Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner - Bundesamt für Informationstechnik

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.11.2013, 11:05   #1
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Hallo zusammen,

ich habe mir leider ein Problem auf meinem Laptop eingefangen und zwar eine Zahlungsaufforderung seitens des sog. Bundesamt für Sicherhheit und Informationstechnologie.

Dank Google bin ich zumindest zu der Erkenntnis gekommen, dass es sich dabei um einen Trojaner handelt...

Der Laptop funktioniert aktuell noch und die Aufforderung ist nur einmal eingeblendet worden. Danach habe ich den Rechner vom Strom genommen und neu gestartet, was auch funktioniert habe. Habe dann mein Virenprogramm (Avira freeware) durchlaufen lassen (was leider vorher nicht up to date war), das hat aber nicht wirklich was gefunden. Malwarebytes war erfolgreicher, aber wenn ich es im Internet richtig gelesen habe, dann reicht das voraussichtlich nicht aus.

Wäre total nett, wenn mir jemand helfen könnte, da ich leider nicht wirklich viel Ahnung von Computern habe...

Besten Dank vorab!!

Mario


P.S.: Ich habe Windows Vista auf dem Laptop.

Alt 04.11.2013, 11:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.11.2013, 22:26   #3
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Hi Cosinus,

vielen Dank fuer deine Hilfe. Mir ist leider aufgefallen, dass Malwarebytes nicht mehr auf meinem Rechner ist (haben mehrere Zugriff drauf...) und bei Avira lief der Scan leider auch nicht durch.

Hier aber zumindest die FRST Dateien:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Caroline (administrator) on CAROLINE-PC on 04-11-2013 23:15:32
Running from C:\Users\Caroline\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Creative Technology Ltd.) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\System32\WLTRAY.EXE [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nike+ Connect] - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442433 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [DellSystemDetect] - C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-07-08] ()
HKCU\...\Runonce: [Del617295] - cmd.exe /Q /D /c del "C:\Users\Caroline\AppData\Local\Temp\0.del"
MountPoints2: {2f571c2e-0e4a-11de-905d-002219d91f94} - F:\LaunchU3.exe -a
MountPoints2: {419036e7-c0d5-11dd-9ac6-002219d91f94} - F:\Autorun\ShelExec.exe SBSuite.html
MountPoints2: {85ad5743-0d83-11de-9e6c-002219d91f94} - F:\Autorun\ShelExec.exe SBSuite.html
MountPoints2: {ceaef9d7-0eb0-11de-96b4-002219d91f94} - F:\AutoRun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2081125
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://webexevents.webex.com/client/T26L/event/ieatgpc1.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 50 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F27E59BC-D9B4-42E2-A836-6A29690222CA}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default
FF user.js: detected! => C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Caroline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: United States English Spellchecker - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: toolbar_AVIRA-V7 - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [73728 2008-07-17] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-11-25] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-24] (Stardock Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [221239 2008-07-17] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-09-22] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-10-08] (The OpenVPN Project)
S3 Inspect; system32\DRIVERS\inspect.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCDSRVC{5B8A2B68-04D6B966-06020200}_0; \??\c:\program files\my dell\pcdsrvc.pkms [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 23:15 - 2013-11-04 23:15 - 00000000 ____D C:\FRST
2013-11-04 23:14 - 2013-11-04 23:14 - 01089445 _____ (Farbar) C:\Users\Caroline\Desktop\FRST.exe
2013-11-04 23:11 - 2013-11-04 23:11 - 00000905 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-11-04 23:07 - 2013-11-04 23:07 - 00752096 _____ C:\Users\Caroline\Desktop\ZipExtractorSetup.exe
2013-11-04 22:57 - 2013-11-04 23:11 - 00000304 _____ C:\Windows\Tasks\DigitalSite.job
2013-11-04 22:57 - 2013-11-04 22:57 - 00000000 ____D C:\Program Files\OpenIt
2013-11-04 22:56 - 2013-11-04 22:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\DigitalSite
2013-11-03 16:56 - 2013-11-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Avira
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-11-03 16:52 - 2013-11-03 16:52 - 00000000 ____D C:\ProgramData\APN
2013-11-03 16:49 - 2013-11-03 16:49 - 00001849 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\Program Files\Avira
2013-11-03 16:49 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-11-03 16:01 - 2013-11-03 16:47 - 123650800 _____ C:\Users\Caroline\Desktop\avira_free_antivirus_en.exe
2013-11-02 20:57 - 2013-11-02 20:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-02 20:36 - 2013-11-02 20:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-02 20:35 - 2013-11-02 20:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 15:01 - 2013-11-02 15:01 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Malwarebytes
2013-11-02 14:56 - 2013-11-02 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 11:04 - 2013-11-02 11:04 - 104569497 _____ C:\Windows\system32\盱﫞ဴŽ
2013-10-30 17:51 - 2013-10-30 17:51 - 00000000 ____D C:\Users\Caroline\Privates
2013-10-24 06:53 - 2013-10-24 07:17 - 00000000 ____D C:\Users\Caroline\Desktop\Entspannung
2013-10-22 20:08 - 2013-10-22 20:08 - 00000000 ____D C:\Users\Caroline\Documents\Optimizer Pro
2013-10-19 12:17 - 2013-10-19 12:17 - 01923290 _____ C:\Users\Caroline\Downloads\cdex_151.zip
2013-10-19 12:17 - 2013-10-19 12:17 - 00000000 ____D C:\Users\Caroline\Downloads\cdex_151
2013-10-17 12:15 - 2013-10-17 12:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 12:14 - 2013-10-17 12:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-13 20:20 - 2013-10-13 20:28 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Roxio
2013-10-13 20:00 - 2013-11-03 16:39 - 00000000 ____D C:\ProgramData\Roxio
2013-10-13 19:54 - 2007-01-18 09:24 - 00026496 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial.sys
2013-10-10 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 06:20 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 06:20 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 06:20 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 06:20 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 06:20 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 06:20 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 06:20 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 06:20 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 06:20 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 06:20 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 06:20 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 06:20 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 06:20 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 06:20 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 06:20 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 06:20 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 06:20 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 06:20 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 06:20 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 06:38 - 2013-10-08 06:38 - 00000000 ____D C:\Users\Caroline\Desktop\Caro-Blackberry

==================== One Month Modified Files and Folders =======

2013-11-04 23:15 - 2013-11-04 23:15 - 00000000 ____D C:\FRST
2013-11-04 23:14 - 2013-11-04 23:14 - 01089445 _____ (Farbar) C:\Users\Caroline\Desktop\FRST.exe
2013-11-04 23:12 - 2013-03-23 14:41 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-04 23:11 - 2013-11-04 23:11 - 00000905 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-11-04 23:11 - 2013-11-04 22:57 - 00000304 _____ C:\Windows\Tasks\DigitalSite.job
2013-11-04 23:07 - 2013-11-04 23:07 - 00752096 _____ C:\Users\Caroline\Desktop\ZipExtractorSetup.exe
2013-11-04 23:01 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 23:01 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 22:57 - 2013-11-04 22:57 - 00000000 ____D C:\Program Files\OpenIt
2013-11-04 22:56 - 2013-11-04 22:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\DigitalSite
2013-11-04 22:55 - 2008-11-25 15:58 - 01513938 _____ C:\Windows\WindowsUpdate.log
2013-11-04 22:53 - 2006-11-02 11:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 22:47 - 2013-03-23 14:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 22:47 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 22:47 - 2008-11-25 22:20 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-03 22:47 - 2006-11-02 14:01 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-03 22:30 - 2013-03-24 09:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-03 21:45 - 2011-07-07 20:30 - 00001150 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000UA.job
2013-11-03 21:45 - 2011-07-07 20:30 - 00001128 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000Core.job
2013-11-03 19:29 - 2008-01-21 03:47 - 00435768 _____ C:\Windows\PFRO.log
2013-11-03 17:24 - 2008-12-03 00:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\Google
2013-11-03 17:03 - 2008-11-25 22:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-03 17:03 - 2008-11-25 22:15 - 00000000 ____D C:\Program Files\Creative
2013-11-03 17:00 - 2008-12-03 01:33 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Mozilla
2013-11-03 16:56 - 2013-11-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Avira
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-11-03 16:52 - 2013-11-03 16:52 - 00000000 ____D C:\ProgramData\APN
2013-11-03 16:49 - 2013-11-03 16:49 - 00001849 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\Program Files\Avira
2013-11-03 16:47 - 2013-11-03 16:01 - 123650800 _____ C:\Users\Caroline\Desktop\avira_free_antivirus_en.exe
2013-11-03 16:44 - 2008-12-03 00:19 - 00106600 _____ C:\Users\Caroline\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-03 16:43 - 2006-11-02 13:47 - 00395504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-03 16:39 - 2013-10-13 20:00 - 00000000 ____D C:\ProgramData\Roxio
2013-11-03 16:39 - 2008-11-25 22:36 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-11-03 16:39 - 2008-11-25 22:36 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-03 16:39 - 2008-11-25 22:34 - 00000000 ____D C:\Program Files\Roxio
2013-11-03 16:39 - 2008-11-25 22:34 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-11-02 23:19 - 2013-09-20 12:55 - 00000000 ____D C:\Users\Caroline\Desktop\Bestecke
2013-11-02 20:57 - 2013-11-02 20:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-02 20:57 - 2013-11-02 20:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 20:36 - 2013-11-02 20:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-02 15:01 - 2013-11-02 15:01 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Malwarebytes
2013-11-02 14:56 - 2013-11-02 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 11:04 - 2013-11-02 11:04 - 104569497 _____ C:\Windows\system32\盱﫞ဴŽ
2013-10-30 18:10 - 2006-11-02 13:52 - 00204783 _____ C:\Windows\setupact.log
2013-10-30 17:51 - 2013-10-30 17:51 - 00000000 ____D C:\Users\Caroline\Privates
2013-10-30 17:51 - 2008-12-03 00:18 - 00000000 ____D C:\Users\Caroline
2013-10-30 17:39 - 2008-11-25 22:26 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 21:12 - 2008-12-03 01:23 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Adobe
2013-10-26 19:41 - 2011-01-24 21:47 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc
2013-10-26 19:11 - 2008-12-03 00:19 - 00001356 _____ C:\Users\Caroline\AppData\Local\d3d9caps.dat
2013-10-24 07:17 - 2013-10-24 06:53 - 00000000 ____D C:\Users\Caroline\Desktop\Entspannung
2013-10-23 20:16 - 2013-10-04 16:57 - 00011008 _____ C:\Users\Caroline\Desktop\WP Mario.xlsx
2013-10-22 20:08 - 2013-10-22 20:08 - 00000000 ____D C:\Users\Caroline\Documents\Optimizer Pro
2013-10-22 15:38 - 2008-12-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Local\Adobe
2013-10-22 15:36 - 2010-12-20 10:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-22 15:36 - 2008-11-25 22:26 - 00000000 ____D C:\Program Files\Adobe
2013-10-19 12:17 - 2013-10-19 12:17 - 01923290 _____ C:\Users\Caroline\Downloads\cdex_151.zip
2013-10-19 12:17 - 2013-10-19 12:17 - 00000000 ____D C:\Users\Caroline\Downloads\cdex_151
2013-10-17 12:15 - 2013-10-17 12:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 12:15 - 2008-11-25 22:14 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-17 12:14 - 2013-10-17 12:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-17 12:12 - 2013-08-22 20:30 - 00915368 _____ (Oracle Corporation) C:\Users\Caroline\Downloads\jxpiinstall.exe
2013-10-13 20:28 - 2013-10-13 20:20 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Roxio
2013-10-13 19:55 - 2008-11-25 22:14 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-12 16:09 - 2013-07-08 08:06 - 00000000 ____D C:\Users\Caroline\AppData\Local\Deployment
2013-10-10 19:14 - 2013-11-03 16:49 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-10-10 03:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 02:29 - 2008-12-09 00:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 02:24 - 2013-08-17 09:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:19 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-08 19:30 - 2013-03-24 09:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 19:30 - 2011-11-07 18:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 06:38 - 2013-10-08 06:38 - 00000000 ____D C:\Users\Caroline\Desktop\Caro-Blackberry

Files to move or delete:
====================
C:\Users\Caroline\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\app.exe
C:\Users\Caroline\AppData\Local\Temp\AskSLib.dll
C:\Users\Caroline\AppData\Local\Temp\avgnt.exe
C:\Users\Caroline\AppData\Local\Temp\d-kee-so.dll
C:\Users\Caroline\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\ose00000.exe
C:\Users\Caroline\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Caroline\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Caroline\AppData\Local\Temp\temp0NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp1NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp2NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp3NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp4NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\_is12B5.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 22:55

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Caroline at 2013-11-04 23:17:13
Running from C:\Users\Caroline\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.6.0.19140)
Adobe Download Assistant (Version: 1.0.1)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Advanced Audio FX Engine
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.008.0703.2235)
Avira Free Antivirus (Version: 14.0.0.411)
Avira SearchFree Toolbar (Version: 12.6.0.1898)
Banctec Service Agreement (Version: 2.0.0)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
BTS - Mobi (Version: 2.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Full Existing (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Full New (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Light (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Previews Common (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0703.2236.38526)
Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Danish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Dutch (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Finnish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization French (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization German (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Italian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Japanese (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Korean (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Norwegian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Portuguese (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Russian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Spanish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Swedish (Version: 2008.0703.2236.38526)
CCC Help Chinese Standard (Version: 2008.0703.2235.38526)
CCC Help Chinese Traditional (Version: 2008.0703.2235.38526)
CCC Help Danish (Version: 2008.0703.2235.38526)
CCC Help Dutch (Version: 2008.0703.2235.38526)
CCC Help English (Version: 2008.0703.2235.38526)
CCC Help Finnish (Version: 2008.0703.2235.38526)
CCC Help French (Version: 2008.0703.2235.38526)
CCC Help German (Version: 2008.0703.2235.38526)
CCC Help Italian (Version: 2008.0703.2235.38526)
CCC Help Japanese (Version: 2008.0703.2235.38526)
CCC Help Korean (Version: 2008.0703.2235.38526)
CCC Help Norwegian (Version: 2008.0703.2235.38526)
CCC Help Portuguese (Version: 2008.0703.2235.38526)
CCC Help Russian (Version: 2008.0703.2235.38526)
CCC Help Spanish (Version: 2008.0703.2235.38526)
CCC Help Swedish (Version: 2008.0703.2235.38526)
ccc-core-static (Version: 2008.0703.2236.38526)
ccc-utility (Version: 2008.0703.2236.38526)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
Compaq Array Visualizer 1.5
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Creative MediaSource 5 (Version: 5.00)
Dell DataSafe Online (Version: 1.1.0019)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell System Detect (HKCU Version: 5.3.1.5)
Dell System Detect Bootstrapper (HKCU Version: 1.1.0.15)
Dell Touchpad (Version: 7.2.101.209)
Dell Video Chat (remove only) (Version: 6.0 (6551))
Dell Webcam Central
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
EDocs
EndNote X2 (Version: 12.0.0.3252)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.165)
GoToAssist 8.0.0.514
HitmanPro 3.7 (Version: 3.7.8.208)
iCloud (Version: 2.1.2.8)
Integrated Webcam Driver (1.03.02.0919)  
ISI ResearchSoft - Export Helper
ITECIR Driver (Version: 1.00.000)
iTunes (Version: 11.0.5.5)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
MATLAB R2007b (Version: 7.5)
MediaDirect (Version: 4.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MinGW-CMake
Monolix
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.4.6308.28)
Nike+ Connect (HKCU Version: 5.2.8)
Nike+ Connect (Version: 5.3.8)
Open It! (Version: 1.1.1)
PDx-Pop Version 2.1a (Version: 1.0.0.0)
PK-Sim Version 4_2 (Version: 4.2.2)
QuickSet (Version: 9.2.6)
QuickTime (Version: 7.74.80.86)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
SHARP PCL6 T1 Printer Driver (Version: 1.00.000)
SigmaPlot 11.0 (Version: 11.0)
Skins (Version: 2008.0703.2236.38526)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steuersparer 2013 (Version: 20.00.8137)
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Zip Extractor
Visual Fortran 6.5
VLC media player 2.1.0 (Version: 2.1.0)
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
WiTopia.Net personalVPN-v1.7 (Version: personalVPN-v1.7)

==================== Restore Points  =========================

23-10-2013 18:14:12 Scheduled Checkpoint
24-10-2013 18:34:40 Scheduled Checkpoint
26-10-2013 12:57:26 Scheduled Checkpoint
28-10-2013 20:32:53 Scheduled Checkpoint
29-10-2013 19:05:03 Scheduled Checkpoint
30-10-2013 18:25:43 Scheduled Checkpoint
02-11-2013 13:45:57 Windows Update
03-11-2013 15:31:35 Removed Roxio Media Manager
03-11-2013 15:58:46 Removed Google Talk Plugin
03-11-2013 16:02:37 Removed Live! Cam Avatar Creator

==================== Hosts content: ==========================

2006-11-02 11:23 - 2010-02-22 20:17 - 00380176 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1A94F7F3-4B1A-4F97-8CDC-9A68E409FA5A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34F0973D-17C9-45DC-B67E-1EE002D0F9AA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000UA => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FB5E74D-8BBC-4422-9534-EA70D2944CC0} - System32\Tasks\{60B6F4C6-6C32-4718-8000-6B8EA37E870D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.0.0.156/en/go/help.faq.installer?LastError=1618
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {679438EC-6E90-48F4-8EDA-DE2D81761C17} - System32\Tasks\DigitalSite => C:\Users\Caroline\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {923D0C08-F26B-4FE5-A6FF-E8F7858E7373} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {93D7B0AB-B682-4402-AD75-FC1013A0DA86} - System32\Tasks\PCMService.exe_1534010583 => C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14] (CyberLink Corp.)
Task: {9B960CAB-2CA1-4A93-B4F0-A858604ECE89} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000Core => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {A71CB7FD-64F5-40C4-B2EE-D3ADC7790AEF} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {BA6846BE-6DBD-4126-B65B-D50D1698026F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {BEFF4EEB-55DF-40F4-9FC3-0B22517CD154} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {BF3A3FE1-8E1F-4580-A9C2-D90BCF734E23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FB55BE88-7EC5-4F83-8AF1-3CEFFE0E2E5B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Caroline\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000Core.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000UA.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-11-25 23:52 - 2008-07-18 11:27 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-06-05 22:19 - 2008-06-05 22:19 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-06-17 07:42 - 2008-11-17 06:29 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-18 15:16 - 2013-09-18 15:16 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-17 12:14 - 2013-10-17 12:14 - 00016808 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
2008-11-25 22:23 - 2008-11-25 22:23 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2013-10-08 19:30 - 2013-10-08 19:30 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2013 10:48:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 10:25:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 10:01:24 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/03/2013 07:33:55 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(68:09:27:05:83:55@fe80::6a09:27ff:fe05:8355._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/03/2013 07:31:41 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 32

Error: (11/03/2013 07:31:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 05:02:35 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {50dcb326-c7cf-448a-a299-e35c6af995fb}

Error: (11/03/2013 04:45:14 PM) (Source: Application Error) (User: )
Description: Faulting application WebcamDell.exe, version 1.1.3.0, time stamp 0x4844f8d0, faulting module WebcamDell.exe, version 1.1.3.0, time stamp 0x4844f8d0, exception code 0xc0000005, fault offset 0x0000879e,
process id 0xcc8, application start time 0xWebcamDell.exe0.

Error: (11/03/2013 04:44:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 04:11:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/12/2009 08:05:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/14/2009 01:09:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14890 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-02 19:10:03.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:10:03.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:10:02.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:10:02.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:10:02.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:10:01.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:09:51.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:09:51.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:09:51.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 19:09:50.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3066.13 MB
Available physical RAM: 1492.78 MB
Total Pagefile: 6340.51 MB
Available Pagefile: 4268.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.29 GB) (Free:71.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 05.11.2013, 09:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.11.2013, 18:58   #5
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Hi,

hab es mehrfach durchlaufen lassen. Wurde nichts gefunden. Hier die Datei:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.06.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caroline :: CAROLINE-PC [administrator]

06.11.2013 08:26:40
mbar-log-2013-11-06 (08-26-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 240173
Time elapsed: 30 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 06.11.2013, 20:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Trojaner - Bundesamt für Informationstechnik

Alt 06.11.2013, 21:39   #7
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Code:
ATTFilter
# AdwCleaner v3.011 - Report created 06/11/2013 at 22:12:45
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Caroline - CAROLINE-PC
# Running from : C:\Users\Caroline\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Caroline\AppData\Local\Temp\AskBarDis
Folder Deleted : C:\Users\Caroline\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Caroline\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Caroline\Documents\optimizer pro
Folder Deleted : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\ICQToolbarData
File Deleted : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\user.js
File Deleted : C:\Windows\Tasks\digitalsite.job
File Deleted : C:\Windows\System32\Tasks\digitalsite

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{679438EC-6E90-48F4-8EDA-DE2D81761C17}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679438EC-6E90-48F4-8EDA-DE2D81761C17}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v25.0 (de)

[ File : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\prefs.js ]

Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.0.5");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "123040227212304291161230509569874");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1230509572);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[R0].txt - [4596 octets] - [06/11/2013 22:02:17]
AdwCleaner[R1].txt - [4514 octets] - [06/11/2013 22:11:07]
AdwCleaner[S0].txt - [570 octets] - [06/11/2013 22:04:18]
AdwCleaner[S1].txt - [4486 octets] - [06/11/2013 22:12:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4546 octets] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Caroline on 06.11.2013 at 22:30:22,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted: [File] C:\Users\Caroline\AppData\Roaming\mozilla\firefox\profiles\tcakfh4e.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Caroline\AppData\Roaming\mozilla\firefox\profiles\tcakfh4e.default\minidumps [33 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 22:33:46,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Caroline (administrator) on CAROLINE-PC on 06-11-2013 22:34:22
Running from C:\Users\Caroline\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Creative Technology Ltd.) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\System32\WLTRAY.EXE [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nike+ Connect] - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442433 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [DellSystemDetect] - C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-07-08] ()
MountPoints2: {2f571c2e-0e4a-11de-905d-002219d91f94} - F:\LaunchU3.exe -a
MountPoints2: {419036e7-c0d5-11dd-9ac6-002219d91f94} - F:\Autorun\ShelExec.exe SBSuite.html
MountPoints2: {85ad5743-0d83-11de-9e6c-002219d91f94} - F:\Autorun\ShelExec.exe SBSuite.html
MountPoints2: {ceaef9d7-0eb0-11de-96b4-002219d91f94} - F:\AutoRun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2081125
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://webexevents.webex.com/client/T26L/event/ieatgpc1.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 50 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F27E59BC-D9B4-42E2-A836-6A29690222CA}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Caroline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: United States English Spellchecker - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\tcakfh4e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [73728 2008-07-17] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-11-25] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-24] (Stardock Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [221239 2008-07-17] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-09-22] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-10-08] (The OpenVPN Project)
S3 Inspect; system32\DRIVERS\inspect.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCDSRVC{5B8A2B68-04D6B966-06020200}_0; \??\c:\program files\my dell\pcdsrvc.pkms [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 22:33 - 2013-11-06 22:33 - 00001197 _____ C:\Users\Caroline\Desktop\JRT.txt
2013-11-06 22:30 - 2013-11-06 22:30 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 22:28 - 2013-11-06 22:29 - 01034531 _____ (Thisisu) C:\Users\Caroline\Desktop\JRT.exe
2013-11-06 22:00 - 2013-11-06 22:20 - 00000000 ____D C:\AdwCleaner
2013-11-06 21:59 - 2013-11-06 21:59 - 01073262 _____ C:\Users\Caroline\Desktop\adwcleaner.exe
2013-11-06 07:57 - 2013-11-06 07:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-05 19:23 - 2013-11-06 19:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-05 19:23 - 2013-11-06 08:26 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-05 19:21 - 2013-11-06 08:26 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-05 19:11 - 2013-11-05 19:11 - 00000094 _____ C:\Users\Caroline\AppData\Roaming\WB.CFG
2013-11-04 23:18 - 2013-11-04 23:28 - 00000000 ____D C:\Users\Caroline\Desktop\Mario
2013-11-04 23:15 - 2013-11-04 23:15 - 00000000 ____D C:\FRST
2013-11-04 23:14 - 2013-11-04 23:14 - 01089445 _____ (Farbar) C:\Users\Caroline\Desktop\FRST.exe
2013-11-03 16:56 - 2013-11-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Avira
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-11-03 16:49 - 2013-11-03 16:49 - 00001849 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\Program Files\Avira
2013-11-03 16:49 - 2013-10-10 19:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-03 16:49 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-11-03 16:01 - 2013-11-03 16:47 - 123650800 _____ C:\Users\Caroline\Desktop\avira_free_antivirus_en.exe
2013-11-02 20:57 - 2013-11-02 20:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-02 20:36 - 2013-11-02 20:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-02 20:35 - 2013-11-02 20:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 15:01 - 2013-11-02 15:01 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Malwarebytes
2013-11-02 14:56 - 2013-11-02 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 11:04 - 2013-11-02 11:04 - 104569497 _____ C:\Windows\system32\盱﫞ဴŽ
2013-10-30 17:51 - 2013-10-30 17:51 - 00000000 ____D C:\Users\Caroline\Privates
2013-10-24 06:53 - 2013-10-24 07:17 - 00000000 ____D C:\Users\Caroline\Desktop\Entspannung
2013-10-19 12:17 - 2013-10-19 12:17 - 01923290 _____ C:\Users\Caroline\Downloads\cdex_151.zip
2013-10-19 12:17 - 2013-10-19 12:17 - 00000000 ____D C:\Users\Caroline\Downloads\cdex_151
2013-10-17 12:15 - 2013-10-17 12:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 12:14 - 2013-10-17 12:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-13 20:20 - 2013-10-13 20:28 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Roxio
2013-10-13 20:00 - 2013-11-03 16:39 - 00000000 ____D C:\ProgramData\Roxio
2013-10-13 19:54 - 2007-01-18 09:24 - 00026496 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial.sys
2013-10-10 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 06:20 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 06:20 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 06:20 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 06:20 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 06:20 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 06:20 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 06:20 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 06:20 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 06:20 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 06:20 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 06:20 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 06:20 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 06:20 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 06:20 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 06:20 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 06:20 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 06:20 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 06:20 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 06:20 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 06:20 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 06:20 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 06:38 - 2013-10-08 06:38 - 00000000 ____D C:\Users\Caroline\Desktop\Caro-Blackberry

==================== One Month Modified Files and Folders =======

2013-11-06 22:33 - 2013-11-06 22:33 - 00001197 _____ C:\Users\Caroline\Desktop\JRT.txt
2013-11-06 22:30 - 2013-11-06 22:30 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 22:30 - 2013-03-24 09:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 22:30 - 2008-11-25 15:58 - 01552700 _____ C:\Windows\WindowsUpdate.log
2013-11-06 22:29 - 2013-11-06 22:28 - 01034531 _____ (Thisisu) C:\Users\Caroline\Desktop\JRT.exe
2013-11-06 22:29 - 2006-11-02 11:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 22:23 - 2013-03-23 14:41 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-06 22:23 - 2012-05-23 19:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-06 22:23 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 22:23 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 22:23 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 22:21 - 2008-11-25 22:20 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-06 22:21 - 2006-11-02 14:01 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-06 22:20 - 2013-11-06 22:00 - 00000000 ____D C:\AdwCleaner
2013-11-06 22:12 - 2013-03-23 14:41 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 22:04 - 2008-12-28 19:04 - 00000000 ____D C:\ProgramData\ICQ
2013-11-06 21:59 - 2013-11-06 21:59 - 01073262 _____ C:\Users\Caroline\Desktop\adwcleaner.exe
2013-11-06 21:45 - 2011-07-07 20:30 - 00001150 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000UA.job
2013-11-06 21:45 - 2011-07-07 20:30 - 00001128 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2338259497-2837294462-966281208-1000Core.job
2013-11-06 19:26 - 2013-11-05 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-06 08:26 - 2013-11-05 19:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-06 08:26 - 2013-11-05 19:21 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-06 07:58 - 2013-11-06 07:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-05 19:11 - 2013-11-05 19:11 - 00000094 _____ C:\Users\Caroline\AppData\Roaming\WB.CFG
2013-11-04 23:28 - 2013-11-04 23:18 - 00000000 ____D C:\Users\Caroline\Desktop\Mario
2013-11-04 23:15 - 2013-11-04 23:15 - 00000000 ____D C:\FRST
2013-11-04 23:14 - 2013-11-04 23:14 - 01089445 _____ (Farbar) C:\Users\Caroline\Desktop\FRST.exe
2013-11-03 19:29 - 2008-01-21 03:47 - 00435768 _____ C:\Windows\PFRO.log
2013-11-03 17:24 - 2008-12-03 00:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\Google
2013-11-03 17:03 - 2008-11-25 22:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-03 17:03 - 2008-11-25 22:15 - 00000000 ____D C:\Program Files\Creative
2013-11-03 17:00 - 2008-12-03 01:33 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Mozilla
2013-11-03 16:56 - 2013-11-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Avira
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-03 16:53 - 2013-11-03 16:53 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-11-03 16:49 - 2013-11-03 16:49 - 00001849 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 16:49 - 2013-11-03 16:49 - 00000000 ____D C:\Program Files\Avira
2013-11-03 16:47 - 2013-11-03 16:01 - 123650800 _____ C:\Users\Caroline\Desktop\avira_free_antivirus_en.exe
2013-11-03 16:44 - 2008-12-03 00:19 - 00106600 _____ C:\Users\Caroline\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-03 16:43 - 2006-11-02 13:47 - 00395504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-03 16:39 - 2013-10-13 20:00 - 00000000 ____D C:\ProgramData\Roxio
2013-11-03 16:39 - 2008-11-25 22:36 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-11-03 16:39 - 2008-11-25 22:36 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-03 16:39 - 2008-11-25 22:34 - 00000000 ____D C:\Program Files\Roxio
2013-11-03 16:39 - 2008-11-25 22:34 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-11-02 23:19 - 2013-09-20 12:55 - 00000000 ____D C:\Users\Caroline\Desktop\Bestecke
2013-11-02 20:57 - 2013-11-02 20:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-11-02 20:57 - 2013-11-02 20:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-02 20:36 - 2013-11-02 20:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-02 15:01 - 2013-11-02 15:01 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Malwarebytes
2013-11-02 14:56 - 2013-11-02 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 11:04 - 2013-11-02 11:04 - 104569497 _____ C:\Windows\system32\盱﫞ဴŽ
2013-10-30 18:10 - 2006-11-02 13:52 - 00204783 _____ C:\Windows\setupact.log
2013-10-30 17:51 - 2013-10-30 17:51 - 00000000 ____D C:\Users\Caroline\Privates
2013-10-30 17:51 - 2008-12-03 00:18 - 00000000 ____D C:\Users\Caroline
2013-10-30 17:39 - 2008-11-25 22:26 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 21:12 - 2008-12-03 01:23 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Adobe
2013-10-26 19:41 - 2011-01-24 21:47 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc
2013-10-26 19:11 - 2008-12-03 00:19 - 00001356 _____ C:\Users\Caroline\AppData\Local\d3d9caps.dat
2013-10-24 07:17 - 2013-10-24 06:53 - 00000000 ____D C:\Users\Caroline\Desktop\Entspannung
2013-10-22 15:38 - 2008-12-03 16:56 - 00000000 ____D C:\Users\Caroline\AppData\Local\Adobe
2013-10-22 15:36 - 2010-12-20 10:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-22 15:36 - 2008-11-25 22:26 - 00000000 ____D C:\Program Files\Adobe
2013-10-19 12:17 - 2013-10-19 12:17 - 01923290 _____ C:\Users\Caroline\Downloads\cdex_151.zip
2013-10-19 12:17 - 2013-10-19 12:17 - 00000000 ____D C:\Users\Caroline\Downloads\cdex_151
2013-10-17 12:15 - 2013-10-17 12:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 12:15 - 2008-11-25 22:14 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-17 12:14 - 2013-10-17 12:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 12:14 - 2013-10-17 12:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-17 12:12 - 2013-08-22 20:30 - 00915368 _____ (Oracle Corporation) C:\Users\Caroline\Downloads\jxpiinstall.exe
2013-10-13 20:28 - 2013-10-13 20:20 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Roxio
2013-10-13 19:55 - 2008-11-25 22:14 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-12 16:09 - 2013-07-08 08:06 - 00000000 ____D C:\Users\Caroline\AppData\Local\Deployment
2013-10-10 19:14 - 2013-11-03 16:49 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-10 19:14 - 2013-11-03 16:49 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-10-10 03:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 02:29 - 2008-12-09 00:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 02:24 - 2013-08-17 09:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:19 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-08 19:30 - 2013-03-24 09:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 19:30 - 2011-11-07 18:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 06:38 - 2013-10-08 06:38 - 00000000 ____D C:\Users\Caroline\Desktop\Caro-Blackberry

Files to move or delete:
====================
C:\Users\Caroline\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\app.exe
C:\Users\Caroline\AppData\Local\Temp\AskSLib.dll
C:\Users\Caroline\AppData\Local\Temp\avgnt.exe
C:\Users\Caroline\AppData\Local\Temp\d-kee-so.dll
C:\Users\Caroline\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\ose00000.exe
C:\Users\Caroline\AppData\Local\Temp\Quarantine.exe
C:\Users\Caroline\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Caroline\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Caroline\AppData\Local\Temp\temp0NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp1NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp2NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp3NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\temp4NikeConnectconnect5pcupdate.exe
C:\Users\Caroline\AppData\Local\Temp\_is12B5.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-06 22:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 06.11.2013, 21:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.11.2013, 22:42   #9
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



hier schon mal der Malwarebytes log. Eset folgt

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.06.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caroline :: CAROLINE-PC [Administrator]

Schutz: Deaktiviert

06.11.2013 23:06:47
mbam-log-2013-11-06 (23-06-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236740
Laufzeit: 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\$Recycle.Bin\S-1-5-21-2338259497-2837294462-966281208-1000\$RRHQ3T2.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2338259497-2837294462-966281208-1000\$RQ22DCM\ZipExtractorSetup.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 06.11.2013, 22:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Nur Reste
Fehlt noch ESET
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.11.2013, 05:47   #11
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



klingt gut :-)

und hier noch ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=910325921a4d3b4b9193fb297d38ebe3
# engine=15787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-07 02:31:04
# local_time=2013-11-07 03:31:04 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 95 33825 2362610 26594 0
# compatibility_mode=5892 16776574 100 100 367907 221324192 0 0
# scanned=352243
# found=5
# cleaned=0
# scan_time=12290
sh=86F684719F29437F6ADD3B3E95AB1F6F4C011A02 ft=1 fh=3cb5f896bc0aaafc vn="multiple threats" ac=I fn="C:\Users\Caroline\AppData\Local\Temp\{C08769C4-9111-4D0A-8A81-1D7031AB8A54}\setup.exe"
sh=B3122109ACFFD5C299CC8B5D87E77CB2347B8C4F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Caroline\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\718835ef-49fe6282"
sh=61D8A22D436B792B6D4C26B839885F4C1C060372 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Caroline\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\363ef676-46e40bc0"
sh=6941CB627027CAB5A35750ED4D678B73AF41DBD5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Caroline\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\262cd5b7-681608dc"
sh=4F5478F8F91B6106418FC09AF41E516278AF9C53 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Caroline\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\584ef2b9-5bbff976"
         

Alt 07.11.2013, 09:12   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Auch nur Reste in Temp und Cache
Bitte TFC ausführen, der löscht das

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.11.2013, 08:47   #13
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Guten Morgen,

ich habe TFC aufgespielt und auch oeffnen koennen, allerdings kommt immer die Anzeige, dass das Programm nicht antwortet. Gibt es noch eine Alternative?

Alt 08.11.2013, 09:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Ja, du kannst den CCleaner verwenden. Aber damit bitte nur Temps löschen, lass die Finger von der Registry-Bereinigung
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2013, 15:17   #15
Redlion10
 
Trojaner - Bundesamt für Informationstechnik - Standard

Trojaner - Bundesamt für Informationstechnik



Prima, hat geklappt. Bin ich dann durch?

Antwort

Themen zu Trojaner - Bundesamt für Informationstechnik
ahnung, avira, computer, eingeblendet, eingefangen, freeware, funktioniert, gen, google, hallo zusammen, internet, laptop, malwarebytes, neu, problem, programm, rechner, seite, total, trojaner, vista, windows, windows vista, wirklich, zusammen



Ähnliche Themen: Trojaner - Bundesamt für Informationstechnik


  1. Windows 7: Sperrbildschirm, Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (33)
  2. Bundesamt für Sicherheit in der Informationstechnik/GVU-Virus
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (1)
  3. Bundesamt für Sicherheit und Informationstechnik.
    Log-Analyse und Auswertung - 13.10.2013 (8)
  4. Erpressungstrojaner Bundesamt für Sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (3)
  5. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 15.09.2013 (4)
  6. Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...
    Log-Analyse und Auswertung - 12.08.2013 (5)
  7. GVU Trojaner / Bundesamt für Sicherheit in der Informationstechnik // XP
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (1)
  8. Trojaner auf dem PC (angebl. Bundesamt für Sicherheit in der Informationstechnik)
    Log-Analyse und Auswertung - 24.05.2013 (14)
  9. trojaner gvu bundesamt für sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (7)
  10. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 08.03.2013 (1)
  11. GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (14)
  12. Bundesamt für Sicherheit in der Informationstechnik
    Log-Analyse und Auswertung - 29.01.2013 (9)
  13. Bundesamt für Sicherheit in der Informationstechnik - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (7)
  14. Trojaner : Bundesamt für Sicherheit in der Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (4)
  15. Bundesamt für Sicherheit in der Informationstechnik Virus
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (10)
  16. Bundesamt für SIcherheit in der Informationstechnik - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (2)
  17. Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (21)

Zum Thema Trojaner - Bundesamt für Informationstechnik - Hallo zusammen, ich habe mir leider ein Problem auf meinem Laptop eingefangen und zwar eine Zahlungsaufforderung seitens des sog. Bundesamt für Sicherhheit und Informationstechnologie. Dank Google bin ich zumindest zu - Trojaner - Bundesamt für Informationstechnik...
Archiv
Du betrachtest: Trojaner - Bundesamt für Informationstechnik auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.