| |
| |||||||
Mülltonne: 2x | 105 Infizierte Objekte, Hauptsächlich PUP.Optional.delta.a/b etc.Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
31.08.2013, 19:39
| #1 |
 |  2x | 105 Infizierte Objekte, Hauptsächlich PUP.Optional.delta.a/b etc. Hallo. Ich habe mit MBAM 105 infizierte Objekte gefunden, weiter mit ADWCleaner, ESET,SecurityCheck,JRT,Combofix und zuletzt einen FRST, FRST Addition log gemacht. Hier sind die Logfiles der richtigen reihenfolge nach geordnet: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.31.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Liane ************ :: LIANE************ [Administrator] Schutz: Aktiviert 31.08.2013 15:43:59 MBAM-log-2013-08-31 (15-55-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218709 Laufzeit: 5 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> 1560 -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> 3388 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 36 HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\d (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 7 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A4D5442492F4D33&affID=119357&tsp=4990 -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0N2P2W1F0Z1S1U1H -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.BabSolution.A) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll) Gut: () -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A4D5442492F4D33&affID=119357&tsp=4990) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 14 C:\Users\Liane ************\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\Delta (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 42 C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\KKw3Pn1R.exe.part (PUP.FakeFlash.Domaiq) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\6F0843CE-BAB0-7891-8D0B-61D4D2AAEE86\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\6F0843CE-BAB0-7891-8D0B-61D4D2AAEE86\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\6F0843CE-BAB0-7891-8D0B-61D4D2AAEE86\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\6F0843CE-BAB0-7891-8D0B-61D4D2AAEE86\Latest\Setup.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\is1242154493\45910169_Setup.EXE (PUP.Optional.LyricsAd) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Local\Temp\is1242154493\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Liane ************\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\Loading.html (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. (Ende) # AdwCleaner v3.001 - Report created 31/08/2013 at 16:39:10 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Liane ************ - LIANE************ # Running from : C:\Users\Liane ************\Desktop\Downloads\Anti Virus\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : APNMCP ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\AskPartnerNetwork Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork Folder Deleted : C:\Program Files (x86)\iMesh Applications Folder Deleted : C:\Users\LIANEH~1\AppData\Local\Temp\apn Folder Deleted : C:\Users\LIANEH~1\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Liane ************\AppData\Roaming\dvdvideosoftiehelpers File Deleted : C:\Users\Liane ************\AppData\Roaming\Mozilla\Firefox\Profiles\krqp4pcz.default\\invalidprefs.js File Deleted : C:\Users\Liane ************\AppData\Roaming\Mozilla\Firefox\Profiles\krqp4pcz.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Key Deleted : HKLM\SOFTWARE\5257da8de76aec44 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AskPartnerNetwork Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker Key Deleted : HKLM\Software\AskPartnerNetwork Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Users\Liane ************\AppData\Roaming\Mozilla\Firefox\Profiles\krqp4pcz.default\prefs.js ] Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.bbDpng", "31"); Line Deleted : user_pref("extensions.delta.cntry", "DE"); Line Deleted : user_pref("extensions.delta.dfltLng", "de"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.hdrMd5", "43DC12C4A90E33F79619EAA2DD43200A"); Line Deleted : user_pref("extensions.delta.id", "9a4dcf050000000000005442492f4d33"); Line Deleted : user_pref("extensions.delta.instlDay", "15947"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.623:12:25"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.sg", "tzb"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.623:12:25"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4990"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&tpid=AVIRA-V7&apn_dbr=ff_23.0&trgb=ALL&[...] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\Liane ************\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : keyword Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [5737 octets] - [31/08/2013 16:37:34] AdwCleaner[S0].txt - [5515 octets] - [31/08/2013 16:39:10] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5575 octets] ########## ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=219037d48724d34aa398a0b50c27242a # engine=14965 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-08-31 04:21:36 # local_time=2013-08-31 06:21:36 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 7143 243389386 0 0 # compatibility_mode=5893 16776574 100 94 68439 129595946 0 0 # scanned=156087 # found=0 # cleaned=0 # scan_time=5355 Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 20 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Liane Hochhalter Desktop Downloads Anti Virus\Programme\SecurityCheck.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.6 (08.30.2013:1) OS: Windows 7 Home Premium x64 Ran by Liane ******** on 31.08.2013 at 19:31:13,48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Liane ********\AppData\Roaming\mozilla\firefox\profiles\krqp4pcz.default\invalidprefs.js Successfully deleted: [File] C:\Users\Liane ********\AppData\Roaming\mozilla\firefox\profiles\krqp4pcz.default\extensions\toolbar_avira-v7@apn.ask.com.xpi Emptied folder: C:\Users\Liane ********\AppData\Roaming\mozilla\firefox\profiles\krqp4pcz.default\minidumps [70 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.08.2013 at 19:39:33,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix 13-08-31.01 - Liane ********** 31.08.2013 20:02:52.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3835.2058 [GMT 2:00] ausgeführt von:: c:\users\Liane **********\Desktop\Downloads\Anti Virus\Programme\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Liane **********\AppData\Roaming\.# . . ((((((((((((((((((((((( Dateien erstellt von 2013-07-28 bis 2013-08-31 )))))))))))))))))))))))))))))) . . 2013-08-31 18:09 . 2013-08-31 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-31 17:30 . 2013-08-31 17:30 -------- d-----w- c:\windows\ERUNT 2013-08-31 14:46 . 2013-08-31 14:46 -------- d-----w- c:\program files (x86)\ESET 2013-08-31 14:37 . 2013-08-31 14:39 -------- d-----w- C:\AdwCleaner 2013-08-31 14:22 . 2013-08-31 14:22 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-08-31 14:16 . 2013-08-31 14:16 -------- d-----w- c:\users\Liane **********\AppData\Roaming\Avira 2013-08-31 14:11 . 2013-07-18 06:02 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-08-31 14:11 . 2013-07-18 06:02 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-08-31 14:11 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-08-31 14:11 . 2013-08-31 14:11 -------- d-----w- c:\programdata\Avira 2013-08-31 14:11 . 2013-08-31 14:11 -------- d-----w- c:\program files (x86)\Avira 2013-08-31 13:41 . 2013-08-31 13:41 -------- d-----w- c:\users\Liane **********\AppData\Roaming\Malwarebytes 2013-08-31 13:41 . 2013-08-31 13:41 -------- d-----w- c:\programdata\Malwarebytes 2013-08-31 13:41 . 2013-08-31 13:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-31 13:41 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-30 21:18 . 2013-08-30 21:18 -------- d-----w- c:\program files\WinRAR 2013-08-30 21:12 . 2013-08-30 21:12 -------- d-----w- c:\users\Liane **********\AppData\Local\avgchrome 2013-08-30 21:11 . 2013-08-30 21:20 -------- d-----w- c:\users\Liane **********\AppData\Roaming\.minecraft 2013-08-30 08:32 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14CCB050-8949-43A1-A8A1-4C7B2CE4D0FF}\mpengine.dll 2013-08-28 19:51 . 2013-08-28 19:51 -------- d-----w- c:\program files (x86)\MSECache 2013-08-27 14:35 . 2013-08-27 14:35 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-08-21 17:49 . 2013-08-21 17:49 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-08-19 14:21 . 2013-08-29 08:27 -------- d-----w- c:\users\Liane **********\AppData\Roaming\vlc 2013-08-19 14:20 . 2013-08-19 14:20 -------- d-----w- c:\program files (x86)\VideoLAN 2013-08-19 11:00 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-19 11:00 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-19 11:00 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-19 11:00 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-19 11:00 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-19 11:00 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-19 11:00 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-19 11:00 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-08-18 12:56 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-18 12:56 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-08-18 12:56 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-18 12:56 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-08-18 12:55 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-18 12:55 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-08-18 12:55 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-18 12:55 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-16 23:25 . 2013-08-16 23:25 -------- d-----w- C:\found.000 2013-08-14 01:51 . 2013-08-19 10:58 -------- d-----w- c:\windows\system32\MRT 2013-08-09 21:38 . 2013-05-02 00:06 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-07 20:43 . 2013-08-07 20:43 -------- d-----w- c:\users\Liane **********\AppData\Local\Diagnostics . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 17:49 . 2013-03-30 22:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 17:49 . 2013-03-30 22:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-19 10:54 . 2013-03-30 03:44 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-28 16:27 . 2013-07-28 16:27 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-07-28 16:27 . 2013-07-28 16:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-07-28 16:27 . 2013-07-28 16:27 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-06-18 06:43 . 2013-06-18 06:43 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-06-18 06:43 . 2013-06-18 06:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-18 06:43 . 2013-06-18 06:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-18 06:43 . 2013-06-18 06:43 81408 ----a-w- c:\windows\system32\icardie.dll 2013-06-18 06:43 . 2013-06-18 06:43 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-06-18 06:43 . 2013-06-18 06:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-06-18 06:43 . 2013-06-18 06:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-06-18 06:43 . 2013-06-18 06:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-06-18 06:43 . 2013-06-18 06:43 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-06-18 06:43 . 2013-06-18 06:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-06-18 06:43 . 2013-06-18 06:43 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-06-18 06:43 . 2013-06-18 06:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-06-18 06:43 . 2013-06-18 06:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-06-18 06:43 . 2013-06-18 06:43 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-06-18 06:43 . 2013-06-18 06:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-06-18 06:43 . 2013-06-18 06:43 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-18 06:43 . 2013-06-18 06:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-06-18 06:43 . 2013-06-18 06:43 441856 ----a-w- c:\windows\system32\html.iec 2013-06-18 06:43 . 2013-06-18 06:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-06-18 06:43 . 2013-06-18 06:43 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-06-18 06:43 . 2013-06-18 06:43 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-06-18 06:43 . 2013-06-18 06:43 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-18 06:43 . 2013-06-18 06:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-06-18 06:43 . 2013-06-18 06:43 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-06-18 06:43 . 2013-06-18 06:43 235008 ----a-w- c:\windows\system32\url.dll 2013-06-18 06:43 . 2013-06-18 06:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-06-18 06:43 . 2013-06-18 06:43 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-06-18 06:43 . 2013-06-18 06:43 216064 ----a-w- c:\windows\system32\msls31.dll 2013-06-18 06:43 . 2013-06-18 06:43 197120 ----a-w- c:\windows\system32\msrating.dll 2013-06-18 06:43 . 2013-06-18 06:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-06-18 06:43 . 2013-06-18 06:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-18 06:43 . 2013-06-18 06:43 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-06-18 06:43 . 2013-06-18 06:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-06-18 06:43 . 2013-06-18 06:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-18 06:43 . 2013-06-18 06:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-06-18 06:43 . 2013-06-18 06:43 149504 ----a-w- c:\windows\system32\occache.dll 2013-06-18 06:43 . 2013-06-18 06:43 144896 ----a-w- c:\windows\system32\wextract.exe 2013-06-18 06:43 . 2013-06-18 06:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-06-18 06:43 . 2013-06-18 06:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-06-18 06:43 . 2013-06-18 06:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-06-18 06:43 . 2013-06-18 06:43 13824 ----a-w- c:\windows\system32\mshta.exe 2013-06-18 06:43 . 2013-06-18 06:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-06-18 06:43 . 2013-06-18 06:43 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-06-18 06:43 . 2013-06-18 06:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-18 06:43 . 2013-06-18 06:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-06-18 06:43 . 2013-06-18 06:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-06-18 06:43 . 2013-06-18 06:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-06-18 06:43 . 2013-06-18 06:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-18 06:43 . 2013-06-18 06:43 102912 ----a-w- c:\windows\system32\inseng.dll 2013-06-18 06:41 . 2013-06-18 06:41 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-06-18 06:41 . 2013-06-18 06:41 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-06-18 06:41 . 2013-06-18 06:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-06-18 06:41 . 2013-06-18 06:41 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-06-18 06:41 . 2013-06-18 06:41 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-06-18 06:41 . 2013-06-18 06:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-06-18 06:41 . 2013-06-18 06:41 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-06-18 06:41 . 2013-06-18 06:41 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-06-18 06:41 . 2013-06-18 06:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-06-18 06:41 . 2013-06-18 06:41 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-06-18 06:41 . 2013-06-18 06:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-06-18 06:41 . 2013-06-18 06:41 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-06-18 06:41 . 2013-06-18 06:41 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-06-18 06:41 . 2013-06-18 06:41 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-06-18 06:41 . 2013-06-18 06:41 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 06:41 . 2013-06-18 06:41 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-06-18 06:41 . 2013-06-18 06:41 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-06-18 06:41 . 2013-06-18 06:41 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-06-18 06:41 . 2013-06-18 06:41 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-06-18 06:41 . 2013-06-18 06:41 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-06-18 06:41 . 2013-06-18 06:41 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-06-18 06:41 . 2013-06-18 06:41 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-06-18 06:41 . 2013-06-18 06:41 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-06-18 06:41 . 2013-06-18 06:41 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-06-18 06:41 . 2013-06-18 06:41 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-06-18 06:41 . 2013-06-18 06:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-06-18 06:41 . 2013-06-18 06:41 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-06-18 06:41 . 2013-06-18 06:41 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-06-18 06:41 . 2013-06-18 06:41 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-06-18 06:41 . 2013-06-18 06:41 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Facebook Update"="c:\users\Liane **********\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-31 138096] "Spotify Web Helper"="c:\users\Liane **********\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-08 1104384] "Spotify"="c:\users\Liane **********\AppData\Roaming\Spotify\spotify.exe" [2013-07-08 4640768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x] R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-31 09:18 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-30 17:49] . 2013-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1665989420-3198687518-47467325-1000Core.job - c:\users\Liane **********\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 16:40] . 2013-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1665989420-3198687518-47467325-1000UA.job - c:\users\Liane **********\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 16:40] . 2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 21:40] . 2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 21:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Liane **********\AppData\Roaming\Mozilla\Firefox\Profiles\krqp4pcz.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-08-31 20:12:48 ComboFix-quarantined-files.txt 2013-08-31 18:12 . Vor Suchlauf: 11 Verzeichnis(se), 419.506.069.504 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 419.813.871.616 Bytes frei . - - End Of File - - 88FF6F05FAC4BBA79C56CC21FADCCC17 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04 Ran by Liane *********** (administrator) on LIANE*********** on 31-08-2013 20:14:51 Running from C:\Users\Liane ***********\Desktop\Downloads\Anti Virus\Programme Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-17] (Alps Electric Co., Ltd.) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [Facebook Update] - C:\Users\Liane ***********\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-31] (Facebook Inc.) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Liane ***********\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-08] (Spotify Ltd) HKCU\...\Run: [Spotify] - C:\Users\Liane ***********\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-08] (Spotify Ltd) HKCU\...\Policies\Explorer: [NoDrives] 0 HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {207F441C-0E00-4153-B563-72F4738EB44D} URL = hxxp://de.shopping.com/?linkin_id=8056363 SearchScopes: HKCU - {49ECDDAD-712E-4A62-8F78-A317EEAE94C5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {DB026624-3027-44A7-86E1-E095A217FF5B} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Liane ***********\AppData\Roaming\Mozilla\Firefox\Profiles\krqp4pcz.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Liane ***********\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Delta Search) - hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9A4D5442492F4D33&affID=119357&tsp=4990 CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Liane ***********\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\LIANEH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0 CHR Extension: (dict-cc) - C:\Users\LIANEH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.88_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\LIANEH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [168448 2009-12-22] (Sony of America Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 20:12 - 2013-08-31 20:12 - 00031001 _____ C:\ComboFix.txt 2013-08-31 20:00 - 2013-08-31 20:12 - 00000000 ____D C:\Qoobox 2013-08-31 20:00 - 2013-08-31 20:11 - 00000000 ____D C:\Windows\erdnt 2013-08-31 20:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-31 20:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-31 20:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-31 20:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-31 20:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-31 20:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-31 20:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-31 20:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-31 19:30 - 2013-08-31 19:30 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 16:46 - 2013-08-31 16:46 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-31 16:37 - 2013-08-31 16:39 - 00000000 ____D C:\AdwCleaner 2013-08-31 16:22 - 2013-08-31 16:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-31 16:16 - 2013-08-31 16:16 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Avira 2013-08-31 16:11 - 2013-08-31 16:11 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-31 16:11 - 2013-08-31 16:11 - 00000000 ____D C:\ProgramData\Avira 2013-08-31 16:11 - 2013-08-31 16:11 - 00000000 ____D C:\Program Files (x86)\Avira 2013-08-31 16:11 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-31 16:11 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-31 16:11 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-08-31 16:04 - 2013-08-31 16:05 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-08-31 16:04 - 2013-08-31 16:04 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-31 15:44 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Liane ***********\Downloads\Anti Virus 2013-08-31 15:41 - 2013-08-31 15:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Malwarebytes 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 15:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\WinRAR 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Program Files\WinRAR 2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\avgchrome 2013-08-30 23:11 - 2013-08-30 23:20 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\.minecraft 2013-08-28 21:51 - 2013-08-28 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-08-27 19:28 - 2013-08-27 19:36 - 00000000 ____D C:\Users\Liane ***********\Downloads\fb 2013-08-21 19:49 - 2013-08-21 19:49 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-19 16:21 - 2013-08-29 10:27 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\vlc 2013-08-19 16:20 - 2013-08-19 16:20 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-19 16:20 - 2013-08-19 16:20 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-08-19 13:00 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-19 13:00 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-19 13:00 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-19 13:00 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-19 13:00 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-19 13:00 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-19 13:00 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-19 13:00 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-18 16:13 - 2013-08-30 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-18 14:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-18 14:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-18 14:56 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-18 14:56 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-18 14:55 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-18 14:55 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-18 14:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-18 14:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-18 14:53 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-18 14:53 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-18 14:53 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-18 14:53 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-18 14:53 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-18 14:53 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-18 14:53 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-18 14:53 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-18 14:53 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-18 14:53 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-18 14:53 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-18 14:53 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-18 14:53 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-18 14:53 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-18 01:14 - 2013-08-18 14:38 - 00000000 ____D C:\Users\Liane ***********\Documents\Notes 2013-08-17 01:25 - 2013-08-17 01:25 - 00000000 ____D C:\found.000 2013-08-14 03:51 - 2013-08-19 12:58 - 00000000 ____D C:\Windows\system32\MRT 2013-08-09 23:38 - 2013-05-02 02:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= 2013-08-31 20:14 - 2013-08-31 20:14 - 00000000 ____D C:\FRST 2013-08-31 20:12 - 2013-08-31 20:12 - 00031001 _____ C:\ComboFix.txt 2013-08-31 20:12 - 2013-08-31 20:00 - 00000000 ____D C:\Qoobox 2013-08-31 20:12 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-08-31 20:11 - 2013-08-31 20:00 - 00000000 ____D C:\Windows\erdnt 2013-08-31 20:09 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-08-31 20:06 - 2013-03-29 23:23 - 01299667 _____ C:\Windows\WindowsUpdate.log 2013-08-31 19:49 - 2013-03-31 00:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-31 19:30 - 2013-08-31 19:30 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 19:18 - 2013-03-29 23:40 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-31 17:46 - 2013-03-31 18:41 - 00000972 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1665989420-3198687518-47467325-1000UA.job 2013-08-31 16:48 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-31 16:48 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-31 16:46 - 2013-08-31 16:46 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-31 16:46 - 2013-03-29 23:18 - 00654680 _____ C:\Windows\system32\perfh007.dat 2013-08-31 16:46 - 2013-03-29 23:18 - 00130262 _____ C:\Windows\system32\perfc007.dat 2013-08-31 16:46 - 2009-07-14 07:13 - 01500018 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 16:42 - 2013-03-30 21:23 - 00000000 ____D C:\Update 2013-08-31 16:41 - 2013-03-29 23:40 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-31 16:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-31 16:41 - 2009-07-14 06:51 - 00055407 _____ C:\Windows\setupact.log 2013-08-31 16:40 - 2013-03-30 00:06 - 00135592 _____ C:\Windows\PFRO.log 2013-08-31 16:39 - 2013-08-31 16:37 - 00000000 ____D C:\AdwCleaner 2013-08-31 16:28 - 2013-03-29 23:28 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-08-31 16:22 - 2013-08-31 16:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-31 16:16 - 2013-08-31 16:16 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Avira 2013-08-31 16:11 - 2013-08-31 16:11 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-31 16:11 - 2013-08-31 16:11 - 00000000 ____D C:\ProgramData\Avira 2013-08-31 16:11 - 2013-08-31 16:11 - 00000000 ____D C:\Program Files (x86)\Avira 2013-08-31 16:05 - 2013-08-31 16:04 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-08-31 16:04 - 2013-08-31 16:04 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-31 16:04 - 2013-03-29 23:39 - 00000000 ____D C:\ProgramData\Adobe 2013-08-31 16:03 - 2013-04-15 02:14 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\Adobe 2013-08-31 16:00 - 2013-03-29 23:40 - 00000000 ____D C:\Program Files\Google 2013-08-31 16:00 - 2013-03-29 23:40 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-31 15:57 - 2013-08-31 15:44 - 00000000 ____D C:\Users\Liane ***********\Downloads\Anti Virus 2013-08-31 15:48 - 2013-03-30 02:16 - 00000000 ___RD C:\Users\Liane ***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-31 15:46 - 2013-03-30 02:21 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\Google 2013-08-31 15:41 - 2013-08-31 15:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Malwarebytes 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 15:41 - 2013-08-31 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 15:31 - 2013-03-30 02:20 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9D7F7FB-06CE-4596-A6F4-D0662B2A304D} 2013-08-31 11:46 - 2013-03-31 18:41 - 00000950 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1665989420-3198687518-47467325-1000Core.job 2013-08-30 23:20 - 2013-08-30 23:11 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\.minecraft 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\WinRAR 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-30 23:18 - 2013-08-30 23:18 - 00000000 ____D C:\Program Files\WinRAR 2013-08-30 23:12 - 2013-08-30 23:12 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\avgchrome 2013-08-30 23:11 - 2013-08-18 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-30 12:13 - 2013-07-10 19:05 - 00000000 ____D C:\Users\Liane ***********\Desktop\Neuer Ordner 2013-08-30 10:26 - 2009-07-14 06:45 - 00301536 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-29 19:52 - 2013-07-29 13:20 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\SoftGrid Client 2013-08-29 11:10 - 2013-07-29 13:47 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\click.to 2013-08-29 10:27 - 2013-08-19 16:21 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\vlc 2013-08-28 21:52 - 2013-03-30 02:13 - 00066104 _____ C:\Users\LIANEH~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-28 21:51 - 2013-08-28 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-08-28 21:39 - 2013-03-30 02:13 - 00000000 ____D C:\Users\Liane *********** 2013-08-27 19:41 - 2013-03-31 00:32 - 00000000 ____D C:\Users\Liane ***********\Bilder 1 2013-08-27 19:36 - 2013-08-27 19:28 - 00000000 ____D C:\Users\Liane ***********\Downloads\fb 2013-08-25 16:11 - 2013-04-08 03:06 - 00005120 _____ C:\Users\LIANEH~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-21 19:49 - 2013-08-21 19:49 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-21 19:49 - 2013-03-31 00:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 19:49 - 2013-03-31 00:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 19:49 - 2013-03-31 00:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 19:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-19 21:11 - 2013-03-31 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 16:20 - 2013-08-19 16:20 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-19 16:20 - 2013-08-19 16:20 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-08-19 12:58 - 2013-08-14 03:51 - 00000000 ____D C:\Windows\system32\MRT 2013-08-19 12:54 - 2013-03-30 05:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-18 14:47 - 2013-03-31 18:51 - 00000000 ____D C:\Users\LIANEH~1\AppData\Local\Spotify 2013-08-18 14:47 - 2013-03-31 18:51 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Spotify 2013-08-18 14:38 - 2013-08-18 01:14 - 00000000 ____D C:\Users\Liane ***********\Documents\Notes 2013-08-18 14:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-18 14:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2013-08-18 14:38 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-17 01:25 - 2013-08-17 01:25 - 00000000 ____D C:\found.000 2013-08-13 09:28 - 2009-07-14 07:08 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-10 10:24 - 2013-03-29 23:41 - 00000000 ____D C:\ProgramData\McAfee 2013-08-09 12:51 - 2013-06-17 21:32 - 00000000 ____D C:\Users\Liane ***********\Desktop\bla 2013-08-09 01:36 - 2013-06-30 23:40 - 00000588 ____H C:\Users\Liane ***********\Downloads\.picasa.ini 2013-08-07 22:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-07 21:05 - 2013-03-30 02:13 - 00000000 ____D C:\Users\Liane ***********\AppData\Roaming\Sony Corporation 2013-08-07 18:54 - 2013-07-01 08:02 - 00000000 ____D C:\Users\Liane ***********\Downloads\zeug ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 00:17 ==================== End Of Log ============================ |
| Themen zu 2x | 105 Infizierte Objekte, Hauptsächlich PUP.Optional.delta.a/b etc. |
| adobe, appdatalow, avg, avira searchfree toolbar, bonjour, combofix, delta chrome toolbar, desktop, downloader, explorer, farbar, farbar recovery scan tool, flash player, helper, home, iexplore.exe, infizierte, install.exe, maleware, mozilla, mp3, nodrives, phishing, plug-in, preferences, realtek, registry, server, services.exe, siteadvisor, software, spotify web helper, svchost.exe, temp, updates, virus |
Baum-Darstellung