| |
| |||||||
Log-Analyse und Auswertung: Windows 7: ADWARE/Install Core Gen7 gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.03.2014, 16:05
| #1 |
 |  Windows 7: ADWARE/Install Core Gen7 gefunden Hallo liebe Helfer, mein Virenscanner hat vor ein paar Tagen ADWARE/Install Core Gen7 gefunden und in Quarantäne gelegt. Außerdem steht in Quarantäne seit Januar APPL/BrowseFox.kmz (Cloud).Fund in C:\ProgramFiles(x86)RightSurve\bin\utilRightSurve.exe und C:\ProgramFiles(x86)RightSurve\updateRightSurve.exe. Einmal ließen sich beim Starten meine Benutzerdaten nicht laden, konnte aber über ein anderes Benutzerkonto ins Netz. Am nächsten Tag gings wieder. Aber plötzlich kam die Meldung, "danke, daß Sie sich Avira Speedup entschieden haben und plötzlich war statt meiner gekauften Version nur noch die Testversion drauf. Ich habe mit Malwarebytes gescannt, aber beim Löschen hat der Virenscanner gemeint, an die Registry darf keiner ran. Ich habe nach Anleitung Defogger, FRST und GMER runtergeladen. Nach GMER war das Problem, daß ich die Antivirensoftware nicht wieder einschalten konnte, hätte keine Berechtigung.Wollte dann über Benutzerwechsel ran, aber da wurde der Bilschirm schwarz und blieb es. Mußte Stecker ziehen. Nach Neustart ging alles wieder. Jetzt werde ich alle Dateien, die ich habe, einstellen, falls es passt. Sonst poste ich die anderen nach Antwort. Danke fürs helfen. Christel Code:
ATTFilter Avira Internet Security Suite
Erstellungsdatum der Reportdatei: Freitag, 21. März 2014 20:22
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***************
Seriennummer : 2212066021-ISSUE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHRISTEL-HALLE
Versionsinformationen:
BUILD.DAT : 14.0.3.350 58780 Bytes 25.02.2014 11:47:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 17.03.2014 16:59:26
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 18.12.2013 17:12:45
LUKE.DLL : 14.0.3.336 65616 Bytes 17.03.2014 16:59:53
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 17.03.2014 16:59:26
AVREG.DLL : 14.0.3.336 250448 Bytes 17.03.2014 16:59:23
avlode.dll : 14.0.3.336 544848 Bytes 17.03.2014 16:59:20
avlode.rdf : 14.0.3.38 58680 Bytes 17.03.2014 16:59:13
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:24:58
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:32:23
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:04:11
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 09:23:17
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:05:31
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 17:08:38
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 17:07:59
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28.11.2013 14:22:11
VBASE008.VDF : 7.11.126.50 3615744 Bytes 22.01.2014 14:02:43
VBASE009.VDF : 7.11.128.174 2030080 Bytes 03.02.2014 18:03:54
VBASE010.VDF : 7.11.134.72 3034112 Bytes 03.03.2014 17:12:59
VBASE011.VDF : 7.11.134.73 2048 Bytes 03.03.2014 17:12:59
VBASE012.VDF : 7.11.134.74 2048 Bytes 03.03.2014 17:12:59
VBASE013.VDF : 7.11.134.75 2048 Bytes 03.03.2014 17:12:59
VBASE014.VDF : 7.11.134.201 232960 Bytes 05.03.2014 19:17:21
VBASE015.VDF : 7.11.135.75 149504 Bytes 07.03.2014 16:46:44
VBASE016.VDF : 7.11.135.171 131072 Bytes 08.03.2014 20:53:45
VBASE017.VDF : 7.11.135.239 139264 Bytes 10.03.2014 19:58:37
VBASE018.VDF : 7.11.136.109 225792 Bytes 12.03.2014 19:14:19
VBASE019.VDF : 7.11.137.6 217600 Bytes 14.03.2014 17:00:04
VBASE020.VDF : 7.11.137.73 141312 Bytes 16.03.2014 17:00:04
VBASE021.VDF : 7.11.137.155 272896 Bytes 18.03.2014 19:47:58
VBASE022.VDF : 7.11.138.37 271360 Bytes 21.03.2014 12:09:42
VBASE023.VDF : 7.11.138.38 2048 Bytes 21.03.2014 12:09:42
VBASE024.VDF : 7.11.138.39 2048 Bytes 21.03.2014 12:09:42
VBASE025.VDF : 7.11.138.40 2048 Bytes 21.03.2014 12:09:42
VBASE026.VDF : 7.11.138.41 2048 Bytes 21.03.2014 12:09:42
VBASE027.VDF : 7.11.138.42 2048 Bytes 21.03.2014 12:09:42
VBASE028.VDF : 7.11.138.43 2048 Bytes 21.03.2014 12:09:42
VBASE029.VDF : 7.11.138.44 2048 Bytes 21.03.2014 12:09:42
VBASE030.VDF : 7.11.138.45 2048 Bytes 21.03.2014 12:09:42
VBASE031.VDF : 7.11.138.80 170496 Bytes 21.03.2014 17:50:49
Engineversion : 8.3.16.18
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 17:57:17
AESCRIPT.DLL : 8.1.4.196 524670 Bytes 17.03.2014 16:59:12
AESCN.DLL : 8.3.0.2 135360 Bytes 20.03.2014 17:57:17
AESBX.DLL : 8.2.20.6 1331575 Bytes 13.01.2014 15:27:11
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 16:17:12
AEPACK.DLL : 8.4.0.10 778440 Bytes 20.03.2014 17:57:17
AEOFFICE.DLL : 8.3.0.2 201084 Bytes 17.03.2014 16:59:11
AEHEUR.DLL : 8.1.4.978 6615240 Bytes 20.03.2014 17:57:16
AEHELP.DLL : 8.3.0.0 274808 Bytes 11.03.2014 18:19:11
AEGEN.DLL : 8.1.7.24 442743 Bytes 11.03.2014 18:19:11
AEEXP.DLL : 8.4.1.258 512376 Bytes 17.03.2014 16:59:12
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 13:29:19
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 19:47:58
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 16:21:40
AVWINLL.DLL : 14.0.3.252 23608 Bytes 17.03.2014 16:59:05
AVPREF.DLL : 14.0.3.252 48696 Bytes 17.03.2014 16:59:22
AVREP.DLL : 14.0.3.252 175672 Bytes 17.03.2014 16:59:23
AVARKT.DLL : 14.0.3.336 256080 Bytes 17.03.2014 16:59:13
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 17.03.2014 16:59:18
SQLITE3.DLL : 3.7.0.1 394808 Bytes 09.12.2013 10:43:48
AVSMTP.DLL : 14.0.3.252 60472 Bytes 17.03.2014 16:59:26
NETNT.DLL : 14.0.3.252 13368 Bytes 17.03.2014 16:59:53
RCIMAGE.DLL : 14.0.2.180 5113400 Bytes 09.12.2013 10:43:47
RCTEXT.DLL : 14.0.3.282 72760 Bytes 17.03.2014 16:59:05
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +SPR,
Beginn des Suchlaufs: Freitag, 21. März 2014 20:22
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSvcHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '160' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AntiBrowserSpyBrowserMaske.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vprot.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_system_speedup_internetsecuritysuite.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'TurboBoost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBS3S4Detection.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToolbarUpdater.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'loggingserver.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc7.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebg7.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bubbles.scr' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3314' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\Users\Christel\Downloads\adobe-flash-player-ie.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\Christel\Downloads\adobe-flash-player-ie.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '566a02d7.qua' verschoben!
Ende des Suchlaufs: Freitag, 21. März 2014 22:30
Benötigte Zeit: 2:06:29 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
44015 Verzeichnisse wurden überprüft
1533666 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1533665 Dateien ohne Befall
16195 Archive wurden durchsucht
0 Warnungen
1 Hinweise
915736 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
FRST.txt
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Christel (administrator) on CHRISTEL-HALLE on 24-03-2014 18:01:40
Running from C:\Users\Christel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394768 2010-10-20] (Acronis)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-21] ()
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-12-13] (Microsoft)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [AviraSpeedup] - C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5085416 2014-03-24] (Avira)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [Google Update] - C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-14] (Google Inc.)
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt014&pr=sa&d=2012-09-30 18:02:20&v=13.0.0.7&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17360610m806pe415v1m5w44m1u27r
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE383
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt014&pr=sa&d=2012-09-30 18:02:20&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Hosts: 127.0.0.1 google-analytics.com
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default
FF user.js: detected! => C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Amazon
FF Homepage: hxxp://isearch.avg.com/?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt014&pr=sa&d=2012-09-30 18:02:20&v=18.0.5.292&pid=avg&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Christel\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: GMX MailCheck - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\toolbar@gmx.net.xpi [2013-02-14]
FF Extension: NoScript - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-09-21]
FF Extension: Adblock Plus - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-17]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292 [2014-03-21]
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-17] (Avira Operations GmbH & Co. KG)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S4 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-24 18:01 - 2014-03-24 18:02 - 00018450 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-03-24 18:01 - 2014-03-24 18:01 - 00000000 ____D () C:\FRST
2014-03-24 18:00 - 2014-03-24 18:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 17:57 - 2014-03-24 17:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 17:54 - 2014-03-24 17:58 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 17:53 - 2014-03-24 17:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 16:41 - 2014-03-24 16:42 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 16:25 - 2014-03-24 16:25 - 00000056 _____ () C:\Windows\setupact.log
2014-03-24 16:25 - 2014-03-24 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 10:35 - 2014-03-24 10:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 10:18 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-24 10:18 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-24 10:18 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-24 10:18 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-24 10:18 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-24 10:18 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-24 10:18 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-24 10:18 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-24 10:18 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-24 10:18 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-24 10:18 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-24 10:18 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-24 10:18 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-24 10:18 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-24 10:18 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-24 10:18 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-24 10:18 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-24 10:18 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-24 10:17 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-24 10:17 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-24 10:17 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-24 10:17 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-24 10:17 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-24 10:17 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-24 10:05 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-24 10:05 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-23 16:55 - 2014-03-23 16:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 16:55 - 2014-03-23 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 16:53 - 2014-03-23 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 16:34 - 2014-03-23 16:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 16:33 - 2014-03-23 16:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 16:30 - 2014-03-23 16:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 16:29 - 2014-03-23 16:35 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 16:29 - 2014-03-23 16:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AVG Secure Search
2014-03-23 16:28 - 2014-03-23 16:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 16:28 - 2014-03-23 16:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-21 13:05 - 2014-03-21 13:06 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-20 20:08 - 2014-03-20 20:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-19 21:26 - 2014-03-20 18:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-13 08:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:48 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:48 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:48 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:48 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:48 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:48 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:48 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:48 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:48 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:48 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:48 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:48 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 08:48 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:48 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:48 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 08:48 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:48 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:48 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 08:48 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 08:48 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 08:48 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 08:48 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 08:48 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:48 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 08:48 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 08:48 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 08:48 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:48 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:48 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 08:48 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 08:48 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:48 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 08:48 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 08:48 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 08:48 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:48 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 08:48 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 08:48 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:48 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 08:48 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:48 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:48 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:48 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:47 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:47 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:47 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:47 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 19:54 - 2014-03-11 19:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-10 21:43 - 2014-03-10 21:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
2014-03-01 17:35 - 2014-03-24 17:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 17:35 - 2014-03-11 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-01 17:35 - 2014-03-11 20:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 17:35 - 2014-03-11 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== One Month Modified Files and Folders =======
2014-03-24 18:02 - 2014-03-24 18:01 - 00018450 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-03-24 18:01 - 2014-03-24 18:01 - 00000000 ____D () C:\FRST
2014-03-24 18:00 - 2014-03-24 18:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 17:58 - 2014-03-24 17:54 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 17:57 - 2014-03-24 17:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 17:54 - 2010-06-08 08:02 - 00000000 ____D () C:\Users\Christel
2014-03-24 17:53 - 2014-03-24 17:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 17:44 - 2012-02-14 18:29 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001UA.job
2014-03-24 17:44 - 2012-02-14 18:29 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001Core.job
2014-03-24 17:27 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:27 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:12 - 2014-03-01 17:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 17:09 - 2010-07-07 18:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 17:00 - 2010-02-04 13:50 - 01136178 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 16:44 - 2014-02-17 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 16:44 - 2012-05-07 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 16:44 - 2012-01-03 21:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-24 16:42 - 2014-03-24 16:41 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 16:39 - 2010-07-07 18:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 16:25 - 2014-03-24 16:25 - 00000056 _____ () C:\Windows\setupact.log
2014-03-24 16:25 - 2014-03-24 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 16:25 - 2010-02-04 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 16:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 10:37 - 2014-01-10 11:38 - 00003364 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-03-24 10:37 - 2014-01-10 11:38 - 00001317 _____ () C:\Users\Vollzugriff\Desktop\Avira System Speedup.lnk
2014-03-24 10:37 - 2014-01-10 11:38 - 00001317 _____ () C:\Users\UpdatusUser\Desktop\Avira System Speedup.lnk
2014-03-24 10:37 - 2014-01-10 11:38 - 00001317 _____ () C:\Users\Christel\Desktop\Avira System Speedup.lnk
2014-03-24 10:37 - 2014-01-10 11:38 - 00001317 _____ () C:\Users\Bernd\Desktop\Avira System Speedup.lnk
2014-03-24 10:35 - 2014-03-24 10:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 10:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-24 10:17 - 2011-06-18 10:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-24 10:16 - 2011-09-07 17:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-23 16:55 - 2014-03-23 16:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 16:55 - 2014-03-23 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 16:53 - 2014-03-23 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 16:35 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 16:34 - 2014-03-23 16:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 16:33 - 2014-03-23 16:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 16:30 - 2014-03-23 16:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 16:30 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 16:29 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AVG Secure Search
2014-03-23 16:28 - 2014-03-23 16:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 16:28 - 2014-03-23 16:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-23 16:28 - 2010-09-10 16:05 - 00001425 _____ () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 16:28 - 2010-09-10 16:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 16:28 - 2010-09-10 16:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-23 00:33 - 2010-09-20 17:27 - 00000000 ____D () C:\ProgramData\tmp
2014-03-22 23:51 - 2011-04-20 14:00 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\TuneUp Software
2014-03-22 23:50 - 2010-07-07 18:14 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Mozilla
2014-03-22 23:44 - 2010-06-27 20:37 - 00001425 _____ () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-22 23:44 - 2010-06-27 20:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 23:44 - 2010-06-27 20:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 22:46 - 2013-01-03 18:18 - 00000000 ____D () C:\Users\Christel\AppData\Local\AVG Secure Search
2014-03-21 13:06 - 2014-03-21 13:05 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 13:06 - 2013-06-27 18:17 - 00003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-21 13:05 - 2012-09-30 17:02 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-21 13:05 - 2012-09-30 17:02 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-20 20:09 - 2010-06-13 17:46 - 00001793 _____ () C:\Users\Christel\Desktop\XnView.lnk
2014-03-20 20:09 - 2010-06-13 17:40 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-03-20 20:08 - 2014-03-20 20:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-20 18:57 - 2014-03-19 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 21:59 - 2013-08-14 19:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 21:58 - 2010-07-07 17:49 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 17:58 - 2009-07-14 05:45 - 00560312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 17:56 - 2013-03-13 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 09:04 - 2013-03-13 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 20:49 - 2010-02-04 22:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-12 20:49 - 2010-02-04 22:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-12 20:49 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 20:32 - 2012-03-23 21:01 - 00000000 ____D () C:\Users\Christel\AppData\Roaming\Skype
2014-03-11 20:13 - 2014-03-01 17:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:13 - 2014-03-01 17:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:13 - 2014-03-01 17:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:54 - 2014-03-11 19:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-11 19:54 - 2012-09-13 16:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 19:54 - 2012-09-13 16:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 19:54 - 2012-03-23 21:01 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 21:51 - 2012-06-24 17:46 - 00000000 ____D () C:\Users\Christel\.gimp-2.8
2014-03-10 21:43 - 2014-03-10 21:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
2014-03-01 17:33 - 2010-06-08 10:05 - 00000000 ____D () C:\Users\Christel\AppData\Local\Adobe
2014-03-01 07:05 - 2014-03-13 08:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 08:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 08:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 08:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 08:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 08:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 08:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 08:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 08:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 08:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 08:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 08:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 08:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 08:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 08:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 08:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 08:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 08:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 08:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 08:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 08:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 08:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 08:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 08:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 08:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 08:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 08:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 08:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 08:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 08:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 08:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 08:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 08:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 08:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 08:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 08:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 08:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 20:08 - 2012-11-04 10:22 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Bernd\AppData\Local\Temp\avgnt.exe
C:\Users\Christel\AppData\Local\Temp\avgnt.exe
C:\Users\Vollzugriff\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 20:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Christel at 2014-03-24 18:02:36
Running from C:\Users\Christel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 4.0.112 - Abelssoft)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Astro-Psycho-Logisch (HKLM-x32\...\Astro-Psycho-Logisch) (Version: - )
AutoHDR 2.1.5 (HKLM-x32\...\AutoHDR) (Version: 2.1.5 - )
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
Avira Internet Security Suite (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9930 - Avira System Speedup)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
BenVista PhotoZoom Pro 2.3.4 (HKCU\...\PhotoZoom Pro 2) (Version: 2.3.4 - BenVista Ltd)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
COMPUTERBILD-Abzockschutz (HKLM-x32\...\{B4E4ACA0-79C5-4FC0-818F-ECE4521EBF8D}) (Version: 1.0.29 - J3S)
Der grandiose Bildverkleinerer 1.7b (HKLM-x32\...\Der grandiose Bildverkleinerer) (Version: 1.7b - )
Der Stammbaum 2.0 (HKLM-x32\...\InstallShield_{F3D1B3E6-F01E-11D6-A4D6-0030847A41CE}) (Version: 1.00.0000 - Navigo)
Der Stammbaum 2.0 (x32 Version: 1.00.0000 - Navigo) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Druckstudio Geldgeschenke (HKLM-x32\...\{12640463-09D4-467A-B4C3-3F8B13A01D22}) (Version: - )
DruckStudio Karten (HKLM-x32\...\{3B10321A-80CC-4B55-B9A1-A1D69F74A052}) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foto-Mosaik-Edda Standard V6.8.12318.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version: - Steffen Schirmer)
Fotoservice (HKLM-x32\...\Fotoservice) (Version: - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
High-Logic Scanahand 3.1 (HKLM-x32\...\Scanahand3_is1) (Version: - High-Logic B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
JPG-Illuminator 4.4.4 (HKLM-x32\...\JPG-Illuminator) (Version: 4.4.4 - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Megafonts Schriften II 1.0 (HKLM-x32\...\Megafonts Schriften II) (Version: 1.0 - Softmaker)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{965ef942-36c2-4f92-b60f-c75cd1dcde2f}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RightSurf (HKLM\...\RightSurf) (Version: 2014.01.23.231428 - RightSurf) <==== ATTENTION
Saturn Fotoservice (HKLM-x32\...\Saturn Fotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
==================== Restore Points =========================
21-02-2014 17:52:19 Windows Update
25-02-2014 18:14:21 Windows Update
26-02-2014 19:06:57 Windows Update
04-03-2014 17:02:44 Windows Update
06-03-2014 20:25:42 Windows Update
13-03-2014 07:44:02 Windows Update
13-03-2014 08:04:02 Windows Update
17-03-2014 17:04:01 Windows Update
19-03-2014 20:57:56 Windows Update
24-03-2014 08:44:39 Avira System Speedup(1.3.1.9930)
24-03-2014 09:14:15 Windows Update
24-03-2014 09:37:16 Avira System Speedup(1.3.1.9930)
==================== Hosts content: ==========================
2009-07-14 03:34 - 2010-11-12 17:32 - 00000861 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
Task: {01238B01-2B91-4FF0-A79C-351C4F344700} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2575421152-149623758-3891323420-1003
Task: {0694CBDD-4253-4439-A64B-FD7D004A3CA5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0769BD04-0ACD-4F1C-8694-E5D915D4C776} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {1FD427F7-E3C9-4A5A-B575-23A91BB48740} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {20C3DEC2-EC9D-40B6-B50B-C8D14D5BC025} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001Core => C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14] (Google Inc.)
Task: {25B2DA44-AA30-48DA-B5AD-938866FC781C} - System32\Tasks\{9F99CE3B-175B-49F7-B3F4-8268B87074F4} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3003F6C2-4135-40B6-BA19-B48E29CA317A} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [2014-03-24] (Avira)
Task: {5608283A-012C-4B70-910E-2FA248F4BF3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07] (Google Inc.)
Task: {5E9DD2BA-2A2B-4F7F-A3AC-DFA1CD059D45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {5F4010E5-B6DD-40A5-B189-C15805D1E705} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {6FBCCF1E-34C1-4DF9-AD57-2AE7A2D8C46C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07] (Google Inc.)
Task: {9717EF17-51E5-4F3F-B10B-B217DD53C5DA} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {C023570A-849C-474A-B34E-E8400251D980} - System32\Tasks\{FD46B2B5-8D2D-4E53-A71B-077B69CAF464} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CF9F5BDB-C0BB-4E91-A508-87FABFBC6DD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001UA => C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14] (Google Inc.)
Task: {D0F014F5-3D1B-46A7-A6B3-5947C97A9F99} - System32\Tasks\Steuer Aktuell => C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe [2013-04-11] ()
Task: {D5F47E46-2DCF-4146-9CD3-AF9C42A7E985} - System32\Tasks\Update Manager => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {D6039317-1129-48A6-B939-B39F68869D49} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {E6E9138C-59D1-45B9-A0CC-6D655D8E1A01} - System32\Tasks\Google Updater and Installer => C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14] (Google Inc.)
Task: {E91ED05D-6B72-4D50-81C6-652547E6B3AE} - System32\Tasks\{BC4E6B46-39BB-4258-AAFC-0A41605A630F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F4EE9797-E2F8-4046-8361-36F8D9F4AA9D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001Core.job => C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001UA.job => C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-27 15:52 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-09-08 09:19 - 2008-09-08 09:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2010-11-12 17:16 - 2012-12-13 10:12 - 07005648 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2010-11-12 17:16 - 2012-12-13 10:12 - 00162768 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2010-11-12 17:16 - 2012-12-13 10:12 - 00027600 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2010-11-12 17:16 - 2012-12-13 10:12 - 00012752 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-09-30 17:02 - 2014-03-21 13:05 - 02544664 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-12-18 10:01 - 2013-12-18 10:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-12-14 03:19 - 2009-12-09 10:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2014-03-21 13:05 - 2014-03-21 13:05 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2012-11-10 16:17 - 2013-12-09 11:43 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-21 13:05 - 2014-03-21 13:05 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2014-02-17 19:54 - 2014-03-15 09:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-19 21:26 - 2014-03-19 21:26 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-19 21:26 - 2014-03-19 21:26 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-19 21:26 - 2014-03-19 21:26 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2014 04:28:53 PM) (Source: ESENT) (User: )
Description: WinMail (4832) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (03/23/2014 04:28:48 PM) (Source: ESENT) (User: )
Description: WinMail (4180) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (03/22/2014 11:45:12 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christel-Halle)
Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert.
Details - Das System kann die angegebene Datei nicht finden.
Error: (03/22/2014 11:42:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christel-Halle)
Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert.
Details - Das System kann die angegebene Datei nicht finden.
Error: (03/22/2014 11:42:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Das System kann die angegebene Datei nicht finden.
for C:\Users\TEMP\ntuser.dat
Error: (03/22/2014 11:42:50 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christel-Halle)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (03/22/2014 11:42:50 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christel-Halle)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (03/22/2014 11:42:50 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christel-Halle)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/22/2014 11:42:50 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\Christel\ntuser.dat
Error: (03/20/2014 08:06:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (03/24/2014 04:25:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 04:25:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 04:25:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 04:25:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/24/2014 10:20:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 10:20:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 10:20:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (03/24/2014 10:20:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/24/2014 09:45:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/24/2014 09:45:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 6103.06 MB
Available physical RAM: 4211.17 MB
Total Pagefile: 12204.3 MB
Available Pagefile: 10118.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:384.47 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:270.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB886DEB)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-24 18:32:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44 931,51GB
Running: 9eu6hu1q.exe; Driver: C:\Users\Christel\AppData\Local\Temp\fwdirkow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077841465 2 bytes [84, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000778414bb 2 bytes [84, 77]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{707BAA63-04BC-4684-A7BC-97557F890256}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3368](2014-03-24 17:15:17) 000007fef8280000
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Christel\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.23.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Christel :: CHRISTEL-HALLE [Administrator] 23.03.2014 17:00:24 mbam-log-2014-03-23 (17-00-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 603385 Laufzeit: 1 Stunde(n), 46 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 10 HKCR\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{a4f32137-598e-41b6-b601-9965084c8f08} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\Interface\{C64BA349-1F34-4BFC-8D23-A317279D0CB9} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Keine Aktion durchgeführt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0O1J1G2R -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Program Files (x86)\RightSurf (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 7 C:\Program Files (x86)\RightSurf\RightSurfBHO.dll (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Users\Christel\Downloads\winamp5601_full_emusic-7plus_de-de(2).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Christel\Downloads\winamp5601_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\RightSurf.ico (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\RightSurfUninstall.exe (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\updateRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Keine Aktion durchgeführt. (Ende) |
|
25.03.2014, 16:41
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: ADWARE/Install Core Gen7 gefunden hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
26.03.2014, 10:07
| #3 |
| | Windows 7: ADWARE/Install Core Gen7 gefunden Hi,
__________________ich bin noch beim Revo Uninstaller. Ich weiß nicht, was genau du meinst mit dem Zusatz <-- Attension. Ich finde in txt nichts. Und was meinst du mit moderat Reste entfernen? Tut mir leid, aber ich bin ungeübt. Hallo Schrauber, habe jetzt rihgtsurfe mit dem Zusatz Attention gefunden. Aber das finde ich nicht bei den aufgelisteten Programmen im Revo. Hallo Schrauber, hab heute nochmal Revo Uninstaller gestartet, aber Right Surve ist nicht aufgelistet. Wie soll ich es entfernen? In den Windows Programmen ist es da, soll ich es dort entfernen oder soll ich überspringen und mit ADW Cleaner weitermachen? |
|
27.03.2014, 08:41
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: ADWARE/Install Core Gen7 gefunden Dann entfern es dort und mach dann weiter mit den 3 Tools 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.03.2014, 11:57
| #5 |
| | Windows 7: ADWARE/Install Core Gen7 gefunden Hallo Schrauber, habe jetzt Malwarebytes laufen lassen und AdwCleaner. Soll ich wirklich alles löschen, was da steht? Ich habe ein bißchen Bammel. Ich schicke dir mal den Suchlauf. Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 27/03/2014 um 11:45:43
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christel - CHRISTEL-HALLE
# Gestartet von : C:\Users\Christel\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\user.js
Ordner Gefunden C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\ProgramData\AVG Secure Search
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\Users\Bernd\AppData\Local\AVG Secure Search
Ordner Gefunden C:\Users\Bernd\AppData\Local\Temp\boost_interprocess
Ordner Gefunden C:\Users\Bernd\AppData\LocalLow\AVG Secure Search
Ordner Gefunden C:\Users\Christel\AppData\Local\AVG Secure Search
Ordner Gefunden C:\Users\Christel\AppData\LocalLow\AVG Secure Search
Ordner Gefunden C:\Users\Christel\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\Vollzugriff\AppData\Local\AVG Secure Search
Ordner Gefunden C:\Users\Vollzugriff\AppData\LocalLow\AVG Secure Search
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\distromatic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\AVG Secure Search
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\distromatic
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://isearch.avg.com/?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt014&pr=sa&d=2012-09-30 18:02:20&v=13.0.0.7&sap=hp
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\prefs.js ]
[ Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\arvkkr81.default\prefs.js ]
Zeile gefunden : user_pref("browser.startup.homepage", "hxxps://isearch.avg.com/?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt01[...]
[ Datei : C:\Users\Vollzugriff\AppData\Roaming\Mozilla\Firefox\Profiles\1yalywwr.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [8697 octets] - [27/03/2014 11:45:43]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8757 octets] ##########
|
|
28.03.2014, 08:55
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: ADWARE/Install Core Gen7 gefunden Jo, die Tools in reihenfolge laufen lassen und löschen lassen.
__________________ --> Windows 7: ADWARE/Install Core Gen7 gefunden |
|
30.03.2014, 16:28
| #7 |
| | Windows 7: ADWARE/Install Core Gen7 gefunden Hallo Schrauber, danke für die Antwort. Hab alle Programme laufen lassen. Bei Malwarebytes kam die Bemerkung -Registry wurde blockiert-, obwohl ich Avira abgeschaltet hatte. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Christel :: CHRISTEL-HALLE [Administrator] 27.03.2014 11:30:14 mbam-log-2014-03-27 (11-30-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 303997 Laufzeit: 5 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0O1J1G2R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Christel\Downloads\winamp5601_full_emusic-7plus_de-de(2).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christel\Downloads\winamp5601_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 30/03/2014 um 16:57:32
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christel - CHRISTEL-HALLE
# Gestartet von : C:\Users\Christel\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Christel\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Christel\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Christel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Bernd\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Bernd\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Bernd\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Vollzugriff\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Vollzugriff\AppData\LocalLow\AVG Secure Search
Datei Gelöscht : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\prefs.js ]
[ Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\arvkkr81.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxps://isearch.avg.com/?cid={3C401B61-827A-4DE2-A4EB-6B5DD635ACC3}&mid=274e9a06309447d0b28241b2e0acf5a8-235595ecd7b3b8d170198d42d396968a05873f7a&lang=de&ds=tt01[...]
[ Datei : C:\Users\Vollzugriff\AppData\Roaming\Mozilla\Firefox\Profiles\1yalywwr.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [8877 octets] - [27/03/2014 12:45:43]
AdwCleaner[R1].txt - [8937 octets] - [30/03/2014 16:55:40]
AdwCleaner[S0].txt - [8314 octets] - [30/03/2014 16:57:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8374 octets] ##########
Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Christel on 30.03.2014 at 17:03:30,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Christel\AppData\Roaming\mozilla\firefox\profiles\hau98las.default\minidumps [29 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2014 at 17:08:09,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Christel (administrator) on CHRISTEL-HALLE on 30-03-2014 17:10:43
Running from C:\Users\Christel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394768 2010-10-20] (Acronis)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-12-13] (Microsoft)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [AviraSpeedup] - C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5085416 2014-03-24] (Avira)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [Google Update] - C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-14] (Google Inc.)
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17360610m806pe415v1m5w44m1u27r
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE383
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 google-analytics.com
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Christel\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: GMX MailCheck - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\toolbar@gmx.net.xpi [2013-02-14]
FF Extension: NoScript - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-09-21]
FF Extension: Adblock Plus - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-17]
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-17] (Avira Operations GmbH & Co. KG)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [X]
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-30 17:08 - 2014-03-30 17:08 - 00000763 _____ () C:\Users\Christel\Desktop\JRT.txt
2014-03-30 17:03 - 2014-03-30 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 17:02 - 2014-03-30 17:02 - 01038974 _____ (Thisisu) C:\Users\Christel\Downloads\JRT.exe
2014-03-30 16:59 - 2014-03-30 16:59 - 00008474 _____ () C:\Users\Christel\Desktop\AdwCleaner[S0].txt
2014-03-27 12:44 - 2014-03-30 16:57 - 00000000 ____D () C:\AdwCleaner
2014-03-27 12:43 - 2014-03-27 12:43 - 01950720 _____ () C:\Users\Christel\Downloads\adwcleaner.exe
2014-03-27 12:41 - 2014-03-27 12:41 - 00000660 _____ () C:\Windows\PFRO.log
2014-03-26 11:13 - 2014-03-26 11:14 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
2014-03-26 10:15 - 2014-03-26 10:15 - 00003280 _____ () C:\Windows\System32\Tasks\{0B4FA45D-571C-4822-9CF9-317A7F7D269D}
2014-03-25 18:35 - 2014-03-25 18:35 - 00001268 _____ () C:\Users\Christel\Desktop\Revo Uninstaller.lnk
2014-03-25 18:35 - 2014-03-25 18:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 18:34 - 2014-03-25 18:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christel\Downloads\revosetup95.exe
2014-03-25 16:50 - 2014-03-25 16:50 - 00000776 _____ () C:\Users\Christel\Desktop\Ereignisse.txt
2014-03-25 16:30 - 2014-03-25 16:30 - 00000000 ____D () C:\Users\Christel\Neuer Ordner
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Users\Christel\AppData\Local\TuneUp Software
2014-03-24 20:10 - 2014-03-24 20:10 - 00024080 _____ () C:\Users\Christel\Desktop\AVSCAN-20140321-202200-80C5BA9F.LOG
2014-03-24 19:35 - 2014-03-24 19:35 - 00000000 ____D () C:\Users\Christel\AppData\Local\Avg2014
2014-03-24 19:32 - 2014-03-24 19:32 - 00001534 _____ () C:\Users\Christel\Desktop\Gmer.txt
2014-03-24 19:14 - 2014-03-24 19:14 - 00380416 _____ () C:\Users\Christel\Downloads\9eu6hu1q.exe
2014-03-24 19:10 - 2014-03-24 19:10 - 00040567 _____ () C:\Users\Christel\Desktop\Addition.txt
2014-03-24 19:09 - 2014-03-24 19:09 - 00044947 _____ () C:\Users\Christel\Desktop\FRST.txt
2014-03-24 19:05 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-24 19:05 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-24 19:02 - 2014-03-24 19:02 - 00040567 _____ () C:\Users\Christel\Downloads\Addition.txt
2014-03-24 19:01 - 2014-03-30 17:10 - 00015543 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-03-24 19:01 - 2014-03-30 17:10 - 00000000 ____D () C:\FRST
2014-03-24 19:00 - 2014-03-24 19:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 18:57 - 2014-03-24 18:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 18:54 - 2014-03-24 18:58 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 18:54 - 2014-03-24 18:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 18:53 - 2014-03-24 18:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 17:41 - 2014-03-24 17:42 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 17:40 - 2014-03-24 17:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 17:25 - 2014-03-30 16:58 - 00000672 _____ () C:\Windows\setupact.log
2014-03-24 17:25 - 2014-03-24 17:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 11:35 - 2014-03-24 11:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 11:18 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-24 11:18 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-24 11:18 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-24 11:18 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-24 11:18 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-24 11:18 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-24 11:18 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-24 11:18 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-24 11:18 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-24 11:18 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-24 11:18 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-24 11:18 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-24 11:18 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-24 11:18 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-24 11:18 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-24 11:18 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-24 11:17 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-24 11:17 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-24 11:17 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-24 11:17 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-24 11:17 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-24 11:17 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-24 11:05 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-24 11:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-23 17:55 - 2014-03-23 17:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 17:55 - 2014-03-23 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 17:53 - 2014-03-23 17:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 17:33 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 17:29 - 2014-03-23 17:35 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 17:29 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 17:28 - 2014-03-23 17:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 17:28 - 2014-03-23 17:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-20 21:08 - 2014-03-20 21:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-19 22:26 - 2014-03-20 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-13 09:48 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:48 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:48 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:48 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:48 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:48 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:48 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:48 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:48 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:48 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:48 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:48 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:48 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:48 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:48 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:48 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:48 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:48 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:48 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:48 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:48 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:48 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:48 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:48 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:48 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:48 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:48 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:48 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:48 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:48 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:48 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:48 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:48 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:48 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:48 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:48 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:48 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:48 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:48 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:48 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:48 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:48 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:48 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:48 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:47 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:47 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:47 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:47 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 20:54 - 2014-03-11 20:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-10 22:43 - 2014-03-10 22:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
2014-03-01 18:35 - 2014-03-27 21:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 18:35 - 2014-03-11 21:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-01 18:35 - 2014-03-11 21:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 18:35 - 2014-03-11 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== One Month Modified Files and Folders =======
2014-03-30 17:11 - 2014-03-24 19:01 - 00015543 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-03-30 17:10 - 2014-03-24 19:01 - 00000000 ____D () C:\FRST
2014-03-30 17:09 - 2010-07-07 19:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 17:08 - 2014-03-30 17:08 - 00000763 _____ () C:\Users\Christel\Desktop\JRT.txt
2014-03-30 17:07 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 17:07 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 17:03 - 2014-03-30 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 17:03 - 2010-02-04 23:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 17:03 - 2010-02-04 23:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 17:03 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 17:02 - 2014-03-30 17:02 - 01038974 _____ (Thisisu) C:\Users\Christel\Downloads\JRT.exe
2014-03-30 16:59 - 2014-03-30 16:59 - 00008474 _____ () C:\Users\Christel\Desktop\AdwCleaner[S0].txt
2014-03-30 16:59 - 2010-07-07 19:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 16:58 - 2014-03-24 17:25 - 00000672 _____ () C:\Windows\setupact.log
2014-03-30 16:58 - 2010-02-04 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-30 16:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 16:57 - 2014-03-27 12:44 - 00000000 ____D () C:\AdwCleaner
2014-03-30 16:57 - 2010-02-04 14:50 - 01302517 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 21:12 - 2014-03-01 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 20:44 - 2012-02-14 19:29 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001UA.job
2014-03-27 18:44 - 2012-02-14 19:29 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001Core.job
2014-03-27 12:43 - 2014-03-27 12:43 - 01950720 _____ () C:\Users\Christel\Downloads\adwcleaner.exe
2014-03-27 12:41 - 2014-03-27 12:41 - 00000660 _____ () C:\Windows\PFRO.log
2014-03-26 11:14 - 2014-03-26 11:13 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
2014-03-26 10:15 - 2014-03-26 10:15 - 00003280 _____ () C:\Windows\System32\Tasks\{0B4FA45D-571C-4822-9CF9-317A7F7D269D}
2014-03-25 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-25 18:35 - 2014-03-25 18:35 - 00001268 _____ () C:\Users\Christel\Desktop\Revo Uninstaller.lnk
2014-03-25 18:35 - 2014-03-25 18:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 18:34 - 2014-03-25 18:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christel\Downloads\revosetup95.exe
2014-03-25 16:50 - 2014-03-25 16:50 - 00000776 _____ () C:\Users\Christel\Desktop\Ereignisse.txt
2014-03-25 16:30 - 2014-03-25 16:30 - 00000000 ____D () C:\Users\Christel\Neuer Ordner
2014-03-25 16:30 - 2010-06-08 09:02 - 00000000 ____D () C:\Users\Christel
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Users\Christel\AppData\Local\TuneUp Software
2014-03-25 15:39 - 2013-10-19 18:38 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-24 20:10 - 2014-03-24 20:10 - 00024080 _____ () C:\Users\Christel\Desktop\AVSCAN-20140321-202200-80C5BA9F.LOG
2014-03-24 20:03 - 2012-05-07 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 19:35 - 2014-03-24 19:35 - 00000000 ____D () C:\Users\Christel\AppData\Local\Avg2014
2014-03-24 19:32 - 2014-03-24 19:32 - 00001534 _____ () C:\Users\Christel\Desktop\Gmer.txt
2014-03-24 19:14 - 2014-03-24 19:14 - 00380416 _____ () C:\Users\Christel\Downloads\9eu6hu1q.exe
2014-03-24 19:10 - 2014-03-24 19:10 - 00040567 _____ () C:\Users\Christel\Desktop\Addition.txt
2014-03-24 19:09 - 2014-03-24 19:09 - 00044947 _____ () C:\Users\Christel\Desktop\FRST.txt
2014-03-24 19:02 - 2014-03-24 19:02 - 00040567 _____ () C:\Users\Christel\Downloads\Addition.txt
2014-03-24 19:00 - 2014-03-24 19:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 18:58 - 2014-03-24 18:54 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 18:57 - 2014-03-24 18:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 18:54 - 2014-03-24 18:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 18:53 - 2014-03-24 18:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 17:44 - 2014-02-17 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 17:44 - 2012-01-03 22:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-24 17:42 - 2014-03-24 17:41 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 17:40 - 2014-03-24 17:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 17:25 - 2014-03-24 17:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 11:37 - 2014-01-10 12:38 - 00003364 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Vollzugriff\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\UpdatusUser\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Christel\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Bernd\Desktop\Avira System Speedup.lnk
2014-03-24 11:35 - 2014-03-24 11:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-24 11:17 - 2011-06-18 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-24 11:16 - 2011-09-07 18:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-23 17:55 - 2014-03-23 17:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 17:55 - 2014-03-23 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 17:53 - 2014-03-23 17:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 17:35 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 17:33 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 17:30 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 17:28 - 2014-03-23 17:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 17:28 - 2014-03-23 17:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-23 17:28 - 2010-09-10 17:05 - 00001425 _____ () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 17:28 - 2010-09-10 17:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 17:28 - 2010-09-10 17:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-23 01:33 - 2010-09-20 18:27 - 00000000 ____D () C:\ProgramData\tmp
2014-03-23 00:51 - 2011-04-20 15:00 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\TuneUp Software
2014-03-23 00:50 - 2010-07-07 19:14 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Mozilla
2014-03-23 00:44 - 2010-06-27 21:37 - 00001425 _____ () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 00:44 - 2010-06-27 21:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 00:44 - 2010-06-27 21:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 14:06 - 2013-06-27 19:17 - 00003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-21 14:05 - 2012-09-30 18:02 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-20 21:09 - 2010-06-13 18:46 - 00001793 _____ () C:\Users\Christel\Desktop\XnView.lnk
2014-03-20 21:09 - 2010-06-13 18:40 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-03-20 21:08 - 2014-03-20 21:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-20 19:57 - 2014-03-19 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-20 15:44 - 2013-11-04 20:16 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-03-20 15:44 - 2013-11-04 20:16 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-03-20 15:44 - 2013-10-19 18:38 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-03-20 15:44 - 2013-10-19 18:38 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-03-20 15:44 - 2013-10-19 18:38 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-03-19 22:59 - 2013-08-14 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 22:58 - 2010-07-07 18:49 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 18:58 - 2009-07-14 06:45 - 00560312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 18:56 - 2013-03-13 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 10:04 - 2013-03-13 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 21:32 - 2012-03-23 22:01 - 00000000 ____D () C:\Users\Christel\AppData\Roaming\Skype
2014-03-11 21:13 - 2014-03-01 18:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:13 - 2014-03-01 18:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:13 - 2014-03-01 18:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:54 - 2014-03-11 20:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-11 20:54 - 2012-09-13 17:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 20:54 - 2012-09-13 17:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 20:54 - 2012-03-23 22:01 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 22:51 - 2012-06-24 18:46 - 00000000 ____D () C:\Users\Christel\.gimp-2.8
2014-03-10 22:43 - 2014-03-10 22:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
2014-03-01 18:33 - 2010-06-08 11:05 - 00000000 ____D () C:\Users\Christel\AppData\Local\Adobe
2014-03-01 08:05 - 2014-03-13 09:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-13 09:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-13 09:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-13 09:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-13 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-13 09:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-13 09:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-13 09:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-13 09:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-13 09:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-13 09:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-13 09:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-13 09:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-13 09:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-13 09:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-13 09:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-13 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-13 09:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-13 09:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-13 09:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-13 09:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-13 09:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-13 09:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-13 09:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-13 09:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-13 09:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-13 09:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-13 09:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-13 09:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-13 09:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-13 09:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-13 09:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-13 09:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-13 09:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-13 09:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-13 09:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-13 09:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-13 09:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-13 09:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-13 09:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Bernd\AppData\Local\Temp\avgnt.exe
C:\Users\Christel\AppData\Local\Temp\avgnt.exe
C:\Users\Christel\AppData\Local\Temp\Quarantine.exe
C:\Users\Vollzugriff\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 21:04
==================== End Of Log ============================
Ich hoffe, ich hab alles richtig gemacht. Viele Grüße lausi7 |
|
31.03.2014, 12:02
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: ADWARE/Install Core Gen7 gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.04.2014, 17:34
| #9 |
| |  Windows 7: ADWARE/Install Core Gen7 gefunden Hallo Schrauber, besten Dank. Ich bin jetzt durch und ich poste die logs. Zwei Dinge noch, die drei Infizierungen, die ich ursprünglich angefragt hatte, stehen immer noch im Quarantäne-Ordner von Avira. Meine Frage ist, soll ich das einfach dort löschen? Das zweite, wie werde ich die ganzen verwendeten Programme wieder los oder soll ich sie drauf lassen? Ansonsten gibt es keine Probleme. Viele Grüße lausi7 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18d2f9636c00f84e9d9c428306bc070a
# engine=17694
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 11:24:23
# local_time=2014-04-01 01:24:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 111564 147938113 0 0
# scanned=341497
# found=0
# cleaned=0
# scan_time=26412
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` AntiBrowserSpy Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities Language Pack (de-DE) TuneUp Utilities 2014 Java 7 Update 45 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) Mozilla Thunderbird (24.4.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Christel (administrator) on CHRISTEL-HALLE on 01-04-2014 18:13:53
Running from C:\Users\Christel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394768 2010-10-20] (Acronis)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-12-13] (Microsoft)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [AviraSpeedup] - C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5085416 2014-03-24] (Avira)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [Google Update] - C:\Users\Christel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-14] (Google Inc.)
HKU\S-1-5-21-2575421152-149623758-3891323420-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
HKU\S-1-5-21-2575421152-149623758-3891323420-1008\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17360610m806pe415v1m5w44m1u27r
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE383
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 google-analytics.com
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Christel\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: GMX MailCheck - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\toolbar@gmx.net.xpi [2013-02-14]
FF Extension: NoScript - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-09-21]
FF Extension: Adblock Plus - C:\Users\Christel\AppData\Roaming\Mozilla\Firefox\Profiles\hau98las.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-17]
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-17] (Avira Operations GmbH & Co. KG)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [X]
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 18:12 - 2014-04-01 18:12 - 00001039 _____ () C:\Users\Christel\Desktop\checkup.txt
2014-04-01 18:10 - 2014-04-01 18:10 - 00987442 _____ () C:\Users\Christel\Downloads\SecurityCheck.exe
2014-04-01 18:04 - 2014-04-01 18:04 - 00013631 _____ () C:\Users\Christel\Desktop\ESET.odt
2014-03-31 18:00 - 2014-03-31 18:00 - 02347384 _____ (ESET) C:\Users\Christel\Downloads\esetsmartinstaller_enu.exe
2014-03-30 18:06 - 2014-03-30 18:06 - 00001137 _____ () C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2014-03-30 18:00 - 2014-03-30 18:00 - 00000000 ____D () C:\Users\Christel\AppData\Roaming\hps-install
2014-03-30 18:00 - 2014-03-30 18:00 - 00000000 ____D () C:\Program Files\Saturn Fotoservice
2014-03-30 17:16 - 2014-03-30 17:16 - 00046378 _____ () C:\Users\Christel\Desktop\FRST2.txt
2014-03-30 17:08 - 2014-03-30 17:08 - 00000763 _____ () C:\Users\Christel\Desktop\JRT.txt
2014-03-30 17:03 - 2014-03-30 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 17:02 - 2014-03-30 17:02 - 01038974 _____ (Thisisu) C:\Users\Christel\Downloads\JRT.exe
2014-03-30 16:59 - 2014-03-30 16:59 - 00008474 _____ () C:\Users\Christel\Desktop\AdwCleaner[S0].txt
2014-03-27 12:44 - 2014-03-30 16:57 - 00000000 ____D () C:\AdwCleaner
2014-03-27 12:43 - 2014-03-27 12:43 - 01950720 _____ () C:\Users\Christel\Downloads\adwcleaner.exe
2014-03-27 12:41 - 2014-03-27 12:41 - 00000660 _____ () C:\Windows\PFRO.log
2014-03-26 11:13 - 2014-03-26 11:14 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
2014-03-26 10:15 - 2014-03-26 10:15 - 00003280 _____ () C:\Windows\System32\Tasks\{0B4FA45D-571C-4822-9CF9-317A7F7D269D}
2014-03-25 18:35 - 2014-03-25 18:35 - 00001268 _____ () C:\Users\Christel\Desktop\Revo Uninstaller.lnk
2014-03-25 18:35 - 2014-03-25 18:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 18:34 - 2014-03-25 18:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christel\Downloads\revosetup95.exe
2014-03-25 16:50 - 2014-03-25 16:50 - 00000776 _____ () C:\Users\Christel\Desktop\Ereignisse.txt
2014-03-25 16:30 - 2014-03-25 16:30 - 00000000 ____D () C:\Users\Christel\Neuer Ordner
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Users\Christel\AppData\Local\TuneUp Software
2014-03-24 20:10 - 2014-03-24 20:10 - 00024080 _____ () C:\Users\Christel\Desktop\AVSCAN-20140321-202200-80C5BA9F.LOG
2014-03-24 19:35 - 2014-03-24 19:35 - 00000000 ____D () C:\Users\Christel\AppData\Local\Avg2014
2014-03-24 19:32 - 2014-03-24 19:32 - 00001534 _____ () C:\Users\Christel\Desktop\Gmer.txt
2014-03-24 19:14 - 2014-03-24 19:14 - 00380416 _____ () C:\Users\Christel\Downloads\9eu6hu1q.exe
2014-03-24 19:10 - 2014-03-24 19:10 - 00040567 _____ () C:\Users\Christel\Desktop\Addition.txt
2014-03-24 19:09 - 2014-03-24 19:09 - 00044947 _____ () C:\Users\Christel\Desktop\FRST.txt
2014-03-24 19:05 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-24 19:05 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-24 19:02 - 2014-03-24 19:02 - 00040567 _____ () C:\Users\Christel\Downloads\Addition.txt
2014-03-24 19:01 - 2014-04-01 18:13 - 00015879 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-03-24 19:01 - 2014-04-01 18:13 - 00000000 ____D () C:\FRST
2014-03-24 19:00 - 2014-03-24 19:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 18:57 - 2014-03-24 18:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 18:54 - 2014-03-24 18:58 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 18:54 - 2014-03-24 18:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 18:53 - 2014-03-24 18:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 17:41 - 2014-03-24 17:42 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 17:40 - 2014-03-24 17:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 17:25 - 2014-04-01 17:20 - 00000896 _____ () C:\Windows\setupact.log
2014-03-24 17:25 - 2014-03-24 17:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 11:35 - 2014-03-24 11:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 11:18 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-24 11:18 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-24 11:18 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-24 11:18 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-24 11:18 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-24 11:18 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-24 11:18 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-24 11:18 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-24 11:18 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-24 11:18 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-24 11:18 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-24 11:18 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-24 11:18 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-24 11:18 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-24 11:18 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-24 11:18 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-24 11:17 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-24 11:17 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-24 11:17 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-24 11:17 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-24 11:17 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-24 11:17 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-24 11:05 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-24 11:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-23 17:55 - 2014-03-23 17:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 17:55 - 2014-03-23 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 17:53 - 2014-03-23 17:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 17:33 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 17:29 - 2014-03-23 17:35 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 17:29 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 17:28 - 2014-03-23 17:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 17:28 - 2014-03-23 17:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-20 21:08 - 2014-03-20 21:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-19 22:26 - 2014-03-20 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-13 09:48 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:48 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:48 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:48 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:48 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:48 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:48 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:48 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:48 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:48 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:48 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:48 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:48 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:48 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:48 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:48 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:48 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:48 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:48 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:48 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:48 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:48 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:48 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:48 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:48 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:48 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:48 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:48 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:48 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:48 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:48 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:48 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:48 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:48 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:48 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:48 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:48 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:48 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:48 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:48 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:48 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:48 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:48 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:48 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:47 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:47 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:47 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:47 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 20:54 - 2014-03-11 20:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-10 22:43 - 2014-03-10 22:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
2014-04-01 18:14 - 2014-03-24 19:01 - 00015879 _____ () C:\Users\Christel\Downloads\FRST.txt
2014-04-01 18:13 - 2014-03-24 19:01 - 00000000 ____D () C:\FRST
2014-04-01 18:12 - 2014-04-01 18:12 - 00001039 _____ () C:\Users\Christel\Desktop\checkup.txt
2014-04-01 18:12 - 2014-03-01 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 18:10 - 2014-04-01 18:10 - 00987442 _____ () C:\Users\Christel\Downloads\SecurityCheck.exe
2014-04-01 18:09 - 2010-07-07 19:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 18:04 - 2014-04-01 18:04 - 00013631 _____ () C:\Users\Christel\Desktop\ESET.odt
2014-04-01 17:46 - 2010-02-04 14:50 - 01351800 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 17:44 - 2012-02-14 19:29 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001UA.job
2014-04-01 17:44 - 2012-02-14 19:29 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2575421152-149623758-3891323420-1001Core.job
2014-04-01 17:29 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 17:29 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 17:24 - 2010-02-04 23:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 17:24 - 2010-02-04 23:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 17:24 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 17:20 - 2014-03-24 17:25 - 00000896 _____ () C:\Windows\setupact.log
2014-04-01 17:20 - 2010-07-07 19:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 17:20 - 2010-02-04 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-01 17:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 18:00 - 2014-03-31 18:00 - 02347384 _____ (ESET) C:\Users\Christel\Downloads\esetsmartinstaller_enu.exe
2014-03-30 18:10 - 2010-09-20 18:27 - 00000000 ____D () C:\ProgramData\tmp
2014-03-30 18:06 - 2014-03-30 18:06 - 00001137 _____ () C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2014-03-30 18:06 - 2010-10-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Saturn
2014-03-30 18:00 - 2014-03-30 18:00 - 00000000 ____D () C:\Users\Christel\AppData\Roaming\hps-install
2014-03-30 18:00 - 2014-03-30 18:00 - 00000000 ____D () C:\Program Files\Saturn Fotoservice
2014-03-30 17:16 - 2014-03-30 17:16 - 00046378 _____ () C:\Users\Christel\Desktop\FRST2.txt
2014-03-30 17:08 - 2014-03-30 17:08 - 00000763 _____ () C:\Users\Christel\Desktop\JRT.txt
2014-03-30 17:03 - 2014-03-30 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 17:02 - 2014-03-30 17:02 - 01038974 _____ (Thisisu) C:\Users\Christel\Downloads\JRT.exe
2014-03-30 16:59 - 2014-03-30 16:59 - 00008474 _____ () C:\Users\Christel\Desktop\AdwCleaner[S0].txt
2014-03-30 16:57 - 2014-03-27 12:44 - 00000000 ____D () C:\AdwCleaner
2014-03-27 12:43 - 2014-03-27 12:43 - 01950720 _____ () C:\Users\Christel\Downloads\adwcleaner.exe
2014-03-27 12:41 - 2014-03-27 12:41 - 00000660 _____ () C:\Windows\PFRO.log
2014-03-26 11:14 - 2014-03-26 11:13 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64(1).exe
2014-03-26 10:15 - 2014-03-26 10:15 - 00003280 _____ () C:\Windows\System32\Tasks\{0B4FA45D-571C-4822-9CF9-317A7F7D269D}
2014-03-25 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-25 18:35 - 2014-03-25 18:35 - 00001268 _____ () C:\Users\Christel\Desktop\Revo Uninstaller.lnk
2014-03-25 18:35 - 2014-03-25 18:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 18:34 - 2014-03-25 18:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christel\Downloads\revosetup95.exe
2014-03-25 16:50 - 2014-03-25 16:50 - 00000776 _____ () C:\Users\Christel\Desktop\Ereignisse.txt
2014-03-25 16:30 - 2014-03-25 16:30 - 00000000 ____D () C:\Users\Christel\Neuer Ordner
2014-03-25 16:30 - 2010-06-08 09:02 - 00000000 ____D () C:\Users\Christel
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Users\Christel\AppData\Local\TuneUp Software
2014-03-25 15:39 - 2013-10-19 18:38 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-24 20:10 - 2014-03-24 20:10 - 00024080 _____ () C:\Users\Christel\Desktop\AVSCAN-20140321-202200-80C5BA9F.LOG
2014-03-24 20:03 - 2012-05-07 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 19:35 - 2014-03-24 19:35 - 00000000 ____D () C:\Users\Christel\AppData\Local\Avg2014
2014-03-24 19:32 - 2014-03-24 19:32 - 00001534 _____ () C:\Users\Christel\Desktop\Gmer.txt
2014-03-24 19:14 - 2014-03-24 19:14 - 00380416 _____ () C:\Users\Christel\Downloads\9eu6hu1q.exe
2014-03-24 19:10 - 2014-03-24 19:10 - 00040567 _____ () C:\Users\Christel\Desktop\Addition.txt
2014-03-24 19:09 - 2014-03-24 19:09 - 00044947 _____ () C:\Users\Christel\Desktop\FRST.txt
2014-03-24 19:02 - 2014-03-24 19:02 - 00040567 _____ () C:\Users\Christel\Downloads\Addition.txt
2014-03-24 19:00 - 2014-03-24 19:00 - 02157056 _____ (Farbar) C:\Users\Christel\Downloads\FRST64.exe
2014-03-24 18:58 - 2014-03-24 18:54 - 00000478 _____ () C:\Users\Christel\Downloads\defogger_disable.log
2014-03-24 18:57 - 2014-03-24 18:57 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger(1).exe
2014-03-24 18:54 - 2014-03-24 18:54 - 00000000 _____ () C:\Users\Christel\defogger_reenable
2014-03-24 18:53 - 2014-03-24 18:53 - 00050477 _____ () C:\Users\Christel\Downloads\Defogger.exe
2014-03-24 17:44 - 2014-02-17 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 17:44 - 2012-01-03 22:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-24 17:42 - 2014-03-24 17:41 - 25032080 _____ (Mozilla) C:\Users\Vollzugriff\Downloads\Firefox_Setup_de28.0.exe
2014-03-24 17:40 - 2014-03-24 17:40 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Macromedia
2014-03-24 17:25 - 2014-03-24 17:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 11:37 - 2014-01-10 12:38 - 00003364 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Vollzugriff\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\UpdatusUser\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Christel\Desktop\Avira System Speedup.lnk
2014-03-24 11:37 - 2014-01-10 12:38 - 00001317 _____ () C:\Users\Bernd\Desktop\Avira System Speedup.lnk
2014-03-24 11:35 - 2014-03-24 11:35 - 02659240 _____ () C:\Users\Christel\Downloads\avira_speedup_internetsecuritysuite(1).exe
2014-03-24 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-24 11:17 - 2011-06-18 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-24 11:16 - 2011-09-07 18:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-23 17:55 - 2014-03-23 17:55 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-23 17:55 - 2014-03-23 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 17:53 - 2014-03-23 17:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Christel\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 17:35 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\AviraSpeedup
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Avira
2014-03-23 17:33 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\TuneUp Software
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Mozilla
2014-03-23 17:30 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Mozilla
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Thunderbird
2014-03-23 17:29 - 2014-03-23 17:29 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Local\Thunderbird
2014-03-23 17:28 - 2014-03-23 17:28 - 00182320 _____ () C:\Users\Vollzugriff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 17:28 - 2014-03-23 17:28 - 00000000 ____D () C:\Users\Vollzugriff\AppData\Roaming\Adobe
2014-03-23 17:28 - 2010-09-10 17:05 - 00001425 _____ () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 17:28 - 2010-09-10 17:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 17:28 - 2010-09-10 17:05 - 00000000 ___RD () C:\Users\Vollzugriff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-23 00:51 - 2011-04-20 15:00 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\TuneUp Software
2014-03-23 00:50 - 2010-07-07 19:14 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Mozilla
2014-03-23 00:44 - 2010-06-27 21:37 - 00001425 _____ () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 00:44 - 2010-06-27 21:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 00:44 - 2010-06-27 21:37 - 00000000 ___RD () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 14:06 - 2013-06-27 19:17 - 00003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-21 14:05 - 2012-09-30 18:02 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-20 21:09 - 2010-06-13 18:46 - 00001793 _____ () C:\Users\Christel\Desktop\XnView.lnk
2014-03-20 21:09 - 2010-06-13 18:40 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-03-20 21:08 - 2014-03-20 21:08 - 15215464 _____ (Gougelet Pierre-e ) C:\Users\Christel\Downloads\XnView-win-full_2.20.exe
2014-03-20 19:57 - 2014-03-19 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-20 15:44 - 2013-11-04 20:16 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-03-20 15:44 - 2013-11-04 20:16 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-03-20 15:44 - 2013-10-19 18:38 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-03-20 15:44 - 2013-10-19 18:38 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-03-20 15:44 - 2013-10-19 18:38 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-03-19 22:59 - 2013-08-14 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 22:58 - 2010-07-07 18:49 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 18:58 - 2009-07-14 06:45 - 00560312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 18:56 - 2013-03-13 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 10:04 - 2013-03-13 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 21:32 - 2012-03-23 22:01 - 00000000 ____D () C:\Users\Christel\AppData\Roaming\Skype
2014-03-11 21:13 - 2014-03-01 18:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:13 - 2014-03-01 18:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:13 - 2014-03-01 18:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:54 - 2014-03-11 20:54 - 00000000 ____D () C:\Users\Christel\AppData\Local\Skype
2014-03-11 20:54 - 2012-09-13 17:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 20:54 - 2012-09-13 17:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 20:54 - 2012-03-23 22:01 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 22:51 - 2012-06-24 18:46 - 00000000 ____D () C:\Users\Christel\.gimp-2.8
2014-03-10 22:43 - 2014-03-10 22:43 - 00005292 _____ () C:\Users\Christel\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Bernd\AppData\Local\Temp\avgnt.exe
C:\Users\Christel\AppData\Local\Temp\avgnt.exe
C:\Users\Christel\AppData\Local\Temp\Quarantine.exe
C:\Users\Vollzugriff\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 21:04
==================== End Of Log ============================
|
|
02.04.2014, 13:29
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: ADWARE/Install Core Gen7 gefunden Java updaten. Die Quarantäne kannste löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2014, 17:12
| #11 |
| |  Windows 7: ADWARE/Install Core Gen7 gefunden Hallo Schrauber, habe alles erledigt und alles läuft prima. War 'ne Menge Neuland für einen Laien wie mich. Hab dadurch wieder was dazu gelernt. Dank deiner Hilfe ging auch alles prima. Vielen herzlichen Dank!  Auch vielen herzlichen Dank für die vielen nützlichen Tipps. Viele Grüße lausi7 |
|
04.04.2014, 11:37
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: ADWARE/Install Core Gen7 gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: ADWARE/Install Core Gen7 gefunden |
| abelssoft, adware/installcore.gen7, appl/browsefox.kmz, avg security toolbar, avira, benutzerdaten, desktop, dvdvideosoft ltd., firefox, firefox 28.0, google, hdd0(c:, iexplore.exe, install.exe, newtab, programm, pup.optional.alexatb.a, pup.optional.browsefox.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.rightsurf.a, secure search, security, svchost.exe, symantec, vista, vtoolbarupdater |
Linear-Darstellung
