| |
| |||||||
Log-Analyse und Auswertung: BProtector Gen Virus lässt sich von Avira nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.03.2014, 17:15
| #1 |
| |  BProtector Gen Virus lässt sich von Avira nicht entfernen Hallo liebe Helfer in der Virusnot , ich habe ein riesen Problem, da mein Avira Programm ein Virus mit dem Namen BProtector Gen gefunden hat, jedoch fährt sich mein Computer immer runter wenn ich diesen entfernen möchte. Hier sind meine Logdaten. Ich wäre sehr dankbar über Hilfe! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:26 on 29/03/2014 (Verena)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Verena (administrator) on VERENA-VAIO on 29-03-2014 14:28:35 Running from C:\Users\Verena\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ( ) C:\Windows\system32\lxczcoms.exe (Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files (x86)\Tor\tor.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin () C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-17] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [538472 2009-06-17] (Symantec Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-06-01] (RealNetworks, Inc.) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-2766380255-2121188762-1697972455-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-03] (Google Inc.) HKU\S-1-5-21-2766380255-2121188762-1697972455-1001\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Verena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-2766380255-2121188762-1697972455-1001\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-2766380255-2121188762-1697972455-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-03] (Google Inc.) HKU\S-1-5-21-2766380255-2121188762-1697972455-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Verena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-2766380255-2121188762-1697972455-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] () AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_obla&mntrId=E26C78843C286402&affID=119357&tt=250613_gr1&tsp=4926 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E26C78843C286402&affID=119357&tt=250613_gr1&tsp=4926 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389295961&from=amt&uid=HitachiXHTS545050B9A300_120313PDD400J7K2BKLAX&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {650CF500-61B6-41C9-BA3A-731D1DCCEF8C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN15858133152965158&UM=2 SearchScopes: HKCU - {8B6B0779-8CFE-4394-934B-D807924EBF1C} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKCU - {98478137-B465-4CD2-B559-D08A9BB3A7FD} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {B48F9DB4-EFED-41FB-B7EF-48AAFF83A17A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e26cc12c00000000000078843c286402&r=259 SearchScopes: HKCU - {B6B5F314-D5FE-46FD-A63B-37B2995A251F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7144f496-152f-4078-8314-7d7c93dcb397&apn_sauid=C5063003-4251-4D4E-8EC3-6CC7A6ACBF32 SearchScopes: HKCU - {CB330777-B055-45F7-A398-02ED121E616D} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: GreyGray - {5cb21133-55d7-4b7a-9c69-4352006c5d37} - C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll (GreyGray) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: GreyGray - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files (x86)\GreyGray\GreyGraybho.dll (GreyGray) BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\v0dp4648.default FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7144f496-152f-4078-8314-7d7c93dcb397&apn_ptnrs=%5EAGS&apn_sauid=C5063003-4251-4D4E-8EC3-6CC7A6ACBF32&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GreyGray - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\v0dp4648.default\Extensions\{f551efce-3692-4ed5-8201-c1c7dbef1744}.xpi [2014-03-01] FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-01] FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha101.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha101\ff FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha101\ff [2014-01-29] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha120.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha120\ff FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha120\ff [2014-02-23] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha1520.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1520\ff FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1520\ff [2014-03-01] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5108.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5108\ff FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5108\ff [2014-03-16] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2014-03-01] CHR Extension: (Media View) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdabkdekghoklmjloilplnfglhepmdl [2014-03-16] CHR Extension: (McAfee Security Scan+) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-01] CHR Extension: (WebToSave) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2014-03-01] CHR Extension: (RealDownloader) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-01] CHR Extension: (Lightning Newtab) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-03-01] CHR Extension: (Media View) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\leplljmgfjkmmlibjiefngnkobhlbold [2014-03-01] CHR Extension: (Media Viewer) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgibjoofacelaplidmmjbkinkkikede [2014-03-01] CHR Extension: (Google Wallet) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] CHR Extension: (Plus-HD-2.3) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec [2014-03-13] CHR Extension: (DVDvideoSoft 2.0) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf [2014-03-01] CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKCU\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKCU\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Verena\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Verena\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2012-11-05] CHR HKLM-x32\...\Chrome\Extension: [abdabkdekghoklmjloilplnfglhepmdl] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5108\ch\MediaViewV1alpha5108.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [leplljmgfjkmmlibjiefngnkobhlbold] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1520\ch\MediaViewV1alpha1520.crx [2014-02-26] CHR HKLM-x32\...\Chrome\Extension: [mbgibjoofacelaplidmmjbkinkkikede] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha120\ch\MediaViewerV1alpha120.crx [2014-02-23] CHR HKLM-x32\...\Chrome\Extension: [nhogbcndagiknbfomjgdeghehkljalhi] - C:\Program Files (x86)\GreyGray\nhogbcndagiknbfomjgdeghehkljalhi.crx [2014-02-23] CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Verena\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27] ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [502272 2014-01-10] (Cherished Technololgy LIMITED) R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( ) R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( ) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-04] () R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S2 Update GreyGray; C:\Program Files (x86)\GreyGray\updateGreyGray.exe [348440 2014-03-29] () R2 Util GreyGray; C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe [348440 2014-03-29] () S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-29 14:28 - 2014-03-29 14:29 - 00029134 _____ () C:\Users\Verena\Downloads\FRST.txt 2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\FRST 2014-03-29 14:27 - 2014-03-29 14:27 - 02157056 _____ (Farbar) C:\Users\Verena\Downloads\FRST64.exe 2014-03-29 14:22 - 2014-03-29 14:26 - 00000474 _____ () C:\Users\Verena\Downloads\defogger_disable.log 2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 _____ () C:\Users\Verena\defogger_reenable 2014-03-29 14:21 - 2014-03-29 14:22 - 00050477 _____ () C:\Users\Verena\Downloads\Defogger.exe 2014-03-29 14:06 - 2014-03-29 14:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-29 14:05 - 2014-03-29 14:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-29 14:05 - 2014-03-29 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-29 14:05 - 2014-03-29 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 14:05 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-29 14:05 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-29 14:05 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-29 14:03 - 2014-03-29 14:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 13:30 - 2014-03-29 13:30 - 00273952 _____ () C:\Windows\Minidump\032914-26800-01.dmp 2014-03-29 13:07 - 2014-03-29 13:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-03-29 13:07 - 2014-03-29 13:07 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Nico Mak Computing 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-03-29 13:07 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-03-29 13:02 - 2014-03-29 13:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8.exe 2014-03-29 13:02 - 2014-03-29 13:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8(1).exe 2014-03-28 18:42 - 2014-03-28 18:42 - 00273952 _____ () C:\Windows\Minidump\032814-21980-01.dmp 2014-03-28 16:41 - 2014-03-28 16:42 - 00273952 _____ () C:\Windows\Minidump\032814-23930-01.dmp 2014-03-28 16:32 - 2014-03-29 13:43 - 00000336 _____ () C:\Windows\setupact.log 2014-03-28 16:32 - 2014-03-29 13:30 - 512100321 _____ () C:\Windows\MEMORY.DMP 2014-03-28 16:32 - 2014-03-28 16:32 - 00273952 _____ () C:\Windows\Minidump\032814-27159-01.dmp 2014-03-28 16:32 - 2014-03-28 16:32 - 00000330 _____ () C:\Windows\PFRO.log 2014-03-28 16:32 - 2014-03-28 16:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-26 22:04 - 2014-03-26 22:04 - 07564331 _____ () C:\Users\Verena\Downloads\bungsunterlagen_FS_2014.zip 2014-03-26 22:03 - 2014-03-26 22:03 - 18933209 _____ () C:\Users\Verena\Downloads\Vorlesungsunterlagen_FS_2014.zip 2014-03-20 19:09 - 2014-03-20 19:09 - 00630172 _____ () C:\Users\Verena\Downloads\Arbeit_und_EntgeltReferat-neu.pptx 2014-03-19 21:48 - 2014-03-19 21:48 - 01402880 _____ () C:\Users\Verena\Downloads\GegenstandsbereicheArbeitswissenschaft_01.ppt 2014-03-19 21:39 - 2014-03-19 21:39 - 00108032 _____ () C:\Users\Verena\Downloads\TheorienAbZufriedenheitUndAbMotivation.ppt 2014-03-19 18:52 - 2014-03-29 13:30 - 00000000 ____D () C:\Windows\Minidump 2014-03-14 11:08 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 11:08 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 11:08 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 11:07 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 11:07 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 11:07 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 11:07 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 11:07 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 11:07 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 11:07 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 11:07 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 11:07 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 11:07 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 11:07 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 11:07 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 11:07 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 11:07 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 11:07 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 11:07 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 11:07 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 11:07 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 11:07 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 11:07 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 11:07 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 11:07 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 11:07 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 11:07 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 11:07 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 11:07 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 11:07 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 11:07 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 11:07 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 11:07 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 11:07 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 11:07 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 11:07 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 11:07 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 11:07 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 11:07 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 11:07 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 11:07 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 11:07 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 11:07 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 11:07 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 11:05 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 11:05 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 11:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-14 11:05 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 18:25 - 2014-03-12 18:29 - 148418360 _____ () C:\Users\Verena\Downloads\avira_internet_security_suite_de.exe 2014-03-01 18:32 - 2014-03-01 18:32 - 00000000 ____D () C:\Users\Verena\AppData\Local\Macromedia 2014-03-01 18:27 - 2014-03-01 18:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-01 18:27 - 2014-03-01 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 18:27 - 2014-03-01 18:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Mozilla 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Users\Verena\AppData\Local\Mozilla 2014-03-01 12:13 - 2014-03-29 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-01 12:13 - 2014-03-01 12:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-01 12:13 - 2014-03-01 12:13 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-01 08:25 - 2014-03-16 07:15 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 ==================== One Month Modified Files and Folders ======= 2014-03-29 14:29 - 2014-03-29 14:28 - 00029134 _____ () C:\Users\Verena\Downloads\FRST.txt 2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\FRST 2014-03-29 14:27 - 2014-03-29 14:27 - 02157056 _____ (Farbar) C:\Users\Verena\Downloads\FRST64.exe 2014-03-29 14:26 - 2014-03-29 14:22 - 00000474 _____ () C:\Users\Verena\Downloads\defogger_disable.log 2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 _____ () C:\Users\Verena\defogger_reenable 2014-03-29 14:22 - 2014-03-29 14:21 - 00050477 _____ () C:\Users\Verena\Downloads\Defogger.exe 2014-03-29 14:22 - 2012-09-06 13:17 - 00000000 ____D () C:\Users\Verena 2014-03-29 14:18 - 2014-03-01 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 14:18 - 2013-06-27 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 14:12 - 2012-09-03 12:54 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-29 14:11 - 2014-03-29 14:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-29 14:10 - 2014-02-13 21:10 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-29 14:10 - 2013-06-27 15:59 - 00000290 _____ () C:\Windows\Tasks\DSite.job 2014-03-29 14:08 - 2014-03-29 14:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-29 14:08 - 2014-03-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-29 14:05 - 2014-03-29 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 14:03 - 2014-03-29 14:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 13:53 - 2009-07-14 05:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-29 13:53 - 2009-07-14 05:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-29 13:49 - 2012-09-03 12:38 - 01664186 _____ () C:\Windows\WindowsUpdate.log 2014-03-29 13:47 - 2014-03-29 13:07 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-03-29 13:47 - 2012-09-06 13:24 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{567FCAB1-1C79-4388-9300-9F485CC8C68F} 2014-03-29 13:44 - 2014-01-09 20:32 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\newnext.me 2014-03-29 13:44 - 2014-01-09 20:30 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-03-29 13:44 - 2013-10-14 11:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8cb310fa394.job 2014-03-29 13:44 - 2013-06-27 16:01 - 00001196 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job 2014-03-29 13:44 - 2013-06-27 16:00 - 00001200 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job 2014-03-29 13:44 - 2013-06-27 16:00 - 00001100 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job 2014-03-29 13:44 - 2013-06-27 15:59 - 00001906 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job 2014-03-29 13:43 - 2014-03-28 16:32 - 00000336 _____ () C:\Windows\setupact.log 2014-03-29 13:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-29 13:30 - 2014-03-29 13:30 - 00273952 _____ () C:\Windows\Minidump\032914-26800-01.dmp 2014-03-29 13:30 - 2014-03-28 16:32 - 512100321 _____ () C:\Windows\MEMORY.DMP 2014-03-29 13:30 - 2014-03-19 18:52 - 00000000 ____D () C:\Windows\Minidump 2014-03-29 13:28 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 13:10 - 2013-07-30 17:10 - 00000061 _____ () C:\Users\Verena\AppData\Roaming\WB.CFG 2014-03-29 13:07 - 2014-03-29 13:07 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Nico Mak Computing 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-03-29 13:02 - 2014-03-29 13:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8.exe 2014-03-29 13:02 - 2014-03-29 13:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8(1).exe 2014-03-28 18:49 - 2014-01-09 20:33 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-03-28 18:42 - 2014-03-28 18:42 - 00273952 _____ () C:\Windows\Minidump\032814-21980-01.dmp 2014-03-28 17:55 - 2013-06-01 15:37 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Verena.job 2014-03-28 16:42 - 2014-03-28 16:41 - 00273952 _____ () C:\Windows\Minidump\032814-23930-01.dmp 2014-03-28 16:32 - 2014-03-28 16:32 - 00273952 _____ () C:\Windows\Minidump\032814-27159-01.dmp 2014-03-28 16:32 - 2014-03-28 16:32 - 00000330 _____ () C:\Windows\PFRO.log 2014-03-28 16:32 - 2014-03-28 16:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-28 16:24 - 2012-09-03 12:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-28 16:09 - 2009-07-14 03:34 - 00000603 _____ () C:\Windows\win.ini 2014-03-26 22:06 - 2012-10-21 12:23 - 00000000 ____D () C:\Users\Public\Documents\Alanus 2014-03-26 22:04 - 2014-03-26 22:04 - 07564331 _____ () C:\Users\Verena\Downloads\bungsunterlagen_FS_2014.zip 2014-03-26 22:04 - 2012-12-12 21:20 - 03023360 ___SH () C:\Users\Verena\Downloads\Thumbs.db 2014-03-26 22:03 - 2014-03-26 22:03 - 18933209 _____ () C:\Users\Verena\Downloads\Vorlesungsunterlagen_FS_2014.zip 2014-03-20 19:09 - 2014-03-20 19:09 - 00630172 _____ () C:\Users\Verena\Downloads\Arbeit_und_EntgeltReferat-neu.pptx 2014-03-19 21:48 - 2014-03-19 21:48 - 01402880 _____ () C:\Users\Verena\Downloads\GegenstandsbereicheArbeitswissenschaft_01.ppt 2014-03-19 21:39 - 2014-03-19 21:39 - 00108032 _____ () C:\Users\Verena\Downloads\TheorienAbZufriedenheitUndAbMotivation.ppt 2014-03-17 21:16 - 2012-09-12 12:09 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Skype 2014-03-16 07:16 - 2014-01-29 19:40 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-16 07:15 - 2014-03-01 08:25 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 2014-03-15 12:17 - 2009-07-14 05:45 - 00364120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-15 12:16 - 2013-06-27 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-15 12:16 - 2013-06-27 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 09:13 - 2013-04-24 14:03 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-12 18:36 - 2012-11-05 21:23 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-12 18:29 - 2014-03-12 18:25 - 148418360 _____ () C:\Users\Verena\Downloads\avira_internet_security_suite_de.exe 2014-03-06 19:55 - 2013-02-19 18:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-06 19:55 - 2012-09-03 13:08 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 09:26 - 2014-03-29 14:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-29 14:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-29 14:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 20:25 - 2012-09-03 13:33 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-03-03 20:25 - 2012-09-03 13:33 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-03-03 20:25 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-02 08:50 - 2012-09-11 10:52 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-01 18:32 - 2014-03-01 18:32 - 00000000 ____D () C:\Users\Verena\AppData\Local\Macromedia 2014-03-01 18:31 - 2012-09-12 15:22 - 00000000 ____D () C:\Users\Verena\AppData\Local\Adobe 2014-03-01 18:27 - 2014-03-01 18:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-01 18:27 - 2014-03-01 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 18:27 - 2014-03-01 18:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-01 18:27 - 2012-09-03 12:54 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Mozilla 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Users\Verena\AppData\Local\Mozilla 2014-03-01 12:13 - 2014-03-01 12:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-01 12:13 - 2014-03-01 12:13 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-01 11:36 - 2014-01-09 20:32 - 00000000 ____D () C:\Users\Verena\AppData\Local\Mobogenie 2014-03-01 08:26 - 2014-01-09 20:34 - 00000295 _____ () C:\extensions.ini 2014-03-01 07:05 - 2014-03-14 11:07 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-14 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-14 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-14 11:07 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-14 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-14 11:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-14 11:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-14 11:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-14 11:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-14 11:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-14 11:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-14 11:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-14 11:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-14 11:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-14 11:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-14 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-14 11:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-14 11:07 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-14 11:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-14 11:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-14 11:07 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-14 11:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-14 11:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-14 11:07 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-14 11:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-14 11:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-14 11:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-14 11:07 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-14 11:07 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-14 11:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-14 11:07 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-14 11:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-14 11:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-14 11:07 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-14 11:07 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-14 11:07 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-14 11:07 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-14 11:07 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-14 11:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-14 11:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Verena\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-23 08:30 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Verena at 2014-03-29 14:29:55
Running from C:\Users\Verena\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.11.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{FED99701-A3A5-CE6B-4D04-DECF94784B89}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Internet Security Suite (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.5.0.13220 - Sony Corporation)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeFileSync 5.22 (HKLM-x32\...\FreeFileSync) (Version: 5.22 - Zenju)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GreyGray (HKLM\...\GreyGray) (Version: 2013.12.07.011955 - GreyGray) <==== ATTENTION
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
IePluginService12.27.0.3292 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3292 - Cherished Technololgy LIMITED) <==== ATTENTION
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)
Lollipop (HKCU\...\lollipop) (Version: - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Media Player (HKLM-x32\...\MediaPlayerV1alpha101) (Version: 1.1 - Media Player)
Media View (HKLM-x32\...\MediaViewV1alpha1520) (Version: 1.1 - Media View)
Media View (HKLM-x32\...\MediaViewV1alpha5108) (Version: 1.1 - Media View)
Media Viewer (HKLM-x32\...\MediaViewerV1alpha120) (Version: 1.1 - Media Viewer)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.4.1199 - Omnifone)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.02.03310 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.1.00.14080 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.1.00.14080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.1.00.15040 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.0.15090 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.3.263 - Roxio) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.15250 - Sony Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.1.0.14240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Ultimate Codec (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.3.0.13150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.15250 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.7.0.16080 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.0.0.14050 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.0.0.03290 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.15040 - Sony Corporation)
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.1.00.14040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.2.0.15080 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.1.0.14090 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.1.13070 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
==================== Restore Points =========================
15-03-2014 10:25:26 Windows Update
23-03-2014 07:37:49 Geplanter Prüfpunkt
29-03-2014 11:59:30 Removed Java(TM) 6 Update 18 (64-bit)
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {06E070A0-BE94-4EAD-BFDA-7613E6A8895E} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {08A1811D-F1E7-4F48-A65B-1EDD9015F694} - System32\Tasks\Digital Sites => C:\Users\Verena\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {157CC639-9FA0-4C06-8E95-3B6FFED0ADF5} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-06-27] (Plus HD) <==== ATTENTION
Task: {1D5B1F18-0E43-49C9-B59B-3E6C05B2565C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {3282D3C9-50D3-46B2-8D54-B31CFC7ECA00} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {32F4884D-209C-43A4-97AC-EBBC4140837F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {3363B8A2-FB0C-45F7-A1D6-B7EC8AF30986} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {3B800985-E1E1-4B03-8D2B-B05ED256DF09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {3BDCCAF7-CC6F-44F8-9458-1D943F2567B8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {4EB9A971-4816-48EF-A7F7-C26D2B486940} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {4F0C0C19-BE42-44DD-A24F-F6B65DF9315A} - System32\Tasks\AmiUpdXp => C:\Users\Verena\AppData\Local\SwvUpdater\Updater.exe [2014-01-09] (Amonetizé Ltd) <==== ATTENTION
Task: {51C05295-363A-4686-905F-8B5F82F5AC84} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-11-23] (Plus HD) <==== ATTENTION
Task: {6FEF50B5-F971-49D1-A86A-F9169EB54917} - System32\Tasks\Norton Security Scan for Verena => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {783C194A-CD87-4375-8E43-F7F7FB192D7C} - System32\Tasks\DealPly => C:\Users\Verena\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {79925CE7-7EE3-485D-93D8-904A261AA2A7} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-27] (Plus HD) <==== ATTENTION
Task: {95CE8737-D968-434F-B791-B17E18F8FE7A} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {9E70DC9E-8FAB-4ADA-8135-FEFDD7FB4734} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-29] () <==== ATTENTION
Task: {A2B41D72-183E-44ED-950C-172511CC722F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2766380255-2121188762-1697972455-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A900E5C2-FCB2-458E-BBF8-E66C2A7EE3D7} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-02-06] (Sony Corporation)
Task: {B18E8C07-8205-487B-94D8-56D1D8835633} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {C1504D94-CCA8-4CFB-A611-E0AE7679D7BA} - System32\Tasks\GoogleUpdateTaskMachineCore1cec8cb310fa394 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {CD75B242-845F-4DA2-8F0B-E4A60441DDF4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2766380255-2121188762-1697972455-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CDF200C7-4705-424C-8D32-3689B5574F60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CE052A53-185C-41A7-BEA4-E62B8DBBFDC4} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2014-02-13] (Microsoft Corporation)
Task: {D84B0025-8748-4C25-95D1-88D608B8E817} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {E3B16209-8C0E-453B-873F-FA02C2C1A5AF} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-02-06] (Sony Corporation)
Task: {ECF567B2-E112-49F5-8BAC-692635F34BC1} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-06-27] (Plus HD) <==== ATTENTION
Task: {F428FEB3-4273-4540-96CF-1A9366194661} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {FEE8DEE0-8E21-4B7A-9FF4-CE507A4734FC} - System32\Tasks\DSite => C:\Users\Verena\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Verena\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Verena\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Verena\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8cb310fa394.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Verena.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-11-22 09:13 - 2013-11-18 15:32 - 01958880 ____N () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-08-31 23:22 - 2013-09-04 20:06 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2014-01-12 22:18 - 2014-03-29 12:32 - 00348440 _____ () C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe
2014-02-21 02:52 - 2014-02-21 02:52 - 00043520 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-12-19 17:36 - 2013-12-19 17:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2008-08-26 10:41 - 2008-08-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-09-03 12:50 - 2012-09-03 12:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-11-23 19:48 - 2011-02-25 17:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2012-11-05 21:22 - 2014-02-25 11:47 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-29 13:07 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-03-29 13:07 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-09-03 13:11 - 2010-03-02 15:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2012-09-03 13:11 - 2010-03-02 15:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2014-03-01 12:13 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-01 18:27 - 2014-03-01 18:27 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/29/2014 02:05:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.495, Zeitstempel: 0x53165beb
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x10f8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (03/28/2014 04:53:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 14.0.3.332, Zeitstempel: 0x52f8ba6b
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012473
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (03/28/2014 04:04:49 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706bf, Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt.
.
Vorgang:
VSS-Server wird instanziiert
Error: (03/28/2014 04:04:49 PM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x800706bf, Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt.
]
Vorgang:
VSS-Server wird instanziiert
Error: (03/28/2014 04:04:48 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706bf, Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt.
.
Vorgang:
VSS-Server wird instanziiert
Error: (03/28/2014 04:04:48 PM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x800706bf, Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt.
]
Vorgang:
VSS-Server wird instanziiert
Error: (03/28/2014 00:57:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2014 09:06:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/23/2014 08:35:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/20/2014 07:58:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: netprofm.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002505
ID des fehlerhaften Prozesses: 0x2180
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
System errors:
=============
Error: (03/29/2014 01:48:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Error: (03/29/2014 01:44:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update GreyGray" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/29/2014 01:44:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update GreyGray erreicht.
Error: (03/29/2014 01:43:40 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 29.03.2014 um 13:41:59 unerwartet heruntergefahren.
Error: (03/29/2014 01:34:43 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Error: (03/29/2014 01:34:35 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070420
Error: (03/29/2014 01:30:17 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8004943b30, 0xfffffa8004943e10, 0xfffff800037d77b0)C:\Windows\MEMORY.DMP032914-26800-01
Error: (03/29/2014 01:30:14 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 29.03.2014 um 13:28:32 unerwartet heruntergefahren.
Error: (03/29/2014 00:59:30 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error: (03/29/2014 00:33:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 66%
Total physical RAM: 3834.9 MB
Available physical RAM: 1266.28 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 4526.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:455.68 GB) (Free:365.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9CC6DA01)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- Bei den Logdaten von meinem Avira hatte ich leider ein Problem. Ich konnte wie beschrieben die Ereignisse exportieren, jedoch kann ich sie hier nicht einfügen. Da wird das was ich vorher kopiert habe eingefügt. Könntest du mir da vielleicht schon weiterhelfen?^^ |
|
29.03.2014, 17:52
| #2 |
| /// the machine /// TB-Ausbilder    | BProtector Gen Virus lässt sich von Avira nicht entfernen hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
30.03.2014, 13:06
| #3 |
| | BProtector Gen Virus lässt sich von Avira nicht entfernen Vielen, vielen Dank für die superschnelle Antwort!! Ich habe alles so gemacht wie du beschrieben hast. Hier die Logdaten:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.03.2014 Suchlauf-Zeit: 13:08:45 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.29.01 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Verena Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 245529 Verstrichene Zeit: 22 Std, 57 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 30/03/2014 um 13:35:03
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Verena - VERENA-VAIO
# Gestartet von : C:\Users\Verena\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\SearchProtect
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\AmiExt
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerV1
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Verena\Qtrax
Ordner Gelöscht : C:\Users\Verena\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Verena\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Verena\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\ValueApps
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
Ordner Gelöscht : C:\Users\Verena\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\iLivid.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\QtraxPlayer
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Verena on 30.03.2014 at 13:44:22,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2766380255-2121188762-1697972455-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{650CF500-61B6-41C9-BA3A-731D1DCCEF8C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B48F9DB4-EFED-41FB-B7EF-48AAFF83A17A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6B5F314-D5FE-46FD-A63B-37B2995A251F}
~~~ Files
Successfully deleted: [File] "C:\Users\Verena\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Verena\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Verena\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Verena\music\qtrax media library"
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\ext@flash-enhancer.com
Emptied folder: C:\Users\Verena\AppData\Roaming\mozilla\firefox\profiles\v0dp4648.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Verena (administrator) on VERENA-VAIO on 30-03-2014 14:00:30 Running from C:\Users\Verena\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ( ) C:\Windows\system32\lxczcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files (x86)\Tor\tor.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe |
|
31.03.2014, 10:29
| #4 |
| /// the machine /// TB-Ausbilder | BProtector Gen Virus lässt sich von Avira nicht entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.04.2014, 08:31
| #5 |
| | BProtector Gen Virus lässt sich von Avira nicht entfernen Hey Schrauber, vielend dank für die Anleitung! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ba35d9c80ece34ea8379972fe83028e
# engine=17688
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 03:19:49
# local_time=2014-03-31 05:19:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1743141 147909039 0 0
# scanned=189516
# found=0
# cleaned=0
# scan_time=18859
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Avira Desktop Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 12.0.0.70 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe WinZip Malware Protector WinZipMalwareProtector.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Verena (administrator) on VERENA-VAIO on 31-03-2014 21:22:02 Running from C:\Users\Verena\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ( ) C:\Windows\system32\lxczcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files (x86)\Tor\tor.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe () C:\Users\Verena\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-17] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [538472 2009-06-17] (Symantec Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-06-01] (RealNetworks, Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-01] (Microsoft Corporation) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-2766380255-2121188762-1697972455-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-03] (Google Inc.) HKU\S-1-5-21-2766380255-2121188762-1697972455-1001\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {8B6B0779-8CFE-4394-934B-D807924EBF1C} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKCU - {98478137-B465-4CD2-B559-D08A9BB3A7FD} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {CB330777-B055-45F7-A398-02ED121E616D} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\v0dp4648.default FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-01] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-30] CHR Extension: (Google Drive) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30] CHR Extension: (YouTube) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30] CHR Extension: (McAfee Security Scan+) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-01] CHR Extension: (Google-Suche) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30] CHR Extension: (WebToSave) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2014-03-01] CHR Extension: (RealDownloader) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-01] CHR Extension: (Google Wallet) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] CHR Extension: (Google Mail) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30] CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKCU\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [abdabkdekghoklmjloilplnfglhepmdl] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5108\ch\MediaViewV1alpha5108.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Verena\AppData\Local\WebToSave.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16] CHR HKLM-x32\...\Chrome\Extension: [leplljmgfjkmmlibjiefngnkobhlbold] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1520\ch\MediaViewV1alpha1520.crx [2013-04-16] CHR HKLM-x32\...\Chrome\Extension: [mbgibjoofacelaplidmmjbkinkkikede] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha120\ch\MediaViewerV1alpha120.crx [2013-04-16] ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( ) R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( ) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-04] () R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 21:16 - 2014-03-31 21:16 - 00987442 _____ () C:\Users\Verena\Downloads\SecurityCheck.exe 2014-03-31 12:04 - 2014-03-31 12:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-31 12:00 - 2014-03-31 12:00 - 02347384 _____ (ESET) C:\Users\Verena\Downloads\esetsmartinstaller_enu.exe 2014-03-30 18:11 - 2014-03-30 18:11 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-30 14:01 - 2014-03-30 14:01 - 00046203 _____ () C:\Users\Verena\Desktop\FRSTneu.txt 2014-03-30 13:55 - 2014-03-30 13:55 - 00002426 _____ () C:\Users\Verena\Desktop\JRT.txt 2014-03-30 13:44 - 2014-03-30 13:44 - 00000000 ____D () C:\Windows\ERUNT 2014-03-30 13:43 - 2014-03-30 13:43 - 01038974 _____ (Thisisu) C:\Users\Verena\Downloads\JRT.exe 2014-03-30 13:42 - 2014-03-30 13:42 - 00010402 _____ () C:\Users\Verena\Desktop\AdwCleaner[S0].txt 2014-03-30 13:28 - 2014-03-30 13:36 - 00000000 ____D () C:\AdwCleaner 2014-03-30 13:27 - 2014-03-30 13:27 - 01950720 _____ () C:\Users\Verena\Downloads\adwcleaner.exe 2014-03-30 13:08 - 2014-03-30 13:08 - 00001156 _____ () C:\Users\Verena\Desktop\mbam.txt 2014-03-29 19:02 - 2014-03-29 19:02 - 00040687 _____ () C:\Users\Verena\Desktop\Addition.txt 2014-03-29 19:00 - 2014-03-29 19:00 - 00001268 _____ () C:\Users\Verena\Desktop\Revo Uninstaller.lnk 2014-03-29 19:00 - 2014-03-29 19:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-29 18:59 - 2014-03-29 18:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Verena\Downloads\revosetup95.exe 2014-03-29 18:01 - 2014-03-29 18:01 - 00000476 _____ () C:\Users\Verena\Desktop\defogger_disable.log 2014-03-29 18:01 - 2014-03-29 18:01 - 00000474 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-03-29 17:40 - 2014-03-29 17:40 - 00071490 _____ () C:\Users\Verena\Desktop\gmer.log 2014-03-29 15:29 - 2014-03-29 15:32 - 00040687 _____ () C:\Users\Verena\Downloads\Addition.txt 2014-03-29 15:29 - 2014-03-29 15:30 - 00380416 _____ () C:\Users\Verena\Downloads\Gmer-19357.exe 2014-03-29 15:28 - 2014-03-31 21:22 - 00020343 _____ () C:\Users\Verena\Downloads\FRST.txt 2014-03-29 15:28 - 2014-03-31 21:22 - 00000000 ____D () C:\FRST 2014-03-29 15:27 - 2014-03-29 15:27 - 02157056 _____ (Farbar) C:\Users\Verena\Downloads\FRST64.exe 2014-03-29 15:22 - 2014-03-29 15:26 - 00000474 _____ () C:\Users\Verena\Downloads\defogger_disable.log 2014-03-29 15:22 - 2014-03-29 15:22 - 00000000 _____ () C:\Users\Verena\defogger_reenable 2014-03-29 15:21 - 2014-03-29 15:22 - 00050477 _____ () C:\Users\Verena\Downloads\Defogger.exe 2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:06 - 2014-03-31 17:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-29 15:05 - 2014-03-29 15:08 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-29 15:05 - 2014-03-29 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-29 15:05 - 2014-03-29 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 15:05 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-29 15:05 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-29 15:05 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-29 15:03 - 2014-03-29 15:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 14:30 - 2014-03-29 14:30 - 00273952 _____ () C:\Windows\Minidump\032914-26800-01.dmp 2014-03-29 14:07 - 2014-03-31 11:35 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-03-29 14:07 - 2014-03-29 14:07 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Nico Mak Computing 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-03-29 14:07 - 2013-03-15 18:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-03-29 14:02 - 2014-03-29 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8.exe 2014-03-29 14:02 - 2014-03-29 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8(1).exe 2014-03-28 19:42 - 2014-03-28 19:42 - 00273952 _____ () C:\Windows\Minidump\032814-21980-01.dmp 2014-03-28 17:41 - 2014-03-28 17:42 - 00273952 _____ () C:\Windows\Minidump\032814-23930-01.dmp 2014-03-28 17:32 - 2014-03-31 11:31 - 00134110 _____ () C:\Windows\PFRO.log 2014-03-28 17:32 - 2014-03-31 11:31 - 00000504 _____ () C:\Windows\setupact.log 2014-03-28 17:32 - 2014-03-29 14:30 - 512100321 _____ () C:\Windows\MEMORY.DMP 2014-03-28 17:32 - 2014-03-28 17:32 - 00273952 _____ () C:\Windows\Minidump\032814-27159-01.dmp 2014-03-28 17:32 - 2014-03-28 17:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-26 23:04 - 2014-03-26 23:04 - 07564331 _____ () C:\Users\Verena\Downloads\bungsunterlagen_FS_2014.zip 2014-03-26 23:03 - 2014-03-26 23:03 - 18933209 _____ () C:\Users\Verena\Downloads\Vorlesungsunterlagen_FS_2014.zip 2014-03-20 20:09 - 2014-03-20 20:09 - 00630172 _____ () C:\Users\Verena\Downloads\Arbeit_und_EntgeltReferat-neu.pptx 2014-03-19 22:48 - 2014-03-19 22:48 - 01402880 _____ () C:\Users\Verena\Downloads\GegenstandsbereicheArbeitswissenschaft_01.ppt 2014-03-19 22:39 - 2014-03-19 22:39 - 00108032 _____ () C:\Users\Verena\Downloads\TheorienAbZufriedenheitUndAbMotivation.ppt 2014-03-19 19:52 - 2014-03-29 14:30 - 00000000 ____D () C:\Windows\Minidump 2014-03-14 12:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-14 12:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-14 12:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-14 12:07 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 12:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-14 12:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-14 12:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 12:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-14 12:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-14 12:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-14 12:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-14 12:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-14 12:07 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-14 12:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-14 12:07 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-14 12:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 12:07 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-14 12:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 12:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-14 12:07 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-14 12:07 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 12:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-14 12:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-14 12:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 12:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-14 12:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-14 12:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 12:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-14 12:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-14 12:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-14 12:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-14 12:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 12:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-14 12:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 12:07 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 12:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 12:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-14 12:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 12:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 12:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 12:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 12:07 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 12:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 12:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 12:05 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-14 12:05 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 12:05 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-14 12:05 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 19:25 - 2014-03-12 19:29 - 148418360 _____ () C:\Users\Verena\Downloads\avira_internet_security_suite_de.exe 2014-03-01 19:32 - 2014-03-01 19:32 - 00000000 ____D () C:\Users\Verena\AppData\Local\Macromedia 2014-03-01 19:27 - 2014-03-01 19:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-01 19:27 - 2014-03-01 19:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 19:27 - 2014-03-01 19:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Mozilla 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Users\Verena\AppData\Local\Mozilla 2014-03-01 13:13 - 2014-03-30 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-01 13:13 - 2014-03-01 13:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-01 13:13 - 2014-03-01 13:13 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-01 09:25 - 2014-03-30 13:09 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 ==================== One Month Modified Files and Folders ======= 2014-03-31 21:22 - 2014-03-29 15:28 - 00020343 _____ () C:\Users\Verena\Downloads\FRST.txt 2014-03-31 21:22 - 2014-03-29 15:28 - 00000000 ____D () C:\FRST 2014-03-31 21:16 - 2014-03-31 21:16 - 00987442 _____ () C:\Users\Verena\Downloads\SecurityCheck.exe 2014-03-31 21:12 - 2013-10-14 12:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8cb310fa394.job 2014-03-31 21:12 - 2012-09-03 13:54 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 20:47 - 2012-09-03 13:38 - 01717078 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 17:30 - 2014-03-29 15:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-31 17:24 - 2012-09-06 14:24 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{567FCAB1-1C79-4388-9300-9F485CC8C68F} 2014-03-31 13:49 - 2012-11-26 13:08 - 00000000 ____D () C:\Users\Public\Documents\Briefe 2014-03-31 12:04 - 2014-03-31 12:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-31 12:03 - 2012-09-03 14:33 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 12:03 - 2012-09-03 14:33 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 12:03 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 12:00 - 2014-03-31 12:00 - 02347384 _____ (ESET) C:\Users\Verena\Downloads\esetsmartinstaller_enu.exe 2014-03-31 11:43 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 11:43 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 11:35 - 2014-03-29 14:07 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-03-31 11:31 - 2014-03-28 17:32 - 00134110 _____ () C:\Windows\PFRO.log 2014-03-31 11:31 - 2014-03-28 17:32 - 00000504 _____ () C:\Windows\setupact.log 2014-03-31 11:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-30 18:11 - 2014-03-30 18:11 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-30 18:10 - 2012-09-03 13:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-30 14:01 - 2014-03-30 14:01 - 00046203 _____ () C:\Users\Verena\Desktop\FRSTneu.txt 2014-03-30 13:55 - 2014-03-30 13:55 - 00002426 _____ () C:\Users\Verena\Desktop\JRT.txt 2014-03-30 13:44 - 2014-03-30 13:44 - 00000000 ____D () C:\Windows\ERUNT 2014-03-30 13:43 - 2014-03-30 13:43 - 01038974 _____ (Thisisu) C:\Users\Verena\Downloads\JRT.exe 2014-03-30 13:42 - 2014-03-30 13:42 - 00010402 _____ () C:\Users\Verena\Desktop\AdwCleaner[S0].txt 2014-03-30 13:36 - 2014-03-30 13:28 - 00000000 ____D () C:\AdwCleaner 2014-03-30 13:35 - 2012-09-06 14:17 - 00000000 ____D () C:\Users\Verena 2014-03-30 13:27 - 2014-03-30 13:27 - 01950720 _____ () C:\Users\Verena\Downloads\adwcleaner.exe 2014-03-30 13:12 - 2014-03-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-30 13:12 - 2013-06-01 16:37 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Verena.job 2014-03-30 13:09 - 2014-03-01 09:25 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 2014-03-30 13:09 - 2014-02-23 19:14 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1 2014-03-30 13:09 - 2013-03-28 20:39 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\DVDVideoSoft 2014-03-30 13:08 - 2014-03-30 13:08 - 00001156 _____ () C:\Users\Verena\Desktop\mbam.txt 2014-03-29 19:02 - 2014-03-29 19:02 - 00040687 _____ () C:\Users\Verena\Desktop\Addition.txt 2014-03-29 19:00 - 2014-03-29 19:00 - 00001268 _____ () C:\Users\Verena\Desktop\Revo Uninstaller.lnk 2014-03-29 19:00 - 2014-03-29 19:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-29 18:59 - 2014-03-29 18:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Verena\Downloads\revosetup95.exe 2014-03-29 18:01 - 2014-03-29 18:01 - 00000476 _____ () C:\Users\Verena\Desktop\defogger_disable.log 2014-03-29 18:01 - 2014-03-29 18:01 - 00000474 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-03-29 17:40 - 2014-03-29 17:40 - 00071490 _____ () C:\Users\Verena\Desktop\gmer.log 2014-03-29 15:32 - 2014-03-29 15:29 - 00040687 _____ () C:\Users\Verena\Downloads\Addition.txt 2014-03-29 15:30 - 2014-03-29 15:29 - 00380416 _____ () C:\Users\Verena\Downloads\Gmer-19357.exe 2014-03-29 15:27 - 2014-03-29 15:27 - 02157056 _____ (Farbar) C:\Users\Verena\Downloads\FRST64.exe 2014-03-29 15:26 - 2014-03-29 15:22 - 00000474 _____ () C:\Users\Verena\Downloads\defogger_disable.log 2014-03-29 15:22 - 2014-03-29 15:22 - 00000000 _____ () C:\Users\Verena\defogger_reenable 2014-03-29 15:22 - 2014-03-29 15:21 - 00050477 _____ () C:\Users\Verena\Downloads\Defogger.exe 2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:08 - 2014-03-29 15:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-29 15:08 - 2014-03-29 15:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-29 15:05 - 2014-03-29 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 15:03 - 2014-03-29 15:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 14:30 - 2014-03-29 14:30 - 00273952 _____ () C:\Windows\Minidump\032914-26800-01.dmp 2014-03-29 14:30 - 2014-03-28 17:32 - 512100321 _____ () C:\Windows\MEMORY.DMP 2014-03-29 14:30 - 2014-03-19 19:52 - 00000000 ____D () C:\Windows\Minidump 2014-03-29 14:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 14:10 - 2013-07-30 18:10 - 00000061 _____ () C:\Users\Verena\AppData\Roaming\WB.CFG 2014-03-29 14:07 - 2014-03-29 14:07 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Nico Mak Computing 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-03-29 14:07 - 2014-03-29 14:07 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-03-29 14:02 - 2014-03-29 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8.exe 2014-03-29 14:02 - 2014-03-29 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Verena\Downloads\wzmp_8(1).exe 2014-03-28 19:42 - 2014-03-28 19:42 - 00273952 _____ () C:\Windows\Minidump\032814-21980-01.dmp 2014-03-28 17:42 - 2014-03-28 17:41 - 00273952 _____ () C:\Windows\Minidump\032814-23930-01.dmp 2014-03-28 17:32 - 2014-03-28 17:32 - 00273952 _____ () C:\Windows\Minidump\032814-27159-01.dmp 2014-03-28 17:32 - 2014-03-28 17:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-28 17:09 - 2009-07-14 04:34 - 00000603 _____ () C:\Windows\win.ini 2014-03-26 23:06 - 2012-10-21 13:23 - 00000000 ____D () C:\Users\Public\Documents\Alanus 2014-03-26 23:04 - 2014-03-26 23:04 - 07564331 _____ () C:\Users\Verena\Downloads\bungsunterlagen_FS_2014.zip 2014-03-26 23:04 - 2012-12-12 22:20 - 03023360 ___SH () C:\Users\Verena\Downloads\Thumbs.db 2014-03-26 23:03 - 2014-03-26 23:03 - 18933209 _____ () C:\Users\Verena\Downloads\Vorlesungsunterlagen_FS_2014.zip 2014-03-20 20:09 - 2014-03-20 20:09 - 00630172 _____ () C:\Users\Verena\Downloads\Arbeit_und_EntgeltReferat-neu.pptx 2014-03-19 22:48 - 2014-03-19 22:48 - 01402880 _____ () C:\Users\Verena\Downloads\GegenstandsbereicheArbeitswissenschaft_01.ppt 2014-03-19 22:39 - 2014-03-19 22:39 - 00108032 _____ () C:\Users\Verena\Downloads\TheorienAbZufriedenheitUndAbMotivation.ppt 2014-03-17 22:16 - 2012-09-12 13:09 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Skype 2014-03-16 08:16 - 2014-01-29 20:40 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-15 13:17 - 2009-07-14 06:45 - 00364120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-15 13:16 - 2013-06-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-15 13:16 - 2013-06-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 10:13 - 2013-04-24 15:03 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-12 19:36 - 2012-11-05 22:23 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-12 19:29 - 2014-03-12 19:25 - 148418360 _____ () C:\Users\Verena\Downloads\avira_internet_security_suite_de.exe 2014-03-06 20:55 - 2013-02-19 19:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-06 20:55 - 2012-09-03 14:08 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 10:26 - 2014-03-29 15:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 10:26 - 2014-03-29 15:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 10:26 - 2014-03-29 15:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-02 09:50 - 2012-09-11 11:52 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-01 19:32 - 2014-03-01 19:32 - 00000000 ____D () C:\Users\Verena\AppData\Local\Macromedia 2014-03-01 19:31 - 2012-09-12 16:22 - 00000000 ____D () C:\Users\Verena\AppData\Local\Adobe 2014-03-01 19:27 - 2014-03-01 19:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-01 19:27 - 2014-03-01 19:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 19:27 - 2014-03-01 19:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-01 19:27 - 2012-09-03 13:54 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Mozilla 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Users\Verena\AppData\Local\Mozilla 2014-03-01 13:13 - 2014-03-01 13:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-01 13:13 - 2014-03-01 13:13 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-01 09:26 - 2014-01-09 21:34 - 00000295 _____ () C:\extensions.ini 2014-03-01 08:05 - 2014-03-14 12:07 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 07:17 - 2014-03-14 12:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 07:16 - 2014-03-14 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 06:58 - 2014-03-14 12:07 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 06:52 - 2014-03-14 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 06:51 - 2014-03-14 12:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 06:42 - 2014-03-14 12:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 06:40 - 2014-03-14 12:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 06:37 - 2014-03-14 12:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 06:33 - 2014-03-14 12:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 06:33 - 2014-03-14 12:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 06:32 - 2014-03-14 12:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 06:30 - 2014-03-14 12:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 06:23 - 2014-03-14 12:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 06:17 - 2014-03-14 12:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 06:11 - 2014-03-14 12:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 06:02 - 2014-03-14 12:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 05:54 - 2014-03-14 12:07 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 05:52 - 2014-03-14 12:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 05:51 - 2014-03-14 12:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 05:47 - 2014-03-14 12:07 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 05:43 - 2014-03-14 12:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 05:43 - 2014-03-14 12:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 05:42 - 2014-03-14 12:07 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 05:40 - 2014-03-14 12:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 05:38 - 2014-03-14 12:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 05:37 - 2014-03-14 12:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 05:35 - 2014-03-14 12:07 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 05:18 - 2014-03-14 12:07 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 05:16 - 2014-03-14 12:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 05:14 - 2014-03-14 12:07 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 05:10 - 2014-03-14 12:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 05:03 - 2014-03-14 12:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 05:00 - 2014-03-14 12:07 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 04:57 - 2014-03-14 12:07 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 04:38 - 2014-03-14 12:07 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 04:32 - 2014-03-14 12:07 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 04:27 - 2014-03-14 12:07 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 04:25 - 2014-03-14 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 04:25 - 2014-03-14 12:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Verena\AppData\Local\Temp\avgnt.exe C:\Users\Verena\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-23 09:30 ==================== End Of Log ============================ Mein Avira hat danach wieder einen Fund des Viruses signalisiert, konnte es diesmal aber in Quarantäne verschieben. Damit ist der Virus entfernt oder? |
|
02.04.2014, 08:40
| #6 |
| /// the machine /// TB-Ausbilder | BProtector Gen Virus lässt sich von Avira nicht entfernen Zeig mal das aktuelle Log von Antivir damit ich sehe wo es was gefunden hat. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ --> BProtector Gen Virus lässt sich von Avira nicht entfernen |
|
02.04.2014, 21:13
| #7 |
| | BProtector Gen Virus lässt sich von Avira nicht entfernen Hallo Schrauber, ich habe Avira nochmal laufen lassen und diesmal wurde kein Virus mehr gefunden. Hier noch der Log von Farbar Service Scanner: Code:
ATTFilter Farbar Service Scanner Version: 25-02-2014
Ran by Verena (administrator) on 02-04-2014 at 22:10:15
Running from "C:\Users\Verena\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
03.04.2014, 12:03
| #8 |
| /// the machine /// TB-Ausbilder | BProtector Gen Virus lässt sich von Avira nicht entfernen Bitte folgendes machen: http://www.trojaner-board.de/126216-...epair-aio.html
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.04.2014, 16:18
| #9 |
| | BProtector Gen Virus lässt sich von Avira nicht entfernen Hallo Schrauber, Ich habe das Windows Repair durchgeführt. Brauchst du davon den Log? Avira zeigt auf jeden Fall keinen Virus mehr...Du hast mir wirklich sehr geholfen! Vielen, vielen Dank dafür!! Eine Frage habe ich noch: wie ist das mit den ganzen Programmen, die ich runtergeladen habe. Kann ich die wieder deinstallieren? |
|
07.04.2014, 13:39
| #10 |
| /// the machine /// TB-Ausbilder | BProtector Gen Virus lässt sich von Avira nicht entfernen Räumen wir jetzt auf. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.04.2014, 10:04
| #11 |
| | BProtector Gen Virus lässt sich von Avira nicht entfernen Vielen Dank Schrauber jetzt läuft alles wieder und der Virus ist weg!! :-) |
|
09.04.2014, 08:21
| #12 |
| /// the machine /// TB-Ausbilder | BProtector Gen Virus lässt sich von Avira nicht entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu BProtector Gen Virus lässt sich von Avira nicht entfernen |
| antivir, avira, branding, computer, desktop, diagnostics, entfernen, error, excel, firefox, flash player, google, home, homepage, iexplore.exe, lightning, malware, minidump, newtab, nextlive, problem, programm, realtek, scan, security, software, svchost.exe, symantec, system, virus, vista, winzip malware protector |
