| Newbiline | 01.04.2014 12:29 |
hi, vielen Dank für die schnelle Antwort!
hier die FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Linda (administrator) on YGGDRASIL on 01-04-2014 13:21:01
Running from C:\Users\Linda\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Tablet Driver) C:\Windows\System32\Drivers\WTSRV.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767608 2014-03-21] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TrojanScanner] - C:\Program Files\Trojan Remover\Trjscan.exe [1661856 2014-04-01] (Simply Super Software)
HKU\S-1-5-21-1343621597-621099857-3195805417-1000\...\MountPoints2: {7f7e3fc9-964e-11df-b640-806e6f6e6963} - M:\autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={B24E9638-C334-4EF6-A883-3D37881534F7}&mid=a7012350ca7547d19897bd2b2be060ea-ff4169ee88c2e57da32db5a42251d9d393278da8&lang=de&ds=AVG&pr=fr&d=2012-06-13 12:09:12&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = hxxp://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYDE&apn_uid=E9A4CB26-904A-4EC2-851D-FF30B84E243F&apn_sauid=0E5BC220-72B3-4E41-9555-13D173714580
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jltqb3bo.default
FF SearchEngineOrder.1: Search-Results
FF Homepage: www.google.de
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jltqb3bo.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jltqb3bo.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jltqb3bo.default\searchplugins\webwebweb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jltqb3bo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-03-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-24]
Chrome:
=======
CHR Extension: (avast! Online Security) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-24]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR HKLM\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-24]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx [2013-11-24]
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; I:\Bit Comet\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [69632 2009-03-04] (Tablet Driver)
S2 HPSLPSVC; C:\Users\Linda\AppData\Local\Temp\7zS579A\hpslpsvc32.dll [X]
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-19] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [23208 2009-06-22] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [14504 2009-06-22] (PenTablet Driver)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [23208 2009-06-22] (Tablet Driver)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [19624 2009-06-22] (Tablet Driver)
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
S3 cpuz130; \??\C:\Users\Linda\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\93C6.tmp [X]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 13:21 - 2014-04-01 13:21 - 00013553 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-04-01 13:20 - 2014-04-01 13:21 - 00000000 ____D () C:\FRST
2014-04-01 13:19 - 2014-04-01 13:19 - 01145856 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2014-04-01 13:16 - 2014-04-01 13:16 - 00002988 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-04-01 11:45 - 2014-04-01 11:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 11:44 - 2014-04-01 11:44 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 11:44 - 2014-04-01 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 11:44 - 2014-04-01 11:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 11:44 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 11:44 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 11:44 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 11:42 - 2014-04-01 11:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Linda\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-01 03:51 - 2014-04-01 03:51 - 00099539 _____ () C:\Users\Linda\Desktop\log.xml
2014-04-01 02:47 - 2014-04-01 02:47 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-01 02:46 - 2014-04-01 02:46 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Users\Linda\Documents\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-04-01 02:44 - 2014-04-01 02:45 - 21407864 _____ (Simply Super Software ) C:\Users\Linda\Downloads\trjsetup690.exe
2014-04-01 02:31 - 2014-04-01 02:31 - 00468618 _____ () C:\Users\Linda\Downloads\depends22_x64.zip
2014-04-01 02:31 - 2014-04-01 02:31 - 00000000 ____D () C:\Users\Linda\Downloads\depends22_x64
2014-04-01 02:17 - 2014-04-01 02:17 - 00001147 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Nico Mak Computing
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-01 02:17 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-04-01 02:16 - 2014-04-01 02:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Linda\Desktop\wzmp_8.exe
2014-03-31 21:05 - 2014-03-31 21:05 - 00000212 _____ () C:\Users\Linda\Desktop\The Stanley Parable Demo.url
2014-03-30 20:59 - 2014-03-30 20:59 - 00000706 _____ () C:\cc_20140330_205901.reg
2014-03-30 20:58 - 2014-03-30 20:58 - 00026788 _____ () C:\cc_20140330_205838.reg
2014-03-29 14:20 - 2014-03-29 19:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-24 23:50 - 2014-03-24 23:50 - 00000251 _____ () C:\Users\Linda\Desktop\new 4.html
2014-03-24 23:31 - 2014-03-24 23:48 - 00000239 _____ () C:\Users\Linda\Desktop\new 3.html
2014-03-15 12:58 - 2014-03-16 00:59 - 00000000 ____D () C:\Users\Linda\AppData\Local\{F103C5D2-7CC6-460A-8B34-C85AC63120F0}
2014-03-14 22:52 - 2014-03-14 22:53 - 24972438 _____ () C:\Users\Linda\Desktop\Dior Homme - Uncensored Official Director's Cut.mp4
2014-03-13 03:03 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:03 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:03 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 03:03 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 03:03 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 03:03 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:03 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:03 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 03:03 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:03 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:03 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 03:03 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 03:03 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 03:03 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 03:03 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 03:03 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:03 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:03 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:03 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:03 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:03 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 03:03 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 03:03 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 03:02 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 03:02 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 03:02 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ___RD () C:\Program Files\Skype
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-05 01:07 - 2014-03-05 01:07 - 00000000 _____ () C:\AdobeDebug.txt
==================== One Month Modified Files and Folders =======
2014-04-01 13:21 - 2014-04-01 13:21 - 00013553 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-04-01 13:21 - 2014-04-01 13:20 - 00000000 ____D () C:\FRST
2014-04-01 13:21 - 2013-10-16 14:49 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 13:20 - 2012-10-02 20:25 - 00000000 ____D () C:\Users\Linda\Desktop\desktop docs
2014-04-01 13:19 - 2014-04-01 13:19 - 01145856 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2014-04-01 13:16 - 2014-04-01 13:16 - 00002988 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-04-01 13:10 - 2010-07-23 13:45 - 01092070 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 12:03 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:03 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:00 - 2010-04-13 07:22 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 11:57 - 2014-04-01 11:45 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 11:56 - 2013-10-16 14:49 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 11:55 - 2012-10-28 11:58 - 00156454 _____ () C:\Windows\PFRO.log
2014-04-01 11:55 - 2012-10-08 01:43 - 00074974 _____ () C:\Windows\setupact.log
2014-04-01 11:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 11:44 - 2014-04-01 11:44 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 11:44 - 2014-04-01 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 11:44 - 2014-04-01 11:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 11:42 - 2014-04-01 11:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Linda\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-01 04:25 - 2010-07-23 13:45 - 00000000 __SHD () C:\Recovery
2014-04-01 04:00 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 03:51 - 2014-04-01 03:51 - 00099539 _____ () C:\Users\Linda\Desktop\log.xml
2014-04-01 02:47 - 2014-04-01 02:47 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-01 02:46 - 2014-04-01 02:46 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Users\Linda\Documents\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-01 02:46 - 2014-04-01 02:46 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-04-01 02:45 - 2014-04-01 02:44 - 21407864 _____ (Simply Super Software ) C:\Users\Linda\Downloads\trjsetup690.exe
2014-04-01 02:45 - 2010-10-22 00:34 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype
2014-04-01 02:31 - 2014-04-01 02:31 - 00468618 _____ () C:\Users\Linda\Downloads\depends22_x64.zip
2014-04-01 02:31 - 2014-04-01 02:31 - 00000000 ____D () C:\Users\Linda\Downloads\depends22_x64
2014-04-01 02:17 - 2014-04-01 02:17 - 00001147 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Nico Mak Computing
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-01 02:17 - 2014-04-01 02:17 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-04-01 02:16 - 2014-04-01 02:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Linda\Desktop\wzmp_8.exe
2014-03-31 21:24 - 2011-06-25 00:23 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-31 21:05 - 2014-03-31 21:05 - 00000212 _____ () C:\Users\Linda\Desktop\The Stanley Parable Demo.url
2014-03-31 21:05 - 2012-10-04 13:46 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-31 20:46 - 2013-11-25 23:50 - 01576960 ___SH () C:\Users\Linda\Desktop\Thumbs.db
2014-03-30 20:59 - 2014-03-30 20:59 - 00000706 _____ () C:\cc_20140330_205901.reg
2014-03-30 20:58 - 2014-03-30 20:58 - 00026788 _____ () C:\cc_20140330_205838.reg
2014-03-30 20:57 - 2011-06-10 00:03 - 00000000 ____D () C:\Users\Linda\AppData\Local\LogMeIn Hamachi
2014-03-29 19:55 - 2014-03-29 14:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-26 02:23 - 2013-11-28 22:00 - 00000000 ____D () C:\Users\Linda\Desktop\Homepage
2014-03-24 23:50 - 2014-03-24 23:50 - 00000251 _____ () C:\Users\Linda\Desktop\new 4.html
2014-03-24 23:48 - 2014-03-24 23:31 - 00000239 _____ () C:\Users\Linda\Desktop\new 3.html
2014-03-24 23:22 - 2013-09-08 21:44 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Notepad++
2014-03-19 02:03 - 2013-08-14 23:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 02:02 - 2010-04-13 08:57 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 00:59 - 2014-03-15 12:58 - 00000000 ____D () C:\Users\Linda\AppData\Local\{F103C5D2-7CC6-460A-8B34-C85AC63120F0}
2014-03-15 21:19 - 2013-10-16 14:50 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 12:58 - 2011-05-08 18:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\Windows Live
2014-03-14 22:53 - 2014-03-14 22:52 - 24972438 _____ () C:\Users\Linda\Desktop\Dior Homme - Uncensored Official Director's Cut.mp4
2014-03-13 16:06 - 2011-12-18 23:33 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-03-13 13:27 - 2009-07-14 06:33 - 00445800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ___RD () C:\Program Files\Skype
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-03-11 21:00 - 2014-03-11 21:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-11 21:00 - 2010-10-22 00:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-04-01 11:44 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-01 11:44 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-01 11:44 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 01:07 - 2014-03-05 01:07 - 00000000 _____ () C:\AdobeDebug.txt
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6mm05t.dll
C:\Users\Linda\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Linda\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Linda\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-31 23:01
==================== End Of Log ============================
--- --- ---
--- --- ---
und die Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Linda at 2014-04-01 13:21:44
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{15971B11-14DA-873C-1ACD-188603C38889}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
Anno 1404 (Demo) (Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM\...\Steam App 15100) (Version: - Ubisoft)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0928.1532.26058 - Ihr Firmenname) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2515 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex: Human Revolution (HKLM\...\Steam App 28050) (Version: - Eidos Montreal)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
EaseUS Partition Master 9.2.2 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GTA2 (HKLM\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.1.0.294 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.1.0.294 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
MPC-HC 1.7.1 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neverwinter (HKLM\...\Steam App 109600) (Version: - Cryptic Studios)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.8 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Pro Evolution Soccer 2013 (HKLM\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Sid Meier's Civilization 4 Complete (HKLM\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization V (HKLM\...\Civilization V) (Version: - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM\...\Steam App 16830) (Version: - Firaxis Games)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.4.185.g7545a404 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable Demo (HKLM\...\Steam App 247750) (Version: - Galactic Cafe)
Trojan Remover 6.9.1.2929 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zanzarah - Das verborgene Portal (HKLM\...\Zanzarah) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04BC1EEB-753E-4865-82ED-D5E665EE9C41} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {26F296AD-35C7-45AB-A610-74F9DADFD933} - System32\Tasks\{B9C411E5-601D-4E41-B06B-B3FD94BEF594} => D:\Programme\GTA2\gta2 manager.exe [2004-04-29] (DMA Design Ltd)
Task: {5E902388-64DC-4C50-A52A-40647EF662BE} - System32\Tasks\{33FEF8D8-7C8C-4DA8-A936-033166D8CD8A} => C:\Downloads\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe
Task: {611A61F6-07DF-46B0-9B20-E8C8DB571166} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343621597-621099857-3195805417-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6BFBE255-A9A2-4B5E-9523-7629996C3B55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6F75608A-F9CB-4156-AA86-DBA2CF16036C} - System32\Tasks\{67B57EDC-0A0D-4767-BDD0-23E502460983} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {7A8444DC-9705-406B-9769-1E0B656875DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343621597-621099857-3195805417-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {872926D8-6B08-4CA1-98D5-3C59768F0F2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {8E2EB793-A92E-4C4A-9727-FAA2992B07A9} - System32\Tasks\{9BB527AF-C42F-4B8A-BB84-C754B8F60509} => C:\Program Files\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {A017E718-9735-46ED-88E4-C95DF4D6484B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-27] (AVAST Software)
Task: {A3233D82-5B31-4D64-B68D-5B1B6D5FC9F7} - System32\Tasks\{6B47F581-4DB9-4826-B81E-12E33C2C6C03} => C:\Downloads\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe
Task: {AB67AF85-E16B-4153-9047-55B58265FB30} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343621597-621099857-3195805417-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {AD5C7EB2-1324-4EA9-8950-B9FE02CA2629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {B5795E76-9207-45B3-9B8A-228A6E9AF640} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {B65917E6-C0F3-4C34-B944-BD8CAE008564} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {B682E259-21C3-4BE3-A587-4296F276DE8A} - System32\Tasks\{BA1D727D-8E20-4FAD-A89F-6CFB44442F08} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {B8C47269-C8A5-41E2-B604-541A0F7A1C22} - System32\Tasks\{4F5A80C3-D4FE-4285-AD20-8EB0596C23F9} => C:\Downloads\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe
Task: {C18A2F54-57C5-4E8C-914C-1D5AC2743CF8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343621597-621099857-3195805417-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {CAC4C636-5EF0-40B8-9BD7-8F07FA791665} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {CDF07D07-E196-445C-A080-1A04FE3FACB3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F98F5B07-DA00-48B7-BA79-1A895B4873B0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343621597-621099857-3195805417-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {FE9FBA08-7214-45B2-BB50-15EC887AF69C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2014-04-01 11:32 - 2014-04-01 09:18 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040100\algo.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2009-03-18 19:15 - 2009-03-18 19:15 - 00184320 _____ () C:\Windows\system32\WinTab32.DLL
2013-11-03 01:13 - 2013-11-03 01:13 - 00307728 _____ () C:\Users\Linda\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () D:\Programme\Notepad++\NppShell_05.dll
2009-03-18 19:15 - 2009-03-18 19:15 - 00184320 _____ () C:\Windows\system32\wintab32.dll
2013-11-24 21:01 - 2013-11-24 21:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-29 14:20 - 2014-03-29 14:20 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-25 15:06 - 2014-01-25 15:06 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: icq => C:\Users\Linda\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 04:38:22 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "K:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (03/31/2014 09:24:10 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/30/2014 11:05:54 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/30/2014 11:05:54 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 04:43:33 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 04:43:33 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/16/2014 05:47:12 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/16/2014 05:47:12 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/14/2014 07:51:25 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/14/2014 07:51:25 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
System errors:
=============
Error: (04/01/2014 11:58:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (04/01/2014 11:33:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (04/01/2014 04:30:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (04/01/2014 04:25:59 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (04/01/2014 04:25:58 AM) (Source: DCOM) (User: )
Description: 1084sdrsvc{687E55CA-6621-4C41-B9F1-C0EDDC94BB05}
Error: (04/01/2014 04:18:42 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (04/01/2014 04:12:34 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (04/01/2014 04:11:29 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
Error: (04/01/2014 04:11:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (04/01/2014 04:11:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3071.3 MB
Available physical RAM: 1657.12 MB
Total Pagefile: 11771.59 MB
Available Pagefile: 10179.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:156.57 GB) (Free:83.57 GB) NTFS
Drive d: () (Fixed) (Total:264.69 GB) (Free:153.38 GB) NTFS
Drive f: () (Fixed) (Total:245.04 GB) (Free:194.06 GB) NTFS
Drive i: () (Fixed) (Total:265.11 GB) (Free:141.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 009CCE01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=157 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=775 GB) - (Type=OF Extended)
==================== End Of Log ============================
die mbam log habe ich auch gefunden Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.04.2014
Suchlauf-Zeit: 11:54:17
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.04.01.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Linda
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 224090
Verstrichene Zeit: 8 Min, 42 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [2cfa4bdafd7e9c9aa872661ac142639d],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1343621597-621099857-3195805417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [b5712401fa819d996025691756adba46],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1343621597-621099857-3195805417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [9c8a4cd997e4c1756daceb9524df5ba5],
Registrierungswerte: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {7D80FDF4-10CF-11E2-B5C6-005056C00008}, In Quarantäne, [2cfa4bdafd7e9c9aa872661ac142639d]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1343621597-621099857-3195805417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {7D80FDF4-10CF-11E2-B5C6-005056C00008}, In Quarantäne, [9c8a4cd997e4c1756daceb9524df5ba5]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 3
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy\215B50B338E04FA48AD5C50E3318F6F0, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy\9A45FFBE2C1B4AE88B1C007C05E96027, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
Dateien: 4
PUP.Optional.OpenCandy.A, C:\Users\Linda\AppData\Roaming\OpenCandy\9A45FFBE2C1B4AE88B1C007C05E96027\LatestDLMgr.exe, In Quarantäne, [aa7ccc59b8c389ad98ae29dbe8196898],
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy\215B50B338E04FA48AD5C50E3318F6F0\speedupmypcDE.exe, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy\9A45FFBE2C1B4AE88B1C007C05E96027\2175.ico, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
PUP.Optional.OpenCandy, C:\Users\Linda\AppData\Roaming\OpenCandy\9A45FFBE2C1B4AE88B1C007C05E96027\driverscannerDE.exe, In Quarantäne, [e442ea3b9dde0333ab754b068b7701ff],
Physische Sektoren: 0
(No malicious items detected)
(end)
|
FRST 32-Bit | FRST 64-Bit
WARNUNG an die MITLESER: