log-Analyse und Auswertung: Amazon Inkasso Mail erhalten und zip datei geöffnet!!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2014, 12:31 | #1 |
| Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Ich habe eine Email erhalten, die vorgab, ein Inkassoschreiben von Amazon zu sein. Diese enthielt im Anhang eine Zip Datei. Da ich vor kurzem aus meinem Urlaub kam und vor diesem noch etwas bei Amazon bestellt hatte, öffnete ich den Anhang aus erstem Schock heraus. Jedoch war mit der Bestellung alles einwandfrei gelaufen. Die einzige Veränderung, die ich seitdem am Laptop feststellen kann, ist, dass ich beim Firefox Fehlermeldungen wie "Proxy-Server verweigert die Verbindung" erhalte. Ist mein Laptop nun vom Trojaner befallen und wenn ja, was kann ich tun? |
12.09.2014, 12:33 | #2 |
/// TB-Ausbilder | Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Hallo,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.09.2014, 12:41 | #3 |
| Amazon Inkasso Mail erhalten und zip datei geöffnet!!! FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014 Ran by User (administrator) on USER-PC on 12-09-2014 13:42:07 Running from C:\Users\User\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe" HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9wtb0s7f.default-1390479736548 FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9wtb0s7f.default-1390479736548\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24] FF HKCU\...\Firefox\Extensions: [{1766c545-cec8-4a4d-a869-a22153bec7a3}] - C:\Program Files\Re-markit\150.xpi Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed] R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.) R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 uxddrv; \??\E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 13:42 - 2014-09-12 13:43 - 00013217 _____ () C:\Users\User\Downloads\FRST.txt 2014-09-12 13:41 - 2014-09-12 13:42 - 00000000 ____D () C:\FRST 2014-09-12 13:40 - 2014-09-12 13:41 - 01097728 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2014-09-12 12:55 - 2014-09-12 12:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 12:55 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-12 12:55 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-10 11:33 - 2014-09-10 11:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\BRT 2014-09-10 00:15 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 00:15 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 00:15 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 00:15 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 00:15 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 00:15 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 00:15 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 00:15 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 00:15 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 00:15 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 00:15 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 00:15 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 00:15 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 00:15 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 00:15 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 00:15 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 00:15 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 00:15 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 00:15 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 00:15 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 00:15 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 00:15 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 00:15 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 00:15 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 00:15 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 00:15 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 00:15 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 00:15 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 00:15 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 00:15 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 00:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-09 23:22 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 23:22 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 23:22 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 23:22 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 23:22 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 23:22 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-28 01:00 - 2014-08-28 01:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-28 00:59 - 2014-08-28 00:59 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-28 00:59 - 2014-08-28 00:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-28 00:59 - 2014-08-28 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-28 00:59 - 2014-08-28 00:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-27 21:26 - 2014-08-27 21:26 - 00015382 _____ () C:\Users\User\Documents\Lebenslauf Melissa.odt 2014-08-27 21:20 - 2014-08-27 21:20 - 00016986 _____ () C:\Users\User\Documents\Anschreiben Melissa.odt 2014-08-27 20:39 - 2014-08-27 20:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\OpenOffice 2014-08-27 20:36 - 2014-08-27 20:36 - 00001126 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-27 20:35 - 2014-08-27 20:35 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2014-08-27 20:35 - 2014-08-27 20:35 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-08-27 20:34 - 2014-08-27 20:35 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-27 20:33 - 2014-08-27 20:33 - 00000000 ____D () C:\Users\User\Desktop\OpenOffice 4.1.1 (de) Installation Files 2014-08-27 20:27 - 2014-08-27 20:33 - 164858324 _____ () C:\Users\User\Downloads\apacheopenofficewinx_27417.exe 2014-08-27 20:19 - 2014-08-27 20:19 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro 2014-08-27 20:14 - 2014-09-12 11:10 - 00000000 ____D () C:\Program Files\SmarterPower 2014-08-27 20:12 - 2014-08-27 20:12 - 00735632 _____ ( ) C:\Users\User\Downloads\Malavida_Download_Manager.exe 2014-08-27 20:01 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 20:01 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 13:43 - 2014-09-12 13:42 - 00013217 _____ () C:\Users\User\Downloads\FRST.txt 2014-09-12 13:42 - 2014-09-12 13:41 - 00000000 ____D () C:\FRST 2014-09-12 13:41 - 2014-09-12 13:40 - 01097728 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2014-09-12 13:23 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-12 13:23 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-12 13:18 - 2012-02-01 12:42 - 01875823 _____ () C:\Windows\WindowsUpdate.log 2014-09-12 13:15 - 2010-03-02 08:06 - 00202204 _____ () C:\Windows\PFRO.log 2014-09-12 13:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-12 13:15 - 2009-07-14 06:39 - 00096890 _____ () C:\Windows\setupact.log 2014-09-12 13:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Branding 2014-09-12 12:56 - 2014-09-12 12:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 12:55 - 2014-01-22 13:08 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-12 12:55 - 2014-01-22 13:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes 2014-09-12 12:55 - 2014-01-22 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-12 12:55 - 2014-01-22 13:08 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-09-12 12:46 - 2013-03-23 00:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-12 11:10 - 2014-08-27 20:14 - 00000000 ____D () C:\Program Files\SmarterPower 2014-09-12 02:12 - 2013-03-23 00:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-12 02:12 - 2012-02-07 16:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-11 13:54 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini 2014-09-10 16:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 12:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 11:33 - 2014-09-10 11:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\BRT 2014-09-10 00:14 - 2013-08-16 21:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 00:11 - 2014-05-07 03:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 00:11 - 2010-03-02 08:25 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 00:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-10 00:09 - 2010-03-02 07:02 - 01592824 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-05 03:52 - 2014-09-09 23:22 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-09 23:22 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-28 01:01 - 2014-08-28 01:00 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-28 00:59 - 2014-08-28 00:59 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-28 00:59 - 2014-08-28 00:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-28 00:59 - 2014-08-28 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-28 00:59 - 2014-08-28 00:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-28 00:59 - 2010-03-02 07:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-28 00:59 - 2010-03-02 07:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-28 00:59 - 2010-03-02 07:55 - 00000000 ____D () C:\Program Files\Java 2014-08-28 00:50 - 2009-07-14 06:33 - 00400840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-27 21:26 - 2014-08-27 21:26 - 00015382 _____ () C:\Users\User\Documents\Lebenslauf Melissa.odt 2014-08-27 21:26 - 2013-07-15 18:00 - 00146432 ___SH () C:\Users\User\Documents\Thumbs.db 2014-08-27 21:20 - 2014-08-27 21:20 - 00016986 _____ () C:\Users\User\Documents\Anschreiben Melissa.odt 2014-08-27 20:39 - 2014-08-27 20:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\OpenOffice 2014-08-27 20:36 - 2014-08-27 20:36 - 00001126 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-27 20:36 - 2012-02-01 12:46 - 00109208 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-27 20:35 - 2014-08-27 20:35 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2014-08-27 20:35 - 2014-08-27 20:35 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-08-27 20:35 - 2014-08-27 20:34 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-27 20:33 - 2014-08-27 20:33 - 00000000 ____D () C:\Users\User\Desktop\OpenOffice 4.1.1 (de) Installation Files 2014-08-27 20:33 - 2014-08-27 20:27 - 164858324 _____ () C:\Users\User\Downloads\apacheopenofficewinx_27417.exe 2014-08-27 20:19 - 2014-08-27 20:19 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro 2014-08-27 20:12 - 2014-08-27 20:12 - 00735632 _____ ( ) C:\Users\User\Downloads\Malavida_Download_Manager.exe 2014-08-27 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-08-27 20:01 - 2013-10-23 10:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\SoftGrid Client 2014-08-23 03:46 - 2014-08-27 20:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-27 20:01 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 19:39 - 2014-09-10 00:15 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-10 00:15 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-10 00:15 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-10 00:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-10 00:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-10 00:15 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-10 00:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-10 00:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-10 00:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-10 00:15 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-10 00:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-10 00:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-10 00:15 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-10 00:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-10 00:15 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-10 00:15 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-10 00:15 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-10 00:15 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-10 00:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-10 00:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-10 00:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-10 00:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-10 00:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-10 00:15 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-10 00:15 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-10 00:15 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-10 00:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-10 00:15 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-10 00:15 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-10 00:15 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.3608.dll Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\46460-658931-microsoft-office-home-and-student-2010.exe C:\Users\User\AppData\Local\Temp\AskSLib.dll C:\Users\User\AppData\Local\Temp\avgnt.exe C:\Users\User\AppData\Local\Temp\BackupSetup.exe C:\Users\User\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\msg813B.exe C:\Users\User\AppData\Local\Temp\optprosetup.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\uninst1.exe C:\Users\User\AppData\Local\Temp\vcredist_x86.exe C:\Users\User\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-09 20:00 ==================== End Of Log ============================ ADDITION:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014 Ran by User at 2014-09-12 13:43:33 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader 9.3.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A93000000001}) (Version: 9.3.1 - Adobe Systems Incorporated) ALDI Süd Foto Manager Free (HKLM\...\ALDI Süd Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG) ALDI Süd Foto Service (HKLM\...\ALDI Süd Foto Service D) (Version: 4.5.9.140 - MAGIX AG) Aldi Süd Fotoservice (HKLM\...\Aldi Süd Fotoservice_is1) (Version: - ) ALDI SÜD Mah Jong (HKLM\...\ALDI SÜD Mah Jong) (Version: - ) ALDI Süd Online Druck Service (HKLM\...\ALDI Süd Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG) Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation) CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation) CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.) CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.) CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2522 - CyberLink Corp.) CyberLink PowerDirector (Version: 8.0.2522 - CyberLink Corp.) Hidden CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.00 - CyberLink Corp.) CyberLink PowerDVD 9 (Version: 9.0.2519.00 - CyberLink Corp.) Hidden CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.) CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.) CyberLink YouCam (Version: 3.0.2609 - CyberLink Corp.) Hidden ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG) Gadu-Gadu 10 (HKLM\...\Gadu-Gadu 10) (Version: - GG Network S.A.) GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2092 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.) JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MEDION Fotos auf CD & DVD SE Sued (HKLM\...\MEDION Fotos auf CD & DVD SE Sued D) (Version: 8.0.3.4 - MAGIX AG) Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.) Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6057 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.) Re-markit (HKLM\...\c974fc9c-b15a-417f-8a56-1c64d86b29b5) (Version: - Re-markit Software) <==== ATTENTION Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmarterPower (HKLM\...\SmarterPower) (Version: 2014.08.27.111014 - SmarterPower) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated) VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation) Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 20-08-2014 22:34:37 Geplanter Prüfpunkt 27-08-2014 18:01:13 Removed Microsoft Office Click-to-Run 2010 27-08-2014 18:26:44 Removed Microsoft Office Suite Activation Assistant. 27-08-2014 18:28:44 Microsoft Office File Validation Add-In wird entfernt 27-08-2014 18:34:16 OpenOffice 4.1.1 wird installiert 27-08-2014 20:56:22 Windows Update 27-08-2014 22:57:53 Installed Java 7 Update 67 09-09-2014 22:07:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {73BFA78A-5EFB-4254-99A8-BC9D6F73E1D6} - \Plus-HD-1.7-codedownloader No Task File <==== ATTENTION Task: {8B90BEF8-F7B7-41F9-814A-FD74ABA3C732} - \Plus-HD-1.7-firefoxinstaller No Task File <==== ATTENTION Task: {E3EEDD55-96F1-491D-8F22-F12DE1BD3930} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated) Task: {E633A2BE-228B-4CC9-8A87-E75B209E3C10} - \Plus-HD-1.7-updater No Task File <==== ATTENTION Task: {F56F5496-F3BE-496A-9D56-AC5B56AB4130} - \Plus-HD-1.7-enabler No Task File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-02 07:59 - 2010-02-10 13:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2010-03-02 07:17 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2014-07-31 23:16 - 2014-07-31 23:17 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/27/2014 08:37:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91 Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x2790 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (08/13/2014 02:58:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a4c ID des fehlerhaften Prozesses: 0x63c Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/11/2014 02:44:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000795b ID des fehlerhaften Prozesses: 0xee4 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/11/2014 00:02:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a4c ID des fehlerhaften Prozesses: 0x10f4 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/09/2014 01:12:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000795b ID des fehlerhaften Prozesses: 0xc34 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/08/2014 09:13:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000795b ID des fehlerhaften Prozesses: 0x1fd0 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/08/2014 05:55:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a4c ID des fehlerhaften Prozesses: 0xb78 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/06/2014 11:29:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a69 ID des fehlerhaften Prozesses: 0x1e64 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/06/2014 02:06:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000795b ID des fehlerhaften Prozesses: 0x1a98 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 Error: (08/06/2014 00:06:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000795b ID des fehlerhaften Prozesses: 0x12e4 Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0 Pfad der fehlerhaften Anwendung: ipmGui.exe1 Pfad des fehlerhaften Moduls: ipmGui.exe2 Berichtskennung: ipmGui.exe3 System errors: ============= Error: (09/12/2014 11:10:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util SmarterPower" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/12/2014 11:10:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update SmarterPower" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/09/2014 01:47:11 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/08/2014 00:26:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util SmarterPower" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/08/2014 00:26:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Util SmarterPower erreicht. Error: (09/08/2014 00:26:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update SmarterPower" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/08/2014 00:26:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update SmarterPower erreicht. Error: (09/08/2014 00:25:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/08/2014 00:25:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht. Error: (08/13/2014 10:25:46 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (08/27/2014 08:37:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b279001cfc2249307cfa9C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll2187a568-2e19-11e4-8ab5-00262df565f6 Error: (08/13/2014 02:58:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4c63c01cfb67edb1663ecC:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exee4d180b3-2284-11e4-b9af-00262df565f6 Error: (08/11/2014 02:44:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795bee401cfb54b6698d361C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exe30bf2fbb-2155-11e4-b7f2-00262df565f6 Error: (08/11/2014 00:02:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4c10f401cfb537f6118034C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exea803885c-213e-11e4-b7f2-00262df565f6 Error: (08/09/2014 01:12:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795bc3401cfb34d84ebe580C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exe883743be-1f51-11e4-b7ef-00262df565f6 Error: (08/08/2014 09:13:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b1fd001cfb2bca3014957C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exe05153f27-1f30-11e4-b7ef-00262df565f6 Error: (08/08/2014 05:55:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4cb7801cfb2a7a50c8f36C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exee3acfe4c-1eaf-11e4-b7ef-00262df565f6 Error: (08/06/2014 11:29:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a691e6401cfb1857e5462efC:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exec4de6d5a-1db0-11e4-b7ef-00262df565f6 Error: (08/06/2014 02:06:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b1a9801cfb15e10e1d700C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exe1530ea89-1d62-11e4-b7ef-00262df565f6 Error: (08/06/2014 00:06:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b12e401cfb14992612848C:\program files\avira\antivir desktop\ipmGui.exeC:\program files\avira\antivir desktop\ipmGui.exe52793114-1d51-11e4-b7ef-00262df565f6 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 34% Total physical RAM: 3510.6 MB Available physical RAM: 2285.74 MB Total Pagefile: 7019.48 MB Available Pagefile: 5562.79 MB Total Virtual: 2047.88 MB Available Virtual: 1906.68 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:378 GB) NTFS Drive d: (Recover) (Fixed) (Total:40 GB) (Free:20.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 6513508B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
12.09.2014, 12:52 | #4 | |
/// TB-Ausbilder | Amazon Inkasso Mail erhalten und zip datei geöffnet!!!Zitat:
ESET Online Scanner
__________________ cheers, Leo |
12.09.2014, 18:14 | #5 |
| Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Ja, es hat sich zwar an sich kein weiteres Fenster geöffnet (also genau genommen hat sich nichts getan), aber ich habe immerwieder in der Zip Datei auf die enthaltene Datei geklickt. (Könnte mich selbst dafür erschlagen). Werde jetzt die vorgegebene Anweisung von Ihnen ausführen. Also, ich habe die Anweisung jetzt dreimal genau wie vorgegeben ausgeführt und jedes Mal konnte ich nach dem Schließen von ESET nichts im Explorer finden. Nach dem viertel Mal habe ich das Fenster jetzt noch geöffnet gelassen und noch nicht auf "Fertig stellen" geklickt. Jetzt habe ich mal auf "Liste der gefundenen Bedrohungen" geklickt und dort steht unten "Als Textdatei exportieren". Soll ich da mal draufklicken? Frage liebe, bevor ich was falsch mache... Ich habe auch grade bemerkt, dass im letzten Fenster, wo bei der Anleitung "Danke, dass sie ESET Online Scanner ausprobieren." steht, steht bei mir in rot "Wir empfehlen Ihnen ESET Smart Security oder ESET NOD32 Antivirus zu installieren." Nach langem Suchen habe ich es nach Abschluss gefunden. Die vorgegebene Eingabe für den Explorer lautet bei mir nur anders. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=52577429c097ee4b9594a6e0e96acab9 # engine=20124 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-09-12 12:50:30 # local_time=2014-09-12 02:50:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 21284 155078407 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 35095581 162157420 0 0 # scanned=37406 # found=19 # cleaned=0 # scan_time=2426 sh=25A712DAA4070841DCC31A62AD65C4215B0E8E36 ft=1 fh=3fa978ec809d6074 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-1.7\utils.exe.vir" sh=88AB474126A68F0A101C05AB2C1900FA0BAD5D33 ft=1 fh=c71c0011051a286f vn="Variante von Win32/AdWare.AddLyrics.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\150.dll.vir" sh=6CF06AE55A60FB6F6151D19F08ABD32BE62580FB ft=1 fh=4f3b29debf31c722 vn="Variante von Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\Uninstall.exe.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\102_dealply_m.js.vir" sh=7004C50EC82BFA560814E4094FC5D424F58161D3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\103_intext_5_m.js.vir" sh=CC9B5D471D8C379CBAA0E63FE16033287F90F82D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\108_icm_m.js.vir" sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\119_similar_web_m.js.vir" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\120_luck_m.js.vir" sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=5A141BCCD85017DFE1A0F635A8D1A4ED23D716E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir" sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir" sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\180_bpo_serp_m.js.vir" sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\191_ciuvo_m.js.vir" sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir" sh=9E444BD9CAFE2B9682721D4E074D0CB03E737B93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\208_gam_manager.js.vir" sh=C97BBD952CD903294EA0B889D7BB9BD1795E2C97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8796021AC742D759EB6629CFA22D23820041FB2F ft=1 fh=626734ce82a4d729 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=52577429c097ee4b9594a6e0e96acab9 # engine=20124 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-09-12 03:08:20 # local_time=2014-09-12 05:08:20 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 29555 155086678 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 35103852 162165691 0 0 # scanned=165307 # found=38 # cleaned=0 # scan_time=8171 sh=25A712DAA4070841DCC31A62AD65C4215B0E8E36 ft=1 fh=3fa978ec809d6074 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-1.7\utils.exe.vir" sh=88AB474126A68F0A101C05AB2C1900FA0BAD5D33 ft=1 fh=c71c0011051a286f vn="Variante von Win32/AdWare.AddLyrics.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\150.dll.vir" sh=6CF06AE55A60FB6F6151D19F08ABD32BE62580FB ft=1 fh=4f3b29debf31c722 vn="Variante von Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\Uninstall.exe.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\102_dealply_m.js.vir" sh=7004C50EC82BFA560814E4094FC5D424F58161D3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\103_intext_5_m.js.vir" sh=CC9B5D471D8C379CBAA0E63FE16033287F90F82D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\108_icm_m.js.vir" sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\119_similar_web_m.js.vir" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\120_luck_m.js.vir" sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=5A141BCCD85017DFE1A0F635A8D1A4ED23D716E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir" sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir" sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\180_bpo_serp_m.js.vir" sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\191_ciuvo_m.js.vir" sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir" sh=9E444BD9CAFE2B9682721D4E074D0CB03E737B93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\208_gam_manager.js.vir" sh=C97BBD952CD903294EA0B889D7BB9BD1795E2C97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8796021AC742D759EB6629CFA22D23820041FB2F ft=1 fh=626734ce82a4d729 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=CE76D8D5B9211B250002654860DD809D2CA62FDA ft=1 fh=9e521054acfe4244 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe" sh=EBF1D052C13B9F415AFE09541BDAB68F37429922 ft=1 fh=c9dedb6e21153ace vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\AppData\Local\Temp\optprosetup.exe" sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\1A3D894A-BAB0-7891-AA25-DAE2D59D7580\Latest\enhancedNT.dll" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\1A3D894A-BAB0-7891-AA25-DAE2D59D7580\Latest\IEHelper.dll" sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\dddslgczsldg\software\Cloud_Backup_Setup.exe" sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\is-FQO4F.tmp\OptProCrash.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSI5A76.tmp-\srptc.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\spusm.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\srptc.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\spusm.dll" sh=C992DE3D318BB72B8E76772AEC6D4901C0A1C623 ft=1 fh=b47bdf325a7b1513 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srbs.dll" sh=C36218BF46315C11A0E6D90CDD09AFDDE83E648C ft=1 fh=a236f9108107e224 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srbu.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srptc.dll" sh=E03B0ACEEDE37EE25F893C8BB314EE65CBB350CF ft=1 fh=99904d3f3e8379ad vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\FreeStudio.exe" sh=CE76D8D5B9211B250002654860DD809D2CA62FDA ft=1 fh=9e521054acfe4244 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Malavida_Download_Manager.exe" sh=45FCE453799F5C9325959AC55FFD442A714AD0DC ft=1 fh=9ec8e296cce51c5e vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\User\Downloads\vlc-2.0.3-win32.exe" sh=924FBFDFE9B60F15B52812AA6E122D15C5640F50 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\95d37.msi" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=52577429c097ee4b9594a6e0e96acab9 # engine=20127 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-09-12 04:25:20 # local_time=2014-09-12 06:25:20 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 12568 155091298 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 35108472 162170311 0 0 # scanned=165328 # found=38 # cleaned=0 # scan_time=4108 sh=25A712DAA4070841DCC31A62AD65C4215B0E8E36 ft=1 fh=3fa978ec809d6074 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-1.7\utils.exe.vir" sh=88AB474126A68F0A101C05AB2C1900FA0BAD5D33 ft=1 fh=c71c0011051a286f vn="Variante von Win32/AdWare.AddLyrics.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\150.dll.vir" sh=6CF06AE55A60FB6F6151D19F08ABD32BE62580FB ft=1 fh=4f3b29debf31c722 vn="Variante von Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit\Uninstall.exe.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\102_dealply_m.js.vir" sh=7004C50EC82BFA560814E4094FC5D424F58161D3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\103_intext_5_m.js.vir" sh=CC9B5D471D8C379CBAA0E63FE16033287F90F82D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\108_icm_m.js.vir" sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\119_similar_web_m.js.vir" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\120_luck_m.js.vir" sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=5A141BCCD85017DFE1A0F635A8D1A4ED23D716E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir" sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir" sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\180_bpo_serp_m.js.vir" sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\191_ciuvo_m.js.vir" sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir" sh=9E444BD9CAFE2B9682721D4E074D0CB03E737B93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\208_gam_manager.js.vir" sh=C97BBD952CD903294EA0B889D7BB9BD1795E2C97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uz7pj8d3.default\Extensions\dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8796021AC742D759EB6629CFA22D23820041FB2F ft=1 fh=626734ce82a4d729 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=CE76D8D5B9211B250002654860DD809D2CA62FDA ft=1 fh=9e521054acfe4244 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe" sh=EBF1D052C13B9F415AFE09541BDAB68F37429922 ft=1 fh=c9dedb6e21153ace vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\AppData\Local\Temp\optprosetup.exe" sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\1A3D894A-BAB0-7891-AA25-DAE2D59D7580\Latest\enhancedNT.dll" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\1A3D894A-BAB0-7891-AA25-DAE2D59D7580\Latest\IEHelper.dll" sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\dddslgczsldg\software\Cloud_Backup_Setup.exe" sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\is-FQO4F.tmp\OptProCrash.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSI5A76.tmp-\srptc.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\spusm.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIA77A.tmp-\srptc.dll" sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\sppsm.dll" sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\spusm.dll" sh=C992DE3D318BB72B8E76772AEC6D4901C0A1C623 ft=1 fh=b47bdf325a7b1513 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srbs.dll" sh=C36218BF46315C11A0E6D90CDD09AFDDE83E648C ft=1 fh=a236f9108107e224 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srbu.dll" sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\MSIF9C0.tmp-\srptc.dll" sh=E03B0ACEEDE37EE25F893C8BB314EE65CBB350CF ft=1 fh=99904d3f3e8379ad vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\FreeStudio.exe" sh=CE76D8D5B9211B250002654860DD809D2CA62FDA ft=1 fh=9e521054acfe4244 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Malavida_Download_Manager.exe" sh=45FCE453799F5C9325959AC55FFD442A714AD0DC ft=1 fh=9ec8e296cce51c5e vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\User\Downloads\vlc-2.0.3-win32.exe" sh=924FBFDFE9B60F15B52812AA6E122D15C5640F50 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\95d37.msi" |
15.09.2014, 12:33 | #6 |
/// TB-Ausbilder | Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Sorry für die Verzögerung. Hast du das zip-File noch oder ist es schon gelöscht? Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ --> Amazon Inkasso Mail erhalten und zip datei geöffnet!!! |
15.09.2014, 13:35 | #7 |
| Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Nein, habe die Email und die Datei aus Kurzschlussreaktion sofort gelöscht. Ich mache werde Ihre Anweisung jetzt durchführen. Code:
ATTFilter Detected Windows version: 6.1 Build 7601 Service Pack 1 Installing direct disk access driver ... Driver connection handle: 0x000000F4 1 valid drive(s) found. Details for Disk 0 - ST950032 5AS Rev 0003: Device name : \\.\PhysicalDrive0 Geometry (C/H/S) : 60801/255/63 Boot loader reputation : Unknown Cross view comparison : Passed Partition table integrity: Passed Boot loader hashes SHA-1 : F61074C24A6DA26C38919A0032AE32ED64E1F93E MD5 : 8A1C59E4DFEF87510470928550466632 |
15.09.2014, 14:55 | #8 |
/// TB-Ausbilder | Amazon Inkasso Mail erhalten und zip datei geöffnet!!! Anhängen ist nicht mehr nötig. Bis jetzt hab ich keine Hinweise gesehen, dass die Malware aktiv geworden ist. Schauen wir noch mit Emsisoft: Emsisoft Emergency Kit - Scanner Vorbereitung
Los gehts
__________________ cheers, Leo |