| |
| |||||||
Log-Analyse und Auswertung: ACER LAPTOP sehr langsam, wird heißer als sonst - Schädlingsbefall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.03.2015, 00:00
| #1 |
 |  ACER LAPTOP sehr langsam, wird heißer als sonst - Schädlingsbefall? Hallo mal wieder, mein zweiter Laptop verhält sich mal wieder merkwürdig. Er braucht sehr lang, hängt sich im Excel zuweilen auf, wird heißer als sonst und wirkt irgendwie "verschnupft". Defogger habe ich laufen lassen, aber das kam mir schon komisch vor: Ich klicke auf "disable", dann im nächsten Fensterchen auf "yes" und es dauert keine Sekunde, dann bekomme ich ein FINISHED. Und das kleine Fensterchen ist wieder da das mich fragt, ob ich DISABLE oder RE-ENABELn will. FRST ergab dies: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Kristina (administrator) on KRISTINA-PC on 27-03-2015 23:34:59 Running from C:\Users\Kristina\Downloads Loaded Profiles: Kristina & UpdatusUser & (Available profiles: Kristina & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Kristina\AppData\Local\Viber\Viber.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\tray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe () C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (windata GmbH & Co.KG) C:\windata\professional 8\windata8.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe (F.J. Wechselberger) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe [133120 2010-01-13] () HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Run: [Viber] => C:\Users\Kristina\AppData\Local\Viber\Viber.exe [936456 2014-02-07] () HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1008984 2015-03-19] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Viber] => C:\Users\Kristina\AppData\Local\Viber\Viber.exe [936456 2014-02-07] () HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1008984 2015-03-19] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Viber] => C:\Users\Kristina\AppData\Local\Viber\Viber.exe [936456 2014-02-07] () HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1008984 2015-03-19] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Viber] => C:\Users\Kristina\AppData\Local\Viber\Viber.exe [936456 2014-02-07] () HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1008984 2015-03-19] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata 8 Zahlungserinnerung.lnk ShortcutTarget: windata 8 Zahlungserinnerung.lnk -> C:\windata\professional 8\windataZahlungserinnerung.exe (windata GmbH & Co.KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1452072108-4067596569-1899591798-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1452072108-4067596569-1899591798-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1452072108-4067596569-1899591798-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1452072108-4067596569-1899591798-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{373D0177-27C3-4AC5-BFF0-673B22F00833}: [NameServer] 208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\veyywnna.default FF Homepage: hxxp://www.benefind.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-01-16] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-06-23] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\veyywnna.default\searchplugins\benefind.xml [2015-03-16] Chrome: ======= CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\default CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-23] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-03-23] (Foxit Software Inc.) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [702984 2015-03-19] (Garmin Ltd. or its subsidiaries) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH) R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [247296 2010-01-13] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia) S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology) [File not signed] S4 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [7168 2005-05-16] (Protection Technology) [File not signed] S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology) [File not signed] U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 23:35 - 2015-03-27 23:35 - 00380416 _____ () C:\Users\Kristina\Downloads\Gmer-19357.exe 2015-03-27 23:34 - 2015-03-27 23:36 - 00028626 _____ () C:\Users\Kristina\Downloads\FRST.txt 2015-03-27 23:34 - 2015-03-27 23:35 - 00000000 ____D () C:\FRST 2015-03-27 23:34 - 2015-03-27 23:34 - 02095616 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe 2015-03-27 23:31 - 2015-03-27 23:34 - 00000478 _____ () C:\Users\Kristina\Downloads\defogger_disable.log 2015-03-27 23:31 - 2015-03-27 23:31 - 00000000 _____ () C:\Users\Kristina\defogger_reenable 2015-03-27 23:30 - 2015-03-27 23:30 - 00050477 _____ () C:\Users\Kristina\Downloads\Defogger(1).exe 2015-03-25 17:50 - 2015-03-25 17:50 - 00000000 ____D () C:\Users\Kristina\Tracing 2015-03-25 17:49 - 2015-03-25 17:49 - 00003086 _____ () C:\Windows\System32\Tasks\{3EBE55AB-F2CA-4558-98FA-4C583EC2127C} 2015-03-23 22:57 - 2015-03-23 22:59 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Garmin_Ltd._or_its_subsid 2015-03-23 22:56 - 2015-03-23 22:56 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2015-03-23 22:56 - 2015-03-23 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-03-23 00:45 - 2015-03-23 00:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 15:47 - 2015-03-25 19:04 - 00000000 ____D () C:\Users\Kristina\Documents\Flo 2015-03-19 08:23 - 2015-03-19 08:23 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\de.hueber.NextA1Starter 2015-03-18 18:57 - 2015-03-18 18:57 - 00000000 ____D () C:\Users\Kristina\Documents\Hueber 2015-03-18 18:57 - 2015-03-18 18:57 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\de.hueber.NextA1Starter.A0C2A48213B65DD98C4EE2A6FFB8BD5B9EC3BAE9.1 2015-03-18 18:56 - 2015-03-18 18:56 - 00001042 _____ () C:\Users\Public\Desktop\Next_Starter_A1.lnk 2015-03-18 18:56 - 2015-03-18 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber 2015-03-18 18:47 - 2015-03-18 18:55 - 00000000 ____D () C:\Program Files (x86)\Hueber 2015-03-18 18:41 - 2015-03-18 18:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-03-18 18:41 - 2015-03-18 18:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-03-17 10:07 - 2015-03-17 10:07 - 00000000 ____D () C:\Users\Kristina\Downloads\Neuer Ordner 2015-03-16 23:55 - 2015-03-16 23:55 - 02171392 _____ () C:\Users\Kristina\Downloads\adwcleaner_4.112.exe 2015-03-16 18:42 - 2015-03-16 18:42 - 00027648 _____ () C:\Users\Kristina\Downloads\Wordvorlage_Visitenkarten5020417q.dot 2015-03-16 18:37 - 2015-03-16 18:38 - 00027136 _____ () C:\Users\Kristina\Downloads\Wordvorlage_Visitenkarten5020417h.dot 2015-03-13 17:16 - 2015-03-13 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-03-11 22:41 - 2015-03-16 20:44 - 00000000 ____D () C:\Users\Kristina\Documents\WW-neu 2015-03-10 07:52 - 2015-03-19 08:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\40C95EB3.sys 2015-03-10 00:08 - 2015-03-10 00:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-03-10 00:08 - 2015-03-10 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-03-10 00:08 - 2015-03-10 00:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-03-10 00:03 - 2015-03-10 00:03 - 42096984 _____ (Apple Inc.) C:\Users\Kristina\Downloads\QuickTimeInstaller(1).exe 2015-03-02 21:59 - 2015-03-02 22:10 - 00000000 ____D () C:\Users\Kristina\Documents\Patientenverfügungen 2015-02-28 20:28 - 2015-02-28 20:28 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-28 20:28 - 2015-02-28 20:28 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-28 20:24 - 2015-02-28 20:24 - 00243576 _____ () C:\Users\Kristina\Downloads\Firefox Setup Stub 36.0.exe 2015-02-26 19:21 - 2015-02-26 19:21 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-26 19:21 - 2015-02-26 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-26 19:20 - 2015-02-26 19:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-26 19:20 - 2015-02-26 19:21 - 00000000 ____D () C:\Program Files\iTunes 2015-02-26 19:20 - 2015-02-26 19:20 - 00000000 ____D () C:\Program Files\iPod 2015-02-26 19:20 - 2015-02-26 19:20 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-26 12:56 - 2015-02-26 13:02 - 525407360 _____ () C:\Users\Kristina\Downloads\Wir-Impfen-nicht-DVD-2014.flv 2015-02-26 08:28 - 2015-02-26 08:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 23:31 - 2013-09-20 10:40 - 00000000 ____D () C:\Users\Kristina 2015-03-27 23:27 - 2013-09-24 09:29 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MyPhoneExplorer 2015-03-27 23:23 - 2013-12-11 13:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-27 23:02 - 2014-07-02 20:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000UA.job 2015-03-27 22:52 - 2013-10-02 16:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-27 22:20 - 2014-06-25 23:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-27 21:40 - 2013-09-20 10:31 - 01381481 _____ () C:\Windows\WindowsUpdate.log 2015-03-27 21:24 - 2015-02-14 11:06 - 00242176 _____ () C:\Users\Kristina\Desktop\Claves_copy.xls 2015-03-27 20:52 - 2013-10-02 16:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-27 20:02 - 2014-07-02 20:32 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000Core.job 2015-03-27 17:07 - 2013-09-20 18:25 - 00000000 ____D () C:\Users\Kristina\Documents\Outlook-Dateien 2015-03-26 01:06 - 2015-02-13 21:18 - 00000000 ____D () C:\Users\Kristina\Documents\LLLD 2015-03-25 21:16 - 2009-07-14 05:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-25 21:16 - 2009-07-14 05:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-25 17:50 - 2014-09-19 04:49 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-25 17:50 - 2013-09-20 18:55 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype 2015-03-25 17:50 - 2013-09-20 18:55 - 00000000 ____D () C:\ProgramData\Skype 2015-03-25 17:47 - 2014-02-22 23:31 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\ViberPC 2015-03-24 22:32 - 2014-02-22 23:30 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Viber 2015-03-24 22:25 - 2013-10-26 16:57 - 00043763 _____ () C:\Windows\setupact.log 2015-03-24 22:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-24 22:24 - 2014-06-25 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-24 22:24 - 2013-10-28 18:19 - 00344686 _____ () C:\Windows\PFRO.log 2015-03-24 22:24 - 2013-09-20 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-24 00:40 - 2014-06-25 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-24 00:40 - 2013-10-28 18:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-23 22:58 - 2013-10-23 17:18 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-23 22:57 - 2013-10-23 17:18 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-03-23 22:56 - 2014-07-18 13:13 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2015-03-23 22:56 - 2013-10-23 17:18 - 00000000 ____D () C:\ProgramData\Garmin 2015-03-19 11:14 - 2014-07-17 23:27 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Adobe 2015-03-19 08:27 - 2013-12-11 13:33 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-19 08:27 - 2013-12-11 13:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-19 08:27 - 2013-12-11 13:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-19 08:03 - 2015-01-14 22:02 - 00337358 _____ () C:\Users\Kristina\Desktop\Wrede, Kristina - Einkommensteuererklärung 2013.s14 2015-03-18 18:43 - 2013-09-23 11:14 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-17 06:15 - 2014-06-25 23:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2013-11-02 17:54 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2013-10-28 18:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-16 23:05 - 2015-01-20 15:16 - 00000000 ____D () C:\Users\Kristina\Documents\In this moment 2015-03-16 23:05 - 2013-10-04 08:54 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\7-PDFSplitMerge 2015-03-16 18:29 - 2014-09-18 11:00 - 00000000 ____D () C:\Users\Kristina\Documents\Selbstständigkeit 2015-03-14 10:49 - 2013-11-25 12:52 - 00000832 _____ () C:\Windows\wiso.ini 2015-03-10 08:07 - 2014-09-17 12:05 - 00000000 ____D () C:\Users\Kristina\Documents\Wonderful Events 2015-03-06 17:29 - 2015-02-21 18:50 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2015-03-06 17:29 - 2014-02-13 19:57 - 00000000 ____D () C:\ProgramData\Temp 2015-03-06 15:52 - 2013-11-04 21:40 - 00000000 ____D () C:\AdwCleaner 2015-03-03 12:28 - 2013-09-20 19:51 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-03 12:28 - 2013-09-20 19:50 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-03 12:28 - 2013-09-20 19:50 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-01 17:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-28 20:29 - 2013-09-20 10:47 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Mozilla 2015-02-26 19:20 - 2013-09-23 23:52 - 00000000 ____D () C:\Program Files\Common Files\Apple ==================== Files in the root of some directories ======= 2013-10-27 21:03 - 2014-05-03 04:02 - 0000117 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG 2013-10-27 21:03 - 2013-10-28 06:43 - 0000006 _____ () C:\Users\Kristina\AppData\Roaming\WBPU-TTL.DAT 2013-09-21 08:54 - 2013-09-21 08:54 - 0004871 _____ () C:\Users\Kristina\AppData\Local\HWVendorDetection.log 2013-09-20 19:50 - 2013-09-20 19:50 - 0000017 _____ () C:\Users\Kristina\AppData\Local\resmon.resmoncfg 2014-07-18 14:49 - 2014-07-18 14:49 - 0000032 _____ () C:\ProgramData\Temp.log Files to move or delete: ==================== C:\Users\Kristina\picpick.exe Some content of TEMP: ==================== C:\Users\Kristina\AppData\Local\Temp\avgnt.exe C:\Users\Kristina\AppData\Local\Temp\drm_dialogs.dll C:\Users\Kristina\AppData\Local\Temp\Quarantine.exe C:\Users\Kristina\AppData\Local\Temp\SkypeSetup.exe C:\Users\Kristina\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 18:34 ==================== End Of Log ============================ Addition ergab: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Kristina at 2015-03-27 23:36:32 Running from C:\Users\Kristina\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) GLS eBank Software (HKLM-x32\...\{2713774C-CC3F-472B-8BA5-FC397B104188}) (Version: 08.08.0000 - windata GmbH & Co.KG) GLS eBank Software (HKLM-x32\...\{272E9F61-9B6B-48CB-A62E-7A1207EFA299}) (Version: 08.08.0000 - windata GmbH & Co.KG) 7-PDF Split & Merge Version 2.1.0 (Build 128) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.1.0 (Build 128) - 7-PDF, Germany - Thorsten Hodes) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Kindle) (Version: - Amazon) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AquaSoft PhotoKalender (HKLM-x32\...\AquaSoft PhotoKalender) (Version: - AquaSoft) AquaSoft PhotoKalender (x32 Version: 1.2.11 - AquaSoft) Hidden Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG) Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.6.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation) Brother MFL-Pro Suite MFC-235C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Dialang V1 Beta (HKLM-x32\...\{97DF4674-AB43-11D5-91C9-005004F84FA1}) (Version: - ) Elevated Installer (x32 Version: 4.0.11.0 - Garmin Ltd or its subsidiaries) Hidden Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.59.323 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) Garmin Express (HKLM-x32\...\{217450b3-8c73-413b-a058-cf271291d683}) (Version: 4.0.11.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.11.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.11.0 - Garmin Ltd or its subsidiaries) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group) LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.1.50 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home deutscher Support (x32 Version: 1.1.50 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.1.50 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO) MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_MSI_Slideshow_Maker_2) (Version: 2.0.0.8 - MAGIX AG) MAGIX Slideshow Maker 2 (x32 Version: 2.0.0.8 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang) Mobile Partner Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation) Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{9EC952A0-A070-4309-A371-35D9A5B8AFB5}) (Version: 5.1.27 - Oracle Corporation) MySQL Connector Net 6.7.4 (HKLM-x32\...\{D6952EDA-6AC4-4480-A060-BD6025B15BAD}) (Version: 6.7.4 - Oracle) MySQL Connector/C 6.1 (HKLM\...\{BB309579-ABEC-4F5B-A785-4FA16DD1277B}) (Version: 6.1.2 - Oracle Corporation) MySQL Connector/ODBC 5.2 (HKLM\...\{6F4E90AC-3B32-4631-A9E5-5CC0186CA97B}) (Version: 5.2.6 - Oracle Corporation) MySQL Documents 5.6 (HKLM-x32\...\{C518E05A-E718-4761-BDE0-F1FDB6DEC71E}) (Version: 5.6.15 - Oracle Corporation) MySQL Examples and Samples 5.6 (HKLM-x32\...\{3431B8BE-318E-4FB8-8397-1DD0CEC1B790}) (Version: 5.6.15 - Oracle Corporation) MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation) MySQL Server 5.6 (HKLM\...\{9732D1BA-9F35-4378-B713-151BD360A390}) (Version: 5.6.15 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{09B13753-CEB1-49FE-9933-9CDB664CB6EC}) (Version: 1.3.5 - Oracle) MySQL Workbench 6.0 CE (HKLM-x32\...\{654A0779-F661-4D7C-B0EB-0DDF3CEDE963}) (Version: 6.0.8 - Oracle Corporation) Next Starter + A1 (HKLM-x32\...\de.hueber.NextA1Starter.A0C2A48213B65DD98C4EE2A6FFB8BD5B9EC3BAE9.1) (Version: 1.0 - Hueber Verlag GmbH & Co KG) Next Starter + A1 (x32 Version: 1.0 - Hueber Verlag GmbH & Co KG) Hidden NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden NI EulaDepot (x32 Version: 3.20.363 - National Instruments) Hidden NI MDF Support (x32 Version: 3.20.363 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 3.20.363 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) SRWare Iron Version SRWare Iron 32.0.1750.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 32.0.1750.1 - SRWare) Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) SuperMailer 8.01 (HKLM-x32\...\Newsletter Software SuperMailer_is1) (Version: 8.01 - Mirko Boeer Softwareentwicklungen) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer) Unity Web Player (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Viber (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) Viber (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) Viber (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) Viber (HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) WebEx Event-Manager für Firefox oder Chrome (HKLM-x32\...\{3104A47C-6D0F-4221-971E-4723BEB13750}) (Version: 28.12.6.17378 - Cisco WebEx LLC) windata 8 (HKLM-x32\...\{E827B53E-9289-4ACB-8AE2-D291712AD06B}) (Version: 08.08.0000 - windata GmbH & Co.KG) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{41C615EC-DA82-4761-8D07-FA2F48273F2F}) (Version: 21.00.8480 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1452072108-4067596569-1899591798-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0535AC86-C747-437B-90CD-C5B9E520841C} - System32\Tasks\{377FF33A-55A7-4D46-A327-4D0434653B1E} => pcalua.exe -a C:\Users\Kristina\Downloads\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64\Setup.exe -d C:\Users\Kristina\Downloads\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64\Acer_Camera_Suyin_v.5.2.5.3_Win7x86x64 -c -s -f2"C:\Webcam.log" Task: {2148FF38-7DD0-4E5F-9C93-C60BC18A3FD7} - System32\Tasks\{3EBE55AB-F2CA-4558-98FA-4C583EC2127C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/de/abandoninstall?page=tsProgressBar Task: {25922C0A-28D5-466F-817C-3EB138CD6D54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {26302D36-7AF2-435C-B7C1-43F4C4E3652A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {52BAF761-9EF9-4836-B068-AB7A01AF18B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {5892906C-DEA9-46A1-BFBC-136206DA5C02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.) Task: {6D274377-097E-4C8C-ACE1-333FF4D353F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {70C2B380-CB47-4B35-83A6-2C7A817B8240} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {90F58645-41A2-49A1-BC22-66F592ACD91D} - System32\Tasks\{1B1F616C-54EC-4B18-BBCE-98307856839D} => pcalua.exe -a "C:\GLS eBank Software\Profi\windata8.exe" -d "C:\GLS eBank Software\Profi\" Task: {99F81803-A10E-476C-A7DF-3100555EE63F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.) Task: {CDFA953D-56B0-4AE4-B4A1-5DCFFDDE0231} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000Core.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452072108-4067596569-1899591798-1000UA.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-12-15 21:06 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-29 16:23 - 2010-01-13 19:14 - 00247296 _____ () C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-02-13 15:09 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe 2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-02-22 23:30 - 2014-02-07 14:23 - 00936456 _____ () C:\Users\Kristina\AppData\Local\Viber\Viber.exe 2013-11-29 16:23 - 2010-01-13 19:13 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe 2015-02-13 04:20 - 2015-02-13 04:20 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2013-12-20 17:39 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-03-09 19:39 - 2015-03-09 19:39 - 49471488 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libViber.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00770048 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libGLESv2.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00106496 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\qfacebook.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00172032 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\exif.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00049152 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libEGL.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00876544 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00024576 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00024576 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00204800 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00221184 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00016384 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00016384 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00311296 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00016384 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00638976 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll 2015-03-09 19:39 - 2015-03-09 19:39 - 00032768 _____ () C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll 2013-09-21 07:43 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-02-26 08:28 - 2015-02-26 08:29 - 03348080 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-02-26 08:28 - 2015-02-26 08:29 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-02-26 08:28 - 2015-02-26 08:29 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-02-19 01:10 - 2011-02-19 01:10 - 01789952 _____ () C:\Program Files (x86)\MyPhoneExplorer\IconLib.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\Users\Kristina\Desktop\8b789e33-1642-4118-8d8c-95a1bd32c200%40mtasv.net.wdseml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1452072108-4067596569-1899591798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1452072108-4067596569-1899591798-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 208.67.222.222 - 208.67.220.220 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1452072108-4067596569-1899591798-500 - Administrator - Disabled) Gast (S-1-5-21-1452072108-4067596569-1899591798-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1452072108-4067596569-1899591798-1002 - Limited - Enabled) Kristina (S-1-5-21-1452072108-4067596569-1899591798-1000 - Administrator - Enabled) => C:\Users\Kristina UpdatusUser (S-1-5-21-1452072108-4067596569-1899591798-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5416230 Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5416230 Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5415216 Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5415216 Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5414217 Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5414217 Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 05:58:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7426 System errors: ============= Error: (03/26/2015 08:52:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Device Interaction Service erreicht. Error: (03/25/2015 08:03:30 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (03/24/2015 00:21:26 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR10 gefunden. Error: (03/23/2015 10:55:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/22/2015 11:20:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht. Error: (03/19/2015 08:08:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht. Error: (03/17/2015 01:26:24 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR31 gefunden. Error: (03/17/2015 01:26:23 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR31 gefunden. Error: (03/16/2015 06:24:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht. Error: (03/15/2015 09:36:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Microsoft Office Sessions: ========================= Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5416230 Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5416230 Error: (03/27/2015 07:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5415216 Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5415216 Error: (03/27/2015 07:29:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5414217 Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5414217 Error: (03/27/2015 07:28:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/27/2015 05:58:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7426 CodeIntegrity Errors: =================================== Date: 2014-09-17 08:15:53.633 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-17 08:15:53.555 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 13:52:45.721 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 13:52:45.696 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 76% Total physical RAM: 3947.86 MB Available physical RAM: 940.27 MB Total Pagefile: 7893.91 MB Available Pagefile: 3682.91 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.66 GB) (Free:329.81 GB) NTFS Drive g: (INTENSO) (Fixed) (Total:596.02 GB) (Free:5.38 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 09E51EF0) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 596.2 GB) (Disk ID: 6DD6E301) Partition 1: (Not Active) - (Size=596.2 GB) - (Type=0C) ==================== End Of Log ============================ GMER: GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-27 23:58:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Kristina\AppData\Local\Temp\fxdyrkoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075961401 2 bytes JMP 75a8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075961419 2 bytes JMP 75a8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075961431 2 bytes JMP 75b08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007596144a 2 bytes CALL 75a648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759614dd 2 bytes JMP 75b087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759614f5 2 bytes JMP 75b08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007596150d 2 bytes JMP 75b08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075961525 2 bytes JMP 75b08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007596153d 2 bytes JMP 75a7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075961555 2 bytes JMP 75a868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007596156d 2 bytes JMP 75b08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075961585 2 bytes JMP 75b08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007596159d 2 bytes JMP 75b0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759615b5 2 bytes JMP 75a7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759615cd 2 bytes JMP 75a8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759616b2 2 bytes JMP 75b08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759616bd 2 bytes JMP 75b085f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [212] entry point in ".rdata" section 0000000073ac71e6 .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[5132] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a68791 5 bytes JMP 0000000138f37765 ---- Processes - GMER 2.1 ---- Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libViber.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 000000005cf00000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libGLESv2.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 00000000745a0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\qfacebook.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:37) 0000000074560000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Network.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000073e40000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Core.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:37) 0000000062c50000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\icuin51.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (ICU I18N DLL/The ICU Project)(2015-03-09 18:39:35) 000000004a900000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\icuuc51.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (ICU Common DLL/The ICU Project)(2015-03-09 18:39:35) 0000000000be0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\icudt51.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (ICU Data DLL/The ICU Project)(2015-03-09 18:39:35) 0000000059ac0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\exif.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000074520000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000060a30000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 00000000614d0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000073cd0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000074450000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000057190000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000062130000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 00000000607c0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\libEGL.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000074480000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000073a80000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000072e90000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Declarative.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:37) 000000005bd40000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5XmlPatterns.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 0000000058d50000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Script.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 000000005b090000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:37) 000000005c060000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000074550000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000064a60000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 00000000606e0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000060660000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000062b90000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\Qt5Svg.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-09 18:39:38) 000000005bcc0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000062b80000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 000000005b040000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000062b70000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:38) 0000000051e80000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\d3dcompiler_43.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528] (Direct3D HLSL Compiler/Microsoft Corporation)(2015-03-09 18:39:32) 000000005cae0000 Library C:\Users\Kristina\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll (*** suspicious ***) @ C:\Users\Kristina\AppData\Local\Viber\Viber.exe [2528](2015-03-09 18:39:35) 0000000074060000 ---- EOF - GMER 2.1 ---- |
| Themen zu ACER LAPTOP sehr langsam, wird heißer als sonst - Schädlingsbefall? |
| adware, antivir, antivirus, avira, bonjour, browser, desktop, device driver, excel, firefox, flash player, home, homepage, hängt, installation, karte, langsam, mozilla, registry, security, software, svchost.exe, system, usb, windows, wiso |
Baum-Darstellung