Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme mit LyricsContainer im Firefox auf dem BS Win8 (https://www.trojaner-board.de/140226-probleme-lyricscontainer-firefox-bs-win8.html)

Vanesy 21.08.2013 19:48
Probleme mit LyricsContainer im Firefox auf dem BS Win8
 
Hallo miteinander,

ich hatte unerwünschte Werbeeinblendungen und habe nach Googlesuche rausgefunden, dass es sich um das Firefox Add-On LyricsContainer handelt.

Habe dieses Add-On deaktivieren, aber nicht löschen können.
Nach stöbern auf diesem Board habe ich für mich beschlossen, dass ich mich in die Reihe der Hilfesuchenden einreihen muss/möchte.

Mein Antivirentoll Avira Antivir hat nichts angezeigt.

Hier meine Logfiles:

defogger habe ich ausgelassen, da mein PC recht neu ist und ich keine virtuellen Laufwerksemulatoren nutze.

Frst.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013
Ran by Monja (administrator) on 21-08-2013 19:52:46
Running from C:\Users\Monja\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-13] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-13] (Acer Incorporated)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [21864 2012-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll [20328 2012-07-25] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=EE5E7427EA2E30E5&affID=119557&tsp=4977
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=EE5E7427EA2E30E5&affID=119557&tsp=4977
SearchScopes: HKCU - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL =
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: LyricsContainer - {77e880b5-cae7-4928-8507-ec2e5007e73e} - C:\Program Files (x86)\LyricsContainer\128.dll (LyricsContainer)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default
FF user.js: detected! => C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: toolbar_AVIRA-V7 - C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files (x86)\LyricsContainer\128.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsContainer\128.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-07-18] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-21 19:49 - 2013-08-21 19:50 - 01576164 _____ (Farbar) C:\Users\Monja\Desktop\FRST64.exe
2013-08-21 18:27 - 2013-08-21 18:27 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 18:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-21 18:26 - 2013-08-21 18:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Monja\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-17 21:21 - 2013-08-17 21:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-17 21:21 - 2013-08-17 21:21 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-17 21:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-08-17 18:17 - 2013-08-20 19:42 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-17 18:17 - 2013-08-17 18:18 - 00000000 ____D C:\Users\Monja\AppData\Roaming\WinRAR
2013-08-17 18:08 - 2013-08-18 16:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-17 18:01 - 2013-08-18 16:25 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Systweak
2013-08-17 18:01 - 2013-02-28 16:27 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-17 17:41 - 2013-08-17 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-17 17:40 - 2013-08-17 19:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-17 17:39 - 2013-08-17 17:39 - 00000410 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Babylon
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\ProgramData\Babylon
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-08-17 16:46 - 2013-08-17 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 20:00 - 2013-08-15 20:03 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 18:48 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 18:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 18:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:47 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 18:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:47 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 18:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:47 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 18:47 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 18:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 18:45 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 18:45 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 18:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:44 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:44 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:44 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:44 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 18:44 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 18:44 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-10 16:13 - 2013-08-10 16:18 - 00000000 ____D C:\Program Files (x86)\Paletti
2013-08-10 16:13 - 2011-05-24 14:24 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42D.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00827445 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCO42D.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR70.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00094285 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCIRTD.DLL
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli
2013-08-09 17:13 - 2013-08-20 16:43 - 00000000 ____D C:\Musik Jean-Luke
2013-08-05 23:01 - 2013-08-20 22:41 - 00012030 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-05 20:56 - 2013-08-05 20:56 - 00000000 ____D C:\Users\Monja\AppData\Local\AskPartnerNetwork
2013-08-05 19:14 - 2013-08-05 19:14 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Avira
2013-08-05 19:10 - 2013-08-05 19:10 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 19:10 - 2013-08-05 19:10 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 19:09 - 2013-08-05 19:09 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\APN
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 19:09 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 19:09 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 19:09 - 2013-07-18 08:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 19:09 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-05 18:50 - 2013-08-05 18:51 - 110344048 _____ C:\Users\Monja\Downloads\avira_free_antivirus85_de.exe
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Deployment
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Apps\2.0
2013-07-30 11:27 - 2013-08-09 17:52 - 00000000 ____D C:\Fotos
2013-07-22 11:51 - 2013-07-22 11:51 - 00000000 ____D C:\Users\Monja\AppData\Local\Cyberlink
2013-07-22 11:20 - 2013-07-22 11:20 - 00000000 ____D C:\Users\Monja\AppData\Roaming\RavensburgerTipToi
2013-07-22 11:19 - 2013-07-22 11:20 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-07-22 11:19 - 2013-07-22 11:19 - 09546895 _____ C:\Users\Monja\Downloads\install.exe
2013-07-22 11:19 - 2013-07-22 11:19 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-07-22 11:19 - 2013-07-22 11:19 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi

==================== One Month Modified Files and Folders =======

2013-08-21 19:52 - 2013-08-21 19:52 - 00000000 ____D C:\FRST
2013-08-21 19:50 - 2013-08-21 19:49 - 01576164 _____ (Farbar) C:\Users\Monja\Desktop\FRST64.exe
2013-08-21 19:40 - 2013-06-15 18:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-21 18:41 - 2013-06-15 17:09 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966206782-1434238145-1787605704-1001
2013-08-21 18:36 - 2013-06-15 17:13 - 00000000 ____D C:\Users\Monja\AppData\Local\CrashDumps
2013-08-21 18:27 - 2013-08-21 18:27 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 18:26 - 2013-08-21 18:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Monja\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 18:22 - 2013-03-21 05:55 - 00766266 _____ C:\Windows\system32\perfh007.dat
2013-08-21 18:22 - 2013-03-21 05:55 - 00159970 _____ C:\Windows\system32\perfc007.dat
2013-08-21 18:22 - 2012-07-26 09:28 - 01772788 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 18:15 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 18:14 - 2013-03-20 21:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 22:41 - 2013-08-05 23:01 - 00012030 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-20 19:42 - 2013-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-20 16:43 - 2013-08-09 17:13 - 00000000 ____D C:\Musik Jean-Luke
2013-08-19 18:27 - 2012-11-22 14:33 - 00229510 _____ C:\Windows\PFRO.log
2013-08-18 16:25 - 2013-08-17 18:01 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Systweak
2013-08-18 16:23 - 2013-08-17 18:08 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-18 16:23 - 2013-06-15 17:01 - 00000000 ___RD C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-17 23:27 - 2013-06-15 16:58 - 01392235 _____ C:\Windows\WindowsUpdate.log
2013-08-17 21:24 - 2013-08-17 21:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-17 21:21 - 2013-08-17 21:21 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-17 20:22 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Monja\Desktop\Jean-Luke
2013-08-17 19:47 - 2013-08-17 17:40 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-17 18:18 - 2013-08-17 18:17 - 00000000 ____D C:\Users\Monja\AppData\Roaming\WinRAR
2013-08-17 17:52 - 2013-06-15 16:57 - 00000000 ____D C:\Users\Monja
2013-08-17 17:41 - 2013-08-17 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-17 17:40 - 2013-08-17 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 17:39 - 2013-08-17 17:39 - 00000410 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Babylon
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\ProgramData\Babylon
2013-08-17 17:39 - 2013-08-17 17:39 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-08-17 17:13 - 2013-06-15 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-16 16:25 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-16 16:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-15 23:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-15 23:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-15 20:03 - 2013-08-15 20:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:00 - 2013-06-18 23:48 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 22:24 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-10 16:18 - 2013-08-10 16:13 - 00000000 ____D C:\Program Files (x86)\Paletti
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli
2013-08-09 17:52 - 2013-07-30 11:27 - 00000000 ____D C:\Fotos
2013-08-09 17:15 - 2012-07-26 09:21 - 00025238 _____ C:\Windows\setupact.log
2013-08-06 17:37 - 2012-11-22 14:51 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 17:36 - 2013-03-20 21:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 20:57 - 2013-06-23 17:37 - 00000000 ____D C:\Users\Monja\AppData\Local\clear.fi
2013-08-05 20:56 - 2013-08-05 20:56 - 00000000 ____D C:\Users\Monja\AppData\Local\AskPartnerNetwork
2013-08-05 19:14 - 2013-08-05 19:14 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Avira
2013-08-05 19:10 - 2013-08-05 19:10 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-05 19:10 - 2013-08-05 19:10 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-05 19:09 - 2013-08-05 19:09 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\APN
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 19:07 - 2012-11-22 14:51 - 00000000 ____D C:\Program Files\mcafee
2013-08-05 18:51 - 2013-08-05 18:50 - 110344048 _____ C:\Users\Monja\Downloads\avira_free_antivirus85_de.exe
2013-08-05 18:51 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Deployment
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Apps\2.0
2013-07-29 20:21 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-07-26 07:13 - 2013-08-14 18:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 18:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 18:45 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 18:45 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:35 - 2013-08-14 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 18:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 18:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-14 18:47 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 18:44 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 18:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 18:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-14 18:47 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-22 11:51 - 2013-07-22 11:51 - 00000000 ____D C:\Users\Monja\AppData\Local\Cyberlink
2013-07-22 11:51 - 2013-03-20 21:44 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-22 11:20 - 2013-07-22 11:20 - 00000000 ____D C:\Users\Monja\AppData\Roaming\RavensburgerTipToi
2013-07-22 11:20 - 2013-07-22 11:19 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-07-22 11:19 - 2013-07-22 11:19 - 09546895 _____ C:\Users\Monja\Downloads\install.exe
2013-07-22 11:19 - 2013-07-22 11:19 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-07-22 11:19 - 2013-07-22 11:19 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-20 16:40

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013
Ran by Monja at 2013-08-21 19:54:08
Running from C:\Users\Monja\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 clear.fi SDK - Video 2 (x32 Version: 2.1.1925)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008)
Acer Power Management (Version: 7.00.3006)
AcerCloud (x32 Version: 2.01.3124)
AcerCloud Docs (x32 Version: 1.00.3204)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bejeweled 3 (x32 Version: 2.2.0.98)
clear.fi Media (x32 Version: 2.01.3108)
clear.fi Photo (x32 Version: 2.01.3108)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
eBay Worldwide (x32 Version: 2.3.0630)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 1+2 (x32)
Hidden Wonders of the Depths 2 (x32 Version: 3.0.2.48)
Hotkey Utility (x32 Version: 3.00.3004)
Identity Card (x32 Version: 2.00.3004)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Live Updater (x32 Version: 2.00.3004)
LyricsContainer (x32)
Magic Academy (x32 Version: 2.2.0.98)
Mahjong Secrets (x32 Version: 3.0.2.51)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00000)
Nero ControlCenter (x32 Version: 11.0.14500.0.45)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003)
Nero Core Components (x32 Version: 11.0.16900.1.27)
Nero Express (x32 Version: 12.0.16001)
Nero Express Help (CHM) (x32 Version: 12.0.1000)
Nero Launcher (x32 Version: 12.0.3000)
Nero Update (x32 Version: 11.0.11500.28.0)
NVIDIA 3D Vision Controller-Treiber 305.29 (Version: 305.29)
NVIDIA 3D Vision Treiber 305.29 (Version: 305.29)
NVIDIA Grafiktreiber 305.29 (Version: 305.29)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.82.513)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0529)
NVIDIA Systemsteuerung 305.29 (Version: 305.29)
Office Addin (x32 Version: 2.01.3202)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Prerequisite installer (x32 Version: 12.0.0002)
r Recovery Management (Version: 6.00.3012)
Ravensburger tiptoi (x32)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Siggi Blitz Vorschule 1 (x32)
Siggi Blitz Vorschule 2 (x32)
Spybot - Search & Destroy (x32 Version: 2.1.20)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
WildTangent Games App (x32 Version: 4.0.10.20)
WildTangent-Spiele (x32 Version: 1.0.4.0)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

09-08-2013 15:32:13 Windows Update
12-08-2013 15:48:16 Windows Update
15-08-2013 17:55:43 Windows Update
17-08-2013 16:10:36 RegClean Pro Sa, Aug 17, 13  18:10

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {197F1982-82DE-438F-B038-065FE1C14AB5} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966206782-1434238145-1787605704-500
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {3612EBBD-FF3B-4AB8-BD5F-3AA1A41415CC} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4D23C592-75EF-4815-99C7-17FFB98719B5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {4EB4D2EE-EB76-45E4-8A31-3583428CEF3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {5471E8D0-2BAD-4477-89F7-663737F68CF9} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {7396586C-80F6-46FD-BA19-9C65DECF1EF1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966206782-1434238145-1787605704-1001
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7AFCCB5F-ADF2-4722-92F5-7F17DE3E9F2A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {8450B282-DBBD-499D-AFEE-4730AEB2AD6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8D2C1F60-8343-43FF-A9E6-FC605DF79B70} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9232FD92-5DBC-4F22-A9F4-3873992EF0CA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {942FD8C0-1E5A-40E8-BF07-009F5919B01C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9E255430-D57E-461A-BC18-497E35C081F5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A748C283-7359-48F0-8775-A5B8C7DE76BD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B87480BC-76C4-4D09-82CC-579392518D89} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C5B8C1D8-98EB-47FF-B9D2-180CC8693D89} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CB615AB9-F9ED-41F6-8B29-80CFC322E4BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {CB992695-55DB-4968-AFE3-277E4E83250B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18] (Adobe Systems Incorporated)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D6671458-A487-4C59-83BC-CC399C9876CB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2013 07:45:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 07:30:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 07:15:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:59:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:44:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:36:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0xf0c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (08/21/2013 06:29:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MONJA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (08/21/2013 06:16:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/21/2013 06:16:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.

Error: (08/21/2013 06:15:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/21/2013 06:15:35 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/20/2013 10:37:49 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 9\_TZ.THRM2013-08-20T20:37:49.530702600Z383

Error: (08/20/2013 06:56:52 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 9\_TZ.THRM2013-08-20T16:56:52.528873800Z383

Error: (08/20/2013 04:39:47 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{63e72cfa-b60b-4d31-94ad-6c80c504e8c7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FD71FFC3-D3EE-46B9-A4A0-24CD668BA293}

Error: (08/20/2013 04:29:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/20/2013 04:29:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/20/2013 04:29:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (08/21/2013 07:45:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 07:30:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 07:15:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:59:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:44:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:36:07 PM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08f0c01ce9e8aa8393fd7C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllc6ba1860-0a7f-11e3-bed4-7427ea2e30e5

Error: (08/21/2013 06:29:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284

Error: (08/21/2013 06:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MONJA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147009284


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 4057.8 MB
Available physical RAM: 2640.78 MB
Total Pagefile: 4761.8 MB
Available Pagefile: 3182.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:224.57 GB) (Free:175.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.38 GB) (Free:225.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
Bei GMER kamen Fehlermeldungen, dass auf 3 Prozesse nicht zugegriffen werden konnte. Habe leider versäumt diese zu notieren. Reiche dies aber nach, wenn unbedingt erforderlich

Gmer.txt
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-21 20:13:32
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST500DM002-1BD142 rev.KC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Monja\AppData\Local\Temp\kgloypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007fcbd241532 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007fcbd24153a 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[120] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007fcbd24165a 4 bytes [24, BD, FC, 07]
.text  C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                            000007fcbd241532 4 bytes [24, BD, FC, 07]
.text  C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                            000007fcbd24153a 4 bytes [24, BD, FC, 07]
.text  C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                          000007fcbd24165a 4 bytes [24, BD, FC, 07]
.text  C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fcc2a1177a 4 bytes [A1, C2, FC, 07]
.text  C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fcc2a11782 4 bytes [A1, C2, FC, 07]
.text  C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fcbd241532 4 bytes [24, BD, FC, 07]
.text  C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007fcbd24153a 4 bytes [24, BD, FC, 07]
.text  C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fcbd24165a 4 bytes [24, BD, FC, 07]
.text  C:\Windows\Explorer.EXE[2864] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                      000007fcb7bf1b32 4 bytes [BF, B7, FC, 07]
.text  C:\Windows\Explorer.EXE[2864] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                      000007fcb7bf1b3a 4 bytes [BF, B7, FC, 07]
.text  C:\Windows\Explorer.EXE[2864] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                  000007fcbd241532 4 bytes [24, BD, FC, 07]
.text  C:\Windows\Explorer.EXE[2864] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                  000007fcbd24153a 4 bytes [24, BD, FC, 07]
.text  C:\Windows\Explorer.EXE[2864] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                000007fcbd24165a 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3356] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fcbd241532 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3356] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fcbd24153a 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3356] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fcbd24165a 4 bytes [24, BD, FC, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[492] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306        000007fcc2a1177a 4 bytes [A1, C2, FC, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[492] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314        000007fcc2a11782 4 bytes [A1, C2, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [572:596]                                                                                            fffff960008d35e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
Vielen Dank vorab für Eure Hilfe

Vanesy

ryder 21.08.2013 20:28
!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema (Link zur Anleitung).


:hallo:

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten. (Hier gibt es eine Anleitung)
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen (z.B. jDownloader).

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater,Advanced System Protector, RegClean Pro, Advanced System Optimizer, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy, Zip Opener, WinZipper, Open It!

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.


Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Achtung! Lade dir keinenfalls den ZipOpener herunter.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 4:
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.

ryder 23.08.2013 11:02
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Vanesy 23.08.2013 19:02
Hallo,

ich werde morgen darauf antworten! Leider komme ich bei Punkt 3 nicht weiter da mein PC eine Fehlermeldung zeigt.

Vielen Dank für die Hilfe!

Vanesy 28.08.2013 20:20
Hallo Ryder,

sorry nochmal fürs verspätete antworten, aber bei mir geht es derzeit im privaten drunter und drüber.

Hier die gewünschten Log-Dateien

ADWCleaner

Code:
# AdwCleaner v3.000 - Report created 21/08/2013 at 22:24:06
# Updated 20/08/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Monja - MONJA
# Running from : C:\Users\Monja\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\LyricsContainer
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Monja\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Monja\AppData\Local\Temp\APN
Folder Deleted : C:\Users\Monja\AppData\LocalLow\delta
Folder Deleted : C:\Users\Monja\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Monja\AppData\Roaming\Systweak
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\user.js
File Deleted : C:\Windows\Tasks\LyricsContainer Update.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\e53db8ce13fb948
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "17");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "61B07786922AEDE375C73461BEE9C103");
Line Deleted : user_pref("extensions.delta.id", "ee5ee3e90000000000007427ea2e30e5");
Line Deleted : user_pref("extensions.delta.instlDay", "15934");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.517:40:06");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.517:40:06");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=4977");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\exte[...]

*************************

AdwCleaner[R0].txt - [10425 octets] - [21/08/2013 22:16:12]
AdwCleaner[S0].txt - [9985 octets] - [21/08/2013 22:24:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10045 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 8 x64
Ran by Monja on 23.08.2013 at 17:19:52,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77e880b5-cae7-4928-8507-ec2e5007e73e}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{77e880b5-cae7-4928-8507-ec2e5007e73e}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Monja\AppData\Roaming\mozilla\firefox\profiles\vx7ur3jd.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Monja\AppData\Roaming\mozilla\firefox\profiles\vx7ur3jd.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lyrics@lyricscontainer.co
Successfully deleted the following from C:\Users\Monja\AppData\Roaming\mozilla\firefox\profiles\vx7ur3jd.default\prefs.js

user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.displayFavLinks", "0");
user_pref("iminent.registerToolbarEvent102", "1376754483683");
user_pref("iminent.registerToolbarEvent109", "1376754840275");
user_pref("iminent.registerToolbarEvent111", "1376754840289");
user_pref("iminent.registerToolbarEvent112", "1376754840459");
user_pref("iminent.registerToolbarEvent122", "1376754840302");
user_pref("iminent.version", "7.33.3.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1376754466868,\"InstallEvent\":\"True\"}");
Emptied folder: C:\Users\Monja\AppData\Roaming\mozilla\firefox\profiles\vx7ur3jd.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at 17:25:04,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by Monja (administrator) on 25-08-2013 19:56:48
Running from C:\Users\Monja\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-13] (Acer Incorporated)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [21864 2012-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll [20328 2012-07-25] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL =
SearchScopes: HKCU - {4EDD4AEF-E2F7-465F-9F11-B23C67FCB6D1} URL =
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: LyricsContainer - {77e880b5-cae7-4928-8507-ec2e5007e73e} - C:\Program Files (x86)\LyricsContainer\128.dll No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\Monja\AppData\Roaming\Mozilla\Firefox\Profiles\vx7ur3jd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-07-18] (Avira Operations GmbH & Co. KG)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 18:59 - 2013-08-23 18:59 - 01576474 _____ (Farbar) C:\Users\Monja\Desktop\FRST64.exe
2013-08-23 17:25 - 2013-08-23 17:25 - 00002107 _____ C:\Users\Monja\Desktop\JRT.txt
2013-08-23 17:19 - 2013-08-23 17:19 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT(2).exe
2013-08-23 17:07 - 2013-08-23 17:07 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT(1).exe
2013-08-23 17:03 - 2013-08-23 17:03 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 17:02 - 2013-08-23 17:02 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT.exe
2013-08-21 22:28 - 2013-08-21 22:28 - 00010126 _____ C:\Users\Monja\Desktop\AdwCleaner[S0].txt
2013-08-21 22:13 - 2013-08-21 22:24 - 00000000 ____D C:\AdwCleaner
2013-08-21 22:12 - 2013-08-21 22:12 - 00975858 _____ C:\Users\Monja\Downloads\adwcleaner.exe
2013-08-21 22:02 - 2013-08-21 22:02 - 00000085 _____ C:\Windows\wininit.ini
2013-08-21 20:49 - 2013-08-21 20:49 - 00000000 ____D C:\Users\Monja\Desktop\Trojaner-Board
2013-08-21 19:52 - 2013-08-21 19:52 - 00000000 ____D C:\FRST
2013-08-21 18:27 - 2013-08-21 18:27 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 18:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-21 18:26 - 2013-08-21 18:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Monja\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-17 21:21 - 2013-08-17 21:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-17 18:17 - 2013-08-20 19:42 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-17 18:17 - 2013-08-17 18:18 - 00000000 ____D C:\Users\Monja\AppData\Roaming\WinRAR
2013-08-17 17:41 - 2013-08-17 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-17 17:40 - 2013-08-17 19:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-17 16:46 - 2013-08-17 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 20:00 - 2013-08-15 20:03 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 18:48 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 18:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 18:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 18:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:47 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 18:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 18:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:47 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 18:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:47 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 18:47 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 18:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:46 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 18:45 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 18:45 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:45 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 18:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:44 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:44 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:44 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:44 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 18:44 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 18:44 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 18:44 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-10 16:13 - 2013-08-10 16:18 - 00000000 ____D C:\Program Files (x86)\Paletti
2013-08-10 16:13 - 2011-05-24 14:24 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42D.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00827445 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCO42D.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR70.DLL
2013-08-10 16:13 - 2011-05-24 14:24 - 00094285 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCIRTD.DLL
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli
2013-08-09 17:13 - 2013-08-20 16:43 - 00000000 ____D C:\Musik Jean-Luke
2013-08-05 23:01 - 2013-08-25 12:53 - 00015312 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-05 19:14 - 2013-08-05 19:14 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 19:09 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 19:09 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 19:09 - 2013-07-18 08:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 19:09 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-05 18:50 - 2013-08-05 18:51 - 110344048 _____ C:\Users\Monja\Downloads\avira_free_antivirus85_de.exe
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Deployment
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Apps\2.0
2013-07-30 11:27 - 2013-08-09 17:52 - 00000000 ____D C:\Fotos

==================== One Month Modified Files and Folders =======

2013-08-25 19:48 - 2013-03-21 05:55 - 00766266 _____ C:\Windows\system32\perfh007.dat
2013-08-25 19:48 - 2013-03-21 05:55 - 00159970 _____ C:\Windows\system32\perfc007.dat
2013-08-25 19:48 - 2012-07-26 09:28 - 01772788 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 19:44 - 2013-03-20 21:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-25 19:44 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 12:53 - 2013-08-05 23:01 - 00015312 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-25 12:40 - 2013-06-15 18:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 12:06 - 2013-06-15 17:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966206782-1434238145-1787605704-1001
2013-08-25 12:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-23 19:01 - 2013-08-23 19:01 - 01576474 _____ (Farbar) C:\Users\Monja\Downloads\FRST64(1).exe
2013-08-23 18:59 - 2013-08-23 18:59 - 01576474 _____ (Farbar) C:\Users\Monja\Desktop\FRST64.exe
2013-08-23 17:25 - 2013-08-23 17:25 - 00002107 _____ C:\Users\Monja\Desktop\JRT.txt
2013-08-23 17:19 - 2013-08-23 17:19 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT(2).exe
2013-08-23 17:07 - 2013-08-23 17:07 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT(1).exe
2013-08-23 17:03 - 2013-08-23 17:03 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 17:02 - 2013-08-23 17:02 - 01021434 _____ (Thisisu) C:\Users\Monja\Downloads\JRT.exe
2013-08-21 22:28 - 2013-08-21 22:28 - 00010126 _____ C:\Users\Monja\Desktop\AdwCleaner[S0].txt
2013-08-21 22:24 - 2013-08-21 22:13 - 00000000 ____D C:\AdwCleaner
2013-08-21 22:24 - 2012-11-22 14:33 - 00232388 _____ C:\Windows\PFRO.log
2013-08-21 22:24 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-21 22:12 - 2013-08-21 22:12 - 00975858 _____ C:\Users\Monja\Downloads\adwcleaner.exe
2013-08-21 22:02 - 2013-08-21 22:02 - 00000085 _____ C:\Windows\wininit.ini
2013-08-21 20:49 - 2013-08-21 20:49 - 00000000 ____D C:\Users\Monja\Desktop\Trojaner-Board
2013-08-21 19:52 - 2013-08-21 19:52 - 00000000 ____D C:\FRST
2013-08-21 18:36 - 2013-06-15 17:13 - 00000000 ____D C:\Users\Monja\AppData\Local\CrashDumps
2013-08-21 18:27 - 2013-08-21 18:27 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 18:27 - 2013-08-21 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 18:26 - 2013-08-21 18:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Monja\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 19:42 - 2013-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-20 16:43 - 2013-08-09 17:13 - 00000000 ____D C:\Musik Jean-Luke
2013-08-18 16:23 - 2013-06-15 17:01 - 00000000 ___RD C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-17 23:27 - 2013-06-15 16:58 - 01392235 _____ C:\Windows\WindowsUpdate.log
2013-08-17 21:24 - 2013-08-17 21:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-17 21:21 - 2013-08-17 21:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-17 20:22 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Monja\Desktop\Jean-Luke
2013-08-17 19:47 - 2013-08-17 17:40 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-17 18:18 - 2013-08-17 18:17 - 00000000 ____D C:\Users\Monja\AppData\Roaming\WinRAR
2013-08-17 17:52 - 2013-06-15 16:57 - 00000000 ____D C:\Users\Monja
2013-08-17 17:41 - 2013-08-17 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-17 17:40 - 2013-08-17 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 17:13 - 2013-06-15 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-16 16:25 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-16 16:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-15 23:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-15 23:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-15 20:03 - 2013-08-15 20:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:00 - 2013-06-18 23:48 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-10 16:18 - 2013-08-10 16:13 - 00000000 ____D C:\Program Files (x86)\Paletti
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ___HD C:\Users\Public\Documents\Silag_prefs
2013-08-10 15:59 - 2013-08-10 15:59 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli
2013-08-09 17:52 - 2013-07-30 11:27 - 00000000 ____D C:\Fotos
2013-08-09 17:15 - 2012-07-26 09:21 - 00025238 _____ C:\Windows\setupact.log
2013-08-06 17:37 - 2012-11-22 14:51 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 17:36 - 2013-03-20 21:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 20:57 - 2013-06-23 17:37 - 00000000 ____D C:\Users\Monja\AppData\Local\clear.fi
2013-08-05 19:14 - 2013-08-05 19:14 - 00000000 ____D C:\Users\Monja\AppData\Roaming\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 19:09 - 2013-08-05 19:09 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 19:07 - 2012-11-22 14:51 - 00000000 ____D C:\Program Files\mcafee
2013-08-05 18:51 - 2013-08-05 18:50 - 110344048 _____ C:\Users\Monja\Downloads\avira_free_antivirus85_de.exe
2013-08-05 18:51 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Deployment
2013-07-30 22:44 - 2013-07-30 22:44 - 00000000 ____D C:\Users\Monja\AppData\Local\Apps\2.0
2013-07-29 20:21 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-07-26 07:13 - 2013-08-14 18:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-14 18:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 18:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 18:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 18:45 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 18:45 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:35 - 2013-08-14 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 18:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 18:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-14 18:47 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 18:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 18:45 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 18:44 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 18:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 18:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 18:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-14 18:47 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-20 16:40

==================== End Of Log ============================
--- --- ---

--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19