| |
| |||||||
Log-Analyse und Auswertung: Facebook - Script antwortet nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.06.2014, 19:26
| #1 |
| |  Facebook - Script antwortet nicht mehr Hallo , ich habe seit Sonntag dieses Problem bei Facebook und zwar ging es um ein update was ich machen sollte , ich habs getan und dann gesehen das das was völlig anderes war und habe das alles wieder deinstalliert , es kann durchaus sein das dabei etwas mit weggekommen ist was ich noch brauche. Da ich weder im englischen noch im PC technischen bewandert bin weiss ich nicht weiter. Ich habe Windows7 Ultimate , habe logs gemacht wie es hier in der anleitung stand , kann aber nicht versprechen ob das alles richtig ist. defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:04 on 24/06/2014 (luna) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by luna (administrator) on LUNA-PC on 24-06-2014 19:06:58 Running from C:\Users\luna\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe (Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe () C:\Program Files\Mega Browse\updateMegaBrowse.exe (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe () C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe () C:\Users\luna\AppData\Local\Temp\is-88QTT.tmp\ashampoo_winoptimizer_2014_1.0.0_15399.tmp (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe () C:\Users\luna\AppData\Local\Temp\is-EJ35J.tmp\ashampoo_winoptimizer_2014_1.0.0_15399.tmp (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-26] (Check Point Software Technologies LTD) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [BrowserSafeguard] => C:\Program Files\Browsersafeguard\BrowserSafeguard.exe [363008 2014-06-22] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\S-1-5-21-1244560251-4054863525-2374536600-1001\...\Run: [Facebook Update] => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-28] (Facebook Inc.) HKU\S-1-5-21-1244560251-4054863525-2374536600-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49295;https=127.0.0.1:49295 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAW6xtTWEWOQRDzYDFbD41leb4qjvKu0jXxOuEW27NVKnhUDs2pl8uCcwIyfZqtPq0aAA8Pqp1bfrEK39LomWmh5OK kAQrKO9kRhM27zX4xpWiG_Deo5UAOLSAmgWpZjA,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA57F7C0D0AAACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAW6xtTWEWOQRDzYDFbD41leb4qjvKu0jXxOuEW27NVKnhUDs2pl8uCcwIyfZqtPq0aAA8Pqp1bfrEK39LomWmh5OK kAQrKO9kRhM27zX4xpWiG_Deo5UAOLSAmgWpZjA,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0yekHYbpITWaBZDs-3X_Ihhua-8r6E2t0LFMS6m-cZ9QTGTlQqddVaAI9VbyV2OzcuHB_nCNiY15M_uP5OGqfjaSMCzzgRwRNyjIZiVhvGx0BCiFlGmL2Rpm5gXAjnVg,,&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAW6xtTWEWOQRDzYDFbD41leb4qjvKu0jXxOuEW27NVKnhUDs2pl8uCcwIyfZqtPq0aAA8Pqp1bfrEK39LomWmh5OK kAQrKO9kRhM27zX4xpWiG_Deo5UAOLSAmgWpZjA,,&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=20D30025229A3157&affID=127690&tsp=5186 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403458490&from=adks&uid=395049983_1052515_20D3FB32&q={searchTerms} BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD) BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: sweet-page FF SearchEngineOrder.1: Amazon FF SelectedSearchEngine: sweet-page FF Homepage: about:home FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ff-21&tbrId=v1_abb-channel-23_24e47b777a1f4256a673316dfbc01e20_39_1006_20140622_DE_ff_ab_sbinstall3&query= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\luna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\buenosearch.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Fast Start - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\faststartff@gmail.com [2014-06-22] FF Extension: WOT - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: Ghostery - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\firefox@ghostery.com.xpi [2013-08-03] FF Extension: GMX MailCheck - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\toolbar@gmx.net.xpi [2013-03-21] FF Extension: ImTranslator - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-11-01] FF Extension: Adblock Plus - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17] FF Extension: QuickJava - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-01-17] FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-11-24] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\extensions\faststartff@gmail.com FF Extension: Fast Start - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\extensions\faststartff@gmail.com [2014-06-22] Chrome: ======= CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=20D30025229A3157&affID=127690&tsp=5186 CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=20D30025229A3157&affID=127690&tsp=5186", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0yekHYbpITWaBZDs-3X_Ihhua-8r6E2t0LFMS6m-cZ9QTGTlQqddVaAI9VbyV2OzciX4Oi8baVn1UlJfFnUMJ1PQi47ufGehsUFtJyHujYIOPa0N-FLel9qzjAIE72rg,," CHR Extension: (Buenosearch Toolbar) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-03-14] CHR Extension: (Google Docs) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-21] CHR Extension: (Google Drive) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21] CHR Extension: (YouTube) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21] CHR Extension: (Google-Suche) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21] CHR Extension: (Google Wallet) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21] CHR Extension: (Google Mail) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR) R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed] R2 Update Mega Browse; C:\Program Files\Mega Browse\updateMegaBrowse.exe [112416 2014-03-14] () R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-26] (Check Point Software Technologies LTD) R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED) R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-01-17] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14080 2013-10-24] (<Glarysoft Ltd>) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-11-15] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [589144 2013-02-21] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-17] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-02] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458776 2013-10-23] (Check Point Software Technologies LTD) U3 DfSdkS; U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-02-21] (Kaspersky Lab) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-24 19:06 - 2014-06-24 19:08 - 00018460 _____ () C:\Users\luna\Downloads\FRST.txt 2014-06-24 19:06 - 2014-06-24 19:07 - 00000000 ____D () C:\FRST 2014-06-24 19:06 - 2014-06-24 19:06 - 01073152 _____ (Farbar) C:\Users\luna\Downloads\FRST.exe 2014-06-24 19:04 - 2014-06-24 19:04 - 00000470 _____ () C:\Users\luna\Downloads\defogger_disable.log 2014-06-24 19:04 - 2014-06-24 19:04 - 00000000 _____ () C:\Users\luna\defogger_reenable 2014-06-24 18:57 - 2014-06-24 18:57 - 00050477 _____ () C:\Users\luna\Downloads\Defogger.exe 2014-06-24 18:25 - 2014-06-24 18:25 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-24 18:24 - 2014-06-24 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\Program Files\Java 2014-06-24 18:20 - 2014-06-24 18:20 - 00918952 _____ (Oracle Corporation) C:\Users\luna\Downloads\jxpiinstall.exe 2014-06-24 17:41 - 2014-06-24 17:41 - 00002232 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung.lnk 2014-06-24 17:41 - 2014-06-24 17:41 - 00001214 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk 2014-06-24 17:41 - 2014-06-24 17:41 - 00000396 _____ () C:\Windows\Tasks\One-Click Optimizer.job 2014-06-24 17:41 - 2014-06-24 17:41 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url 2014-06-24 17:41 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe 2014-06-24 17:37 - 2014-06-24 17:37 - 27662792 _____ (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe 2014-06-23 12:35 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll 2014-06-23 12:35 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin 2014-06-23 07:37 - 2014-06-23 07:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-23 07:37 - 2014-06-23 07:37 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-06-23 07:35 - 2014-06-23 07:36 - 00000000 ____D () C:\ProgramData\Adobe 2014-06-22 19:38 - 2014-06-22 20:12 - 00000000 ____D () C:\Program Files\Advanced System Protector 2014-06-22 19:37 - 2014-06-22 21:32 - 00000000 ____D () C:\Users\luna\AppData\Roaming\systweak 2014-06-22 19:37 - 2013-12-13 17:53 - 00017496 _____ (System Speedup) C:\Windows\system32\roboot.exe 2014-06-22 19:36 - 2014-06-22 19:36 - 00000000 ____D () C:\Program Files\003 2014-06-22 19:35 - 2014-06-23 12:16 - 00000000 ____D () C:\ProgramData\WindowsProtectManger 2014-06-22 19:35 - 2014-06-23 12:16 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-22 19:35 - 2014-06-23 12:16 - 00000000 ____D () C:\Program Files\SupTab 2014-06-22 19:35 - 2014-06-23 12:16 - 00000000 ____D () C:\Program Files\Browsersafeguard 2014-06-22 19:35 - 2014-06-22 19:35 - 00000000 ____D () C:\Users\luna\AppData\Roaming\SupTab 2014-06-19 06:09 - 2014-06-19 06:09 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-18 11:42 - 2014-06-18 11:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-11 23:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 23:22 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 23:22 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 23:22 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 23:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 23:22 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 23:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 23:22 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 23:22 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 23:22 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 23:22 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 23:22 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 23:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 23:22 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 23:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 23:22 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 23:22 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 23:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 23:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 23:22 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 23:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 23:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 23:22 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 23:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 23:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 23:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 23:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 23:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 23:21 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 23:21 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 23:21 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-11 23:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 23:21 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 23:21 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 23:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 23:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 23:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 23:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-06-24 19:08 - 2014-06-24 19:06 - 00018460 _____ () C:\Users\luna\Downloads\FRST.txt 2014-06-24 19:07 - 2014-06-24 19:06 - 00000000 ____D () C:\FRST 2014-06-24 19:06 - 2014-06-24 19:06 - 01073152 _____ (Farbar) C:\Users\luna\Downloads\FRST.exe 2014-06-24 19:04 - 2014-06-24 19:04 - 00000470 _____ () C:\Users\luna\Downloads\defogger_disable.log 2014-06-24 19:04 - 2014-06-24 19:04 - 00000000 _____ () C:\Users\luna\defogger_reenable 2014-06-24 19:04 - 2012-10-14 14:17 - 00000000 ____D () C:\Users\luna 2014-06-24 18:57 - 2014-06-24 18:57 - 00050477 _____ () C:\Users\luna\Downloads\Defogger.exe 2014-06-24 18:55 - 2013-04-02 21:42 - 00000000 ____D () C:\Users\luna\AppData\Roaming\Skype 2014-06-24 18:25 - 2014-06-24 18:25 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-24 18:25 - 2014-03-14 08:34 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-24 18:24 - 2014-06-24 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-06-24 18:24 - 2014-06-24 18:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\Program Files\Java 2014-06-24 18:20 - 2014-06-24 18:20 - 00918952 _____ (Oracle Corporation) C:\Users\luna\Downloads\jxpiinstall.exe 2014-06-24 18:17 - 2013-01-10 23:41 - 00000000 ____D () C:\Program Files\JDownloader 2014-06-24 18:10 - 2013-11-04 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-24 17:45 - 2012-10-14 14:51 - 00000000 ____D () C:\Windows\Panther 2014-06-24 17:41 - 2014-06-24 17:41 - 00002232 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung.lnk 2014-06-24 17:41 - 2014-06-24 17:41 - 00001214 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk 2014-06-24 17:41 - 2014-06-24 17:41 - 00000396 _____ () C:\Windows\Tasks\One-Click Optimizer.job 2014-06-24 17:41 - 2014-06-24 17:41 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url 2014-06-24 17:41 - 2013-04-15 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-06-24 17:41 - 2013-04-15 15:40 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-06-24 17:41 - 2013-04-15 15:40 - 00000000 ____D () C:\Program Files\Ashampoo 2014-06-24 17:40 - 2013-11-28 00:35 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001UA.job 2014-06-24 17:37 - 2014-06-24 17:37 - 27662792 _____ (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe 2014-06-24 16:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2014-06-24 11:56 - 2013-01-17 18:22 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-24 10:39 - 2012-10-14 13:54 - 01680882 _____ () C:\Windows\WindowsUpdate.log 2014-06-24 05:55 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-24 05:55 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-24 05:54 - 2013-10-30 07:45 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 3.job 2014-06-24 05:54 - 2013-01-17 18:03 - 00000312 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-06-24 05:48 - 2013-03-19 14:03 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-24 05:48 - 2012-11-13 17:53 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-24 05:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 12:16 - 2014-06-22 19:35 - 00000000 ____D () C:\ProgramData\WindowsProtectManger 2014-06-23 12:16 - 2014-06-22 19:35 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-23 12:16 - 2014-06-22 19:35 - 00000000 ____D () C:\Program Files\SupTab 2014-06-23 12:16 - 2014-06-22 19:35 - 00000000 ____D () C:\Program Files\Browsersafeguard 2014-06-23 12:16 - 2013-01-17 18:03 - 00000000 ____D () C:\Program Files\Glary Utilities 2014-06-23 12:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-06-23 10:41 - 2012-10-14 14:23 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-23 07:37 - 2014-06-23 07:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-23 07:37 - 2014-06-23 07:37 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-06-23 07:36 - 2014-06-23 07:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-06-23 07:36 - 2012-12-30 12:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-06-23 07:36 - 2012-12-30 12:51 - 00000000 ____D () C:\Program Files\Adobe 2014-06-22 21:32 - 2014-06-22 19:37 - 00000000 ____D () C:\Users\luna\AppData\Roaming\systweak 2014-06-22 20:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-06-22 20:12 - 2014-06-22 19:38 - 00000000 ____D () C:\Program Files\Advanced System Protector 2014-06-22 20:10 - 2013-12-31 22:46 - 00000000 ____D () C:\Users\luna\Desktop\stundenspiele 2014-06-22 19:36 - 2014-06-22 19:36 - 00000000 ____D () C:\Program Files\003 2014-06-22 19:35 - 2014-06-22 19:35 - 00000000 ____D () C:\Users\luna\AppData\Roaming\SupTab 2014-06-21 23:40 - 2013-11-28 00:35 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001Core.job 2014-06-19 06:09 - 2014-06-19 06:09 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-19 06:09 - 2014-03-22 13:07 - 00000000 ___RD () C:\Program Files\Skype 2014-06-19 06:09 - 2013-04-02 21:41 - 00000000 ____D () C:\ProgramData\Skype 2014-06-19 06:05 - 2012-10-14 15:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-18 11:42 - 2014-06-18 11:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-14 15:46 - 2013-01-12 13:41 - 00000000 ____D () C:\Windows\rescache 2014-06-13 08:16 - 2013-11-04 14:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-13 08:16 - 2013-11-04 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-12 09:34 - 2014-05-07 00:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-12 00:13 - 2013-08-14 23:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 00:11 - 2012-10-17 16:00 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-08 10:48 - 2014-06-11 23:21 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-11 23:21 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-30 11:18 - 2014-06-11 23:22 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 11:02 - 2014-06-11 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 11:02 - 2014-06-11 23:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 10:44 - 2014-06-11 23:22 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 10:43 - 2014-06-11 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 10:42 - 2014-06-11 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-11 23:22 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 10:34 - 2014-06-11 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 10:33 - 2014-06-11 23:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 10:30 - 2014-06-11 23:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 10:28 - 2014-06-11 23:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 10:28 - 2014-06-11 23:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 10:27 - 2014-06-11 23:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 10:21 - 2014-06-11 23:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 10:16 - 2014-06-11 23:22 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 10:10 - 2014-06-11 23:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-11 23:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:04 - 2014-06-11 23:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:02 - 2014-06-11 23:22 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 09:57 - 2014-06-11 23:22 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 09:56 - 2014-06-11 23:22 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 09:54 - 2014-06-11 23:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 09:50 - 2014-06-11 23:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-11 23:22 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 09:40 - 2014-06-11 23:22 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:21 - 2014-06-11 23:22 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:15 - 2014-06-11 23:22 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:13 - 2014-06-11 23:22 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\luna\AppData\Local\Temp\avgnt.exe C:\Users\luna\AppData\Local\Temp\i4jdel0.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 09:50 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014 Ran by luna at 2014-06-24 19:08:19 Running from C:\Users\luna\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.444 - Avira) BrowserSafeguard with RocketTab (HKLM\...\BrowserSafeguard) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Wikinger (HKCU\...\Wikinger) (Version: - ) WindowsProtectManger20.0.0.401 (HKLM\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION ==================== Restore Points ========================= 19-06-2014 07:58:01 Geplanter Prüfpunkt 22-06-2014 17:41:28 System Speedup So, Jun 22, 14 19:41 23-06-2014 10:10:28 Wiederherstellungsvorgang 23-06-2014 10:26:44 22.06.2014 12:00 23-06-2014 10:34:32 Windows Update 24-06-2014 16:22:30 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0348B580-DA5B-43C4-8064-0AE89073FE32} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-03-29] (Glarysoft Ltd) Task: {1EFD9445-3BF0-4C57-9257-845FBFEF765E} - System32\Tasks\{8F35EB5B-8989-485F-B358-69C273F9893F} => C:\Users\luna\Downloads\jDownloaderWebInstaller09581.exe Task: {1F0A2A77-6A94-4BC4-83E2-9B09458F3321} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {2861992A-AAF2-404E-BB6C-C8126B4A10AA} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-06-22] () <==== ATTENTION Task: {4D5CF9A6-BFCD-4571-A039-CE0847329E5D} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2013-12-18] (Ashampoo Development GmbH & Co. KG) Task: {72E755DD-703D-4D68-8BCB-B78A13D00730} - System32\Tasks\{06D149A8-27E3-4663-A3BF-EF4323F613C4} => C:\Users\luna\Downloads\jDownloaderWebInstaller09581.exe Task: {8CC687DF-623D-4E89-AE36-1B08D98A40FB} - System32\Tasks\{19EA6AD3-9C52-4B14-A69F-E6CE520B9CEB} => C:\Program Files\JDownloader\JDownloader.exe Task: {9BE1CD19-280B-48C8-BE76-D5FC60FAF88E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001Core => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.) Task: {A37074C7-64F2-4383-9E16-ADC0D1043D0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13] (Adobe Systems Incorporated) Task: {E68A3401-F13A-406D-ABC3-B4EBA9B597C3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F0F8536A-9CE3-4CA7-A424-68163460CAE5} - System32\Tasks\GlaryInitialize 3 => C:\Program Files\Glary Utilities 3\Initialize.exe Task: {F281CB90-E3B5-4000-BCF4-EC0F3B6A3813} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001UA => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001Core.job => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001UA.job => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files\Glary Utilities 3\Initialize.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-14 03:30 - 2014-03-14 03:30 - 00112416 _____ () C:\Program Files\Mega Browse\updateMegaBrowse.exe 2013-04-02 18:52 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll 2014-06-22 19:35 - 2014-06-22 19:35 - 00363008 _____ () C:\Program Files\Browsersafeguard\BrowserSafeguard.exe 2014-06-24 17:39 - 2014-06-24 17:39 - 01267728 _____ () C:\Users\luna\AppData\Local\Temp\is-88QTT.tmp\ashampoo_winoptimizer_2014_1.0.0_15399.tmp 2014-06-24 17:39 - 2014-06-24 17:39 - 01267728 _____ () C:\Users\luna\AppData\Local\Temp\is-EJ35J.tmp\ashampoo_winoptimizer_2014_1.0.0_15399.tmp 2014-06-18 11:42 - 2014-06-18 11:42 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-06-13 08:16 - 2014-06-13 08:16 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:036AA5DD AlternateDataStreams: C:\ProgramData\TEMP:041ED421 AlternateDataStreams: C:\ProgramData\TEMP:097C4B7D AlternateDataStreams: C:\ProgramData\TEMP:099BA123 AlternateDataStreams: C:\ProgramData\TEMP:0A701F26 AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47 AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6 AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1 AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC AlternateDataStreams: C:\ProgramData\TEMP:1EC13383 AlternateDataStreams: C:\ProgramData\TEMP:27974442 AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0 AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 AlternateDataStreams: C:\ProgramData\TEMP:386B39C3 AlternateDataStreams: C:\ProgramData\TEMP:394EB021 AlternateDataStreams: C:\ProgramData\TEMP:3B622E21 AlternateDataStreams: C:\ProgramData\TEMP:3B633DE9 AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365 AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87 AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 AlternateDataStreams: C:\ProgramData\TEMP:41CB6858 AlternateDataStreams: C:\ProgramData\TEMP:432EC713 AlternateDataStreams: C:\ProgramData\TEMP:498B5975 AlternateDataStreams: C:\ProgramData\TEMP:4B7C28B1 AlternateDataStreams: C:\ProgramData\TEMP:4EE95FE7 AlternateDataStreams: C:\ProgramData\TEMP:52641FBE AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6 AlternateDataStreams: C:\ProgramData\TEMP:5607B58C AlternateDataStreams: C:\ProgramData\TEMP:5C3ED5BB AlternateDataStreams: C:\ProgramData\TEMP:5CB83528 AlternateDataStreams: C:\ProgramData\TEMP:5FA9655E AlternateDataStreams: C:\ProgramData\TEMP:5FC043A8 AlternateDataStreams: C:\ProgramData\TEMP:61FEC5E3 AlternateDataStreams: C:\ProgramData\TEMP:623BF0B1 AlternateDataStreams: C:\ProgramData\TEMP:623E564B AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 AlternateDataStreams: C:\ProgramData\TEMP:66C764F5 AlternateDataStreams: C:\ProgramData\TEMP:67396145 AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 AlternateDataStreams: C:\ProgramData\TEMP:6D65CED0 AlternateDataStreams: C:\ProgramData\TEMP:6DD124E2 AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 AlternateDataStreams: C:\ProgramData\TEMP:7254CF01 AlternateDataStreams: C:\ProgramData\TEMP:72E5CC07 AlternateDataStreams: C:\ProgramData\TEMP:754E278B AlternateDataStreams: C:\ProgramData\TEMP:75765D7B AlternateDataStreams: C:\ProgramData\TEMP:77B64C59 AlternateDataStreams: C:\ProgramData\TEMP:79A7F369 AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871 AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C AlternateDataStreams: C:\ProgramData\TEMP:7D938C9B AlternateDataStreams: C:\ProgramData\TEMP:7EB93F0E AlternateDataStreams: C:\ProgramData\TEMP:834DD57E AlternateDataStreams: C:\ProgramData\TEMP:8751B175 AlternateDataStreams: C:\ProgramData\TEMP:87731E5E AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3 AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048 AlternateDataStreams: C:\ProgramData\TEMP:902C848D AlternateDataStreams: C:\ProgramData\TEMP:9F3CEEE6 AlternateDataStreams: C:\ProgramData\TEMP:A02025CE AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA AlternateDataStreams: C:\ProgramData\TEMP:A8185163 AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3 AlternateDataStreams: C:\ProgramData\TEMP:AABCC5A7 AlternateDataStreams: C:\ProgramData\TEMP:ABBFFEA2 AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E AlternateDataStreams: C:\ProgramData\TEMP:AED33A42 AlternateDataStreams: C:\ProgramData\TEMP:B01EC114 AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69 AlternateDataStreams: C:\ProgramData\TEMP:B33464A5 AlternateDataStreams: C:\ProgramData\TEMP:B3606FCC AlternateDataStreams: C:\ProgramData\TEMP:B36361EE AlternateDataStreams: C:\ProgramData\TEMP:B4F7687B AlternateDataStreams: C:\ProgramData\TEMP:B522B91B AlternateDataStreams: C:\ProgramData\TEMP:B65E763D AlternateDataStreams: C:\ProgramData\TEMP:B961095A AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 AlternateDataStreams: C:\ProgramData\TEMP  01ACC06AlternateDataStreams: C:\ProgramData\TEMP 64DD961AlternateDataStreams: C:\ProgramData\TEMP 8A1AC56AlternateDataStreams: C:\ProgramData\TEMP 8F64D5AAlternateDataStreams: C:\ProgramData\TEMP B77E2C4AlternateDataStreams: C:\ProgramData\TEMP C9915D2AlternateDataStreams: C:\ProgramData\TEMP:E2295807 AlternateDataStreams: C:\ProgramData\TEMP:E4996D81 AlternateDataStreams: C:\ProgramData\TEMP:E690114B AlternateDataStreams: C:\ProgramData\TEMP:E94FA418 AlternateDataStreams: C:\ProgramData\TEMP:E96A2658 AlternateDataStreams: C:\ProgramData\TEMP:EC855C73 AlternateDataStreams: C:\ProgramData\TEMP:F135A76C AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD AlternateDataStreams: C:\ProgramData\TEMP:F39FAB77 AlternateDataStreams: C:\ProgramData\TEMP:F4362715 AlternateDataStreams: C:\ProgramData\TEMP:F52DB269 AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/24/2014 05:43:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WO2014.exe, Version: 10.0.0.0, Zeitstempel: 0x52b19d7b Name des fehlerhaften Moduls: WO2014.exe, Version: 10.0.0.0, Zeitstempel: 0x52b19d7b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006c6a ID des fehlerhaften Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0xWO2014.exe0 Pfad der fehlerhaften Anwendung: WO2014.exe1 Pfad des fehlerhaften Moduls: WO2014.exe2 Berichtskennung: WO2014.exe3 Error: (06/24/2014 05:43:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WO2014.exe, Version: 10.0.0.0, Zeitstempel: 0x52b19d7b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6 Ausnahmecode: 0x80000003 Fehleroffset: 0x0003492e ID des fehlerhaften Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0xWO2014.exe0 Pfad der fehlerhaften Anwendung: WO2014.exe1 Pfad des fehlerhaften Moduls: WO2014.exe2 Berichtskennung: WO2014.exe3 Error: (06/24/2014 05:41:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ashampoo_winoptimizer_2014_1.0.0_15399.tmp, Version: 51.1052.0.0, Zeitstempel: 0x5073e4d7 Name des fehlerhaften Moduls: webbrowser.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ff22ae9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x036a5f00 ID des fehlerhaften Prozesses: 0x116c Startzeit der fehlerhaften Anwendung: 0xashampoo_winoptimizer_2014_1.0.0_15399.tmp0 Pfad der fehlerhaften Anwendung: ashampoo_winoptimizer_2014_1.0.0_15399.tmp1 Pfad des fehlerhaften Moduls: ashampoo_winoptimizer_2014_1.0.0_15399.tmp2 Berichtskennung: ashampoo_winoptimizer_2014_1.0.0_15399.tmp3 Error: (06/24/2014 10:09:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x1614 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/23/2014 00:17:39 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005. Error: (06/22/2014 08:20:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x1408 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/22/2014 08:13:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x12a4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/22/2014 07:41:19 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9ba59245-75c5-4de4-9f47-2cb1ca783c9b} Error: (06/22/2014 07:34:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x4f0 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/22/2014 07:00:25 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" System errors: ============= Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 06:26:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 46. Error: (06/24/2014 10:25:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error: (06/24/2014 10:25:08 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT) Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error: (06/24/2014 10:25:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error: (06/24/2014 10:25:08 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT) Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Microsoft Office Sessions: ========================= Error: (06/24/2014 05:43:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WO2014.exe10.0.0.052b19d7bWO2014.exe10.0.0.052b19d7bc000000500006c6ac6c01cf8fc2e400d43fC:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exeC:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe39e03c31-fbb6-11e3-a20e-0025229a3157 Error: (06/24/2014 05:43:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WO2014.exe10.0.0.052b19d7bKERNELBASE.dll6.1.7601.18409531599f6800000030003492ec6c01cf8fc2e400d43fC:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exeC:\Windows\system32\KERNELBASE.dll38b33b4e-fbb6-11e3-a20e-0025229a3157 Error: (06/24/2014 05:41:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ashampoo_winoptimizer_2014_1.0.0_15399.tmp51.1052.0.05073e4d7webbrowser.dll_unloaded0.0.0.04ff22ae9c0000005036a5f00116c01cf8fc27eec37b5C:\Users\luna\A ppData\Local\Temp\is-EJ35J.tmp\ashampoo_winoptimizer_2014_1.0.0_15399.tmpwebbrowser.dll11cfc410-fbb6-11e3-a20e-0025229a3157 Error: (06/24/2014 10:09:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b161401cf8f7b6c53085eC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllccad5c96-fb76-11e3-a20e-0025229a3157 Error: (06/23/2014 00:17:39 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Geplanter Prüfpunkt0x80070005 Error: (06/22/2014 08:20:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b140801cf8e464e207cf1C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllf5520224-fa39-11e3-b55c-0025229a3157 Error: (06/22/2014 08:13:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b12a401cf8e4168ee82c7C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllebc75ba8-fa38-11e3-b55c-0025229a3157 Error: (06/22/2014 07:41:19 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9ba59245-75c5-4de4-9f47-2cb1ca783c9b} Error: (06/22/2014 07:34:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b4f001cf8e3c3a396900C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll862a2418-fa33-11e3-b55c-0025229a3157 Error: (06/22/2014 07:00:25 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) ==================== Memory info =========================== Percentage of memory in use: 76% Total physical RAM: 1791.3 MB Available physical RAM: 426.36 MB Total Pagefile: 3582.61 MB Available Pagefile: 1537.82 MB Total Virtual: 2047.88 MB Available Virtual: 1890.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:107.32 GB) (Free:38.82 GB) NTFS Drive d: () (Fixed) (Total:358.34 GB) (Free:184.62 GB) NTFS Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 31753174) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=358 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-24 19:51:01 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000067 ST350041 rev.CC46 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\luna\AppData\Local\Temp\kxldapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8ECA9204] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x8F65C9C2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8F65D290] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8EC5D7CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8EC4598C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x8F65C418] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8EC45F04] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8F655C2C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8F677A8C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8EC45DEA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x8F65CF22] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x8F67178A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x8F671BB2] SSDT 8FB28EB6 ZwCreateSection SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8EC46024] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8ECAB506] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8ECAB746] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x8F672026] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x8F65D080] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8ECAB050] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8F65696C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8F679580] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8F678E32] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8EC459D0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x8F670568] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x8F6504F8] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8F67A012] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8F67A250] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8F67A702] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwMapViewOfSection [0x8F67C6B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8EC5B4AA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8EC45F9A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8F65651C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8EC45E7A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x8F673CA8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8ECAC31A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8EC460BA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x8F673896] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x8F688C6E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8EC46144] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8EC5B6B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8ECABD1C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x8F67B0EA] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8F67A9CC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8EC5D5B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8EC5D440] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8EC5D4F6] SSDT 8FB28EC0 ZwRequestWaitReplyPort SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8F67BB52] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8ECABA48] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x8F65C6E4] SSDT 8FB28EBB ZwSetContextThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8F656D78] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x8F688B32] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8EC461E6] SSDT 8FB28EC5 ZwSetSecurityObject SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x8F64FBC2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8F678552] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8ECAAD98] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8ECAB8F0] SSDT 8FB28ECA ZwSystemDebugControl SSDT 8FB28E57 ZwTerminateProcess SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8ECAB402] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x8F65094A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8ECAC482] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8ECAC1AC] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E8DA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC7212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82ECE46C 4 Bytes [04, 92, CA, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82ECE494 8 Bytes [C2, C9, 65, 8F, 90, D2, 65, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82ECE4D8 4 Bytes [CE, D7, C5, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82ECE504 4 Bytes [8C, 59, C4, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82ECE528 4 Bytes [18, C4, 65, 8F] .text ... .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x955D369D] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x955D9000, 0xBB22, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x955ED300, 0x1BEE, 0xE8000020] ---- EOF - GMER 2.1 ---- was ich schon ausprobiert habe , sind: Java neu installiert , cookies und cache werden regelmässig geleert , Browser und Pc neustarts , nichts hat geholfen Vielen Dank |
|
24.06.2014, 19:50
| #2 |
| /// the machine /// TB-Ausbilder    | Facebook - Script antwortet nicht mehr hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
26.06.2014, 11:23
| #3 |
| | Facebook - Script antwortet nicht mehrCode:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 26/06/2014 um 11:25:48
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : luna - LUNA-PC
# Gestartet von : C:\Users\luna\Downloads\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [52658 octets] - [09/11/2013 14:50:37]
AdwCleaner[R1].txt - [1683 octets] - [18/11/2013 16:46:32]
AdwCleaner[R2].txt - [1630 octets] - [23/11/2013 18:05:16]
AdwCleaner[R3].txt - [7207 octets] - [24/06/2014 21:55:37]
AdwCleaner[R4].txt - [1339 octets] - [24/06/2014 22:52:34]
AdwCleaner[R5].txt - [1399 octets] - [26/06/2014 11:23:43]
AdwCleaner[S0].txt - [19352 octets] - [09/11/2013 14:51:38]
AdwCleaner[S1].txt - [1563 octets] - [23/11/2013 18:06:27]
AdwCleaner[S2].txt - [7280 octets] - [24/06/2014 22:08:10]
AdwCleaner[S3].txt - [1320 octets] - [26/06/2014 11:25:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1380 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.06.2014 Suchlauf-Zeit: 11:46:00 Logdatei: malware.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.26.02 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: luna Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 244031 Verstrichene Zeit: 9 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-1244560251-4054863525-2374536600-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Löschen bei Neustart, [5fab225b3645f34334ddaefcc63c49b7], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by luna on 26.06.2014 at 12:14:58,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\luna\AppData\Roaming\mozilla\firefox\profiles\tsqciz2p.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2014 at 12:20:04,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by luna (administrator) on LUNA-PC on 26-06-2014 12:21:56
Running from C:\Users\luna\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-26] (Check Point Software Technologies LTD)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1244560251-4054863525-2374536600-1001\...\Run: [Facebook Update] => C:\Users\luna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-28] (Facebook Inc.)
HKU\S-1-5-21-1244560251-4054863525-2374536600-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49295;https=127.0.0.1:49295
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA57F7C0D0AAACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Amazon
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ff-21&tbrId=v1_abb-channel-23_24e47b777a1f4256a673316dfbc01e20_39_1006_20140622_DE_ff_ab_sbinstall3&query=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\luna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Ghostery - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: GMX MailCheck - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\toolbar@gmx.net.xpi [2013-03-21]
FF Extension: ImTranslator - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-11-01]
FF Extension: Adblock Plus - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17]
FF Extension: QuickJava - C:\Users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\tsqciz2p.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-01-17]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-11-24]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-21]
CHR Extension: (Google Drive) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (YouTube) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Google Search) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Google Wallet) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\luna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-26] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-01-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14080 2013-10-24] (<Glarysoft Ltd>)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-11-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [589144 2013-02-21] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458776 2013-10-23] (Check Point Software Technologies LTD)
U3 DfSdkS;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-02-21] (Kaspersky Lab)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 12:20 - 2014-06-26 12:20 - 00000750 _____ () C:\Users\luna\Desktop\JRT.txt
2014-06-24 22:27 - 2014-06-24 22:27 - 00033457 _____ () C:\Users\luna\Downloads\FRST1.txt
2014-06-24 22:18 - 2014-06-24 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 22:12 - 2014-06-24 22:12 - 01016261 _____ (Thisisu) C:\Users\luna\Downloads\JRT.exe
2014-06-24 21:54 - 2014-06-26 12:11 - 00001350 _____ () C:\malware.txt
2014-06-24 21:54 - 2014-06-24 21:54 - 01342659 _____ () C:\Users\luna\Downloads\adwcleaner_3.213.exe
2014-06-24 21:42 - 2014-06-26 12:01 - 00000392 _____ () C:\Windows\setupact.log
2014-06-24 21:42 - 2014-06-26 11:27 - 00073234 _____ () C:\Windows\PFRO.log
2014-06-24 21:42 - 2014-06-24 21:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 21:18 - 2014-06-26 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-24 21:18 - 2014-06-26 11:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-24 21:18 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-24 21:18 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-24 21:12 - 2014-06-24 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\luna\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-24 21:08 - 2014-06-26 11:39 - 00001226 _____ () C:\Users\luna\Desktop\Revo Uninstaller.lnk
2014-06-24 21:08 - 2014-06-26 11:39 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-24 21:07 - 2014-06-24 21:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\luna\Downloads\revosetup95.exe
2014-06-24 19:51 - 2014-06-24 19:51 - 00006703 _____ () C:\Users\luna\Downloads\log.log
2014-06-24 19:11 - 2014-06-24 19:12 - 00380416 _____ () C:\Users\luna\Downloads\Gmer-19357.exe
2014-06-24 19:08 - 2014-06-24 19:09 - 00024866 _____ () C:\Users\luna\Downloads\Addition.txt
2014-06-24 19:06 - 2014-06-26 12:22 - 00000000 ____D () C:\FRST
2014-06-24 19:06 - 2014-06-26 12:21 - 00012312 _____ () C:\Users\luna\Downloads\FRST.txt
2014-06-24 19:06 - 2014-06-24 19:06 - 01073152 _____ (Farbar) C:\Users\luna\Downloads\FRST.exe
2014-06-24 19:04 - 2014-06-24 19:04 - 00000470 _____ () C:\Users\luna\Downloads\defogger_disable.log
2014-06-24 19:04 - 2014-06-24 19:04 - 00000000 _____ () C:\Users\luna\defogger_reenable
2014-06-24 18:57 - 2014-06-24 18:57 - 00050477 _____ () C:\Users\luna\Downloads\Defogger.exe
2014-06-24 18:25 - 2014-06-24 18:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 18:24 - 2014-06-24 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\Program Files\Java
2014-06-24 18:20 - 2014-06-24 18:20 - 00918952 _____ (Oracle Corporation) C:\Users\luna\Downloads\jxpiinstall.exe
2014-06-24 17:41 - 2014-06-24 21:42 - 00000396 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-06-24 17:41 - 2014-06-24 17:41 - 00002232 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung.lnk
2014-06-24 17:41 - 2014-06-24 17:41 - 00001214 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk
2014-06-24 17:41 - 2014-06-24 17:41 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-06-24 17:41 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2014-06-24 17:37 - 2014-06-24 17:37 - 27662792 _____ (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe
2014-06-23 12:35 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-06-23 12:35 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-06-23 07:37 - 2014-06-23 07:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-23 07:37 - 2014-06-23 07:37 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-23 07:35 - 2014-06-23 07:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 06:09 - 2014-06-19 06:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 11:42 - 2014-06-18 11:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 23:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 23:22 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 23:22 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 23:22 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 23:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 23:22 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 23:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 23:22 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 23:22 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 23:22 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 23:22 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 23:22 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 23:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 23:22 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 23:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 23:22 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 23:22 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 23:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 23:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 23:22 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 23:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 23:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 23:22 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 23:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 23:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 23:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 23:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 23:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 23:21 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 23:21 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 23:21 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 23:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 23:21 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 23:21 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 23:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 23:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 23:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 23:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
==================== One Month Modified Files and Folders =======
2014-06-26 12:22 - 2014-06-24 19:06 - 00012312 _____ () C:\Users\luna\Downloads\FRST.txt
2014-06-26 12:22 - 2014-06-24 19:06 - 00000000 ____D () C:\FRST
2014-06-26 12:20 - 2014-06-26 12:20 - 00000750 _____ () C:\Users\luna\Desktop\JRT.txt
2014-06-26 12:18 - 2013-04-02 21:42 - 00000000 ____D () C:\Users\luna\AppData\Roaming\Skype
2014-06-26 12:11 - 2014-06-24 21:54 - 00001350 _____ () C:\malware.txt
2014-06-26 12:10 - 2013-11-04 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 12:09 - 2013-11-02 18:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-26 12:08 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 12:08 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 12:07 - 2013-10-30 07:45 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 3.job
2014-06-26 12:07 - 2013-01-17 18:03 - 00000312 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-06-26 12:01 - 2014-06-24 21:42 - 00000392 _____ () C:\Windows\setupact.log
2014-06-26 12:01 - 2013-03-19 14:03 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-26 12:01 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 12:00 - 2012-10-14 13:54 - 01764628 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 11:44 - 2014-06-24 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-26 11:44 - 2014-06-24 21:18 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-26 11:44 - 2013-11-01 14:30 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-26 11:40 - 2013-11-28 00:35 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001UA.job
2014-06-26 11:39 - 2014-06-24 21:08 - 00001226 _____ () C:\Users\luna\Desktop\Revo Uninstaller.lnk
2014-06-26 11:39 - 2014-06-24 21:08 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-26 11:27 - 2014-06-24 21:42 - 00073234 _____ () C:\Windows\PFRO.log
2014-06-26 11:26 - 2013-11-09 14:50 - 00000000 ____D () C:\AdwCleaner
2014-06-26 11:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-06-25 23:40 - 2013-11-28 00:35 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1244560251-4054863525-2374536600-1001Core.job
2014-06-24 22:27 - 2014-06-24 22:27 - 00033457 _____ () C:\Users\luna\Downloads\FRST1.txt
2014-06-24 22:18 - 2014-06-24 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 22:12 - 2014-06-24 22:12 - 01016261 _____ (Thisisu) C:\Users\luna\Downloads\JRT.exe
2014-06-24 21:54 - 2014-06-24 21:54 - 01342659 _____ () C:\Users\luna\Downloads\adwcleaner_3.213.exe
2014-06-24 21:42 - 2014-06-24 21:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 21:42 - 2014-06-24 17:41 - 00000396 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-06-24 21:18 - 2013-11-01 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 21:12 - 2014-06-24 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\luna\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-24 21:07 - 2014-06-24 21:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\luna\Downloads\revosetup95.exe
2014-06-24 19:51 - 2014-06-24 19:51 - 00006703 _____ () C:\Users\luna\Downloads\log.log
2014-06-24 19:12 - 2014-06-24 19:11 - 00380416 _____ () C:\Users\luna\Downloads\Gmer-19357.exe
2014-06-24 19:09 - 2014-06-24 19:08 - 00024866 _____ () C:\Users\luna\Downloads\Addition.txt
2014-06-24 19:06 - 2014-06-24 19:06 - 01073152 _____ (Farbar) C:\Users\luna\Downloads\FRST.exe
2014-06-24 19:04 - 2014-06-24 19:04 - 00000470 _____ () C:\Users\luna\Downloads\defogger_disable.log
2014-06-24 19:04 - 2014-06-24 19:04 - 00000000 _____ () C:\Users\luna\defogger_reenable
2014-06-24 19:04 - 2012-10-14 14:17 - 00000000 ____D () C:\Users\luna
2014-06-24 18:57 - 2014-06-24 18:57 - 00050477 _____ () C:\Users\luna\Downloads\Defogger.exe
2014-06-24 18:25 - 2014-06-24 18:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 18:25 - 2014-03-14 08:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-24 18:24 - 2014-06-24 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-24 18:24 - 2014-06-24 18:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 18:24 - 2014-06-24 18:24 - 00000000 ____D () C:\Program Files\Java
2014-06-24 18:20 - 2014-06-24 18:20 - 00918952 _____ (Oracle Corporation) C:\Users\luna\Downloads\jxpiinstall.exe
2014-06-24 18:17 - 2013-01-10 23:41 - 00000000 ____D () C:\Program Files\JDownloader
2014-06-24 17:45 - 2012-10-14 14:51 - 00000000 ____D () C:\Windows\Panther
2014-06-24 17:41 - 2014-06-24 17:41 - 00002232 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung.lnk
2014-06-24 17:41 - 2014-06-24 17:41 - 00001214 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk
2014-06-24 17:41 - 2014-06-24 17:41 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-06-24 17:41 - 2013-04-15 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-06-24 17:41 - 2013-04-15 15:40 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-06-24 17:41 - 2013-04-15 15:40 - 00000000 ____D () C:\Program Files\Ashampoo
2014-06-24 17:37 - 2014-06-24 17:37 - 27662792 _____ (Ashampoo GmbH & Co. KG ) C:\Users\luna\Downloads\ashampoo_winoptimizer_2014_1.0.0_15399.exe
2014-06-24 11:56 - 2013-01-17 18:22 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 05:48 - 2012-11-13 17:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 12:16 - 2013-01-17 18:03 - 00000000 ____D () C:\Program Files\Glary Utilities
2014-06-23 12:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-23 10:41 - 2012-10-14 14:23 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 07:37 - 2014-06-23 07:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-23 07:37 - 2014-06-23 07:37 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-23 07:36 - 2014-06-23 07:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-23 07:36 - 2012-12-30 12:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-23 07:36 - 2012-12-30 12:51 - 00000000 ____D () C:\Program Files\Adobe
2014-06-22 20:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-22 20:10 - 2013-12-31 22:46 - 00000000 ____D () C:\Users\luna\Desktop\stundenspiele
2014-06-19 06:09 - 2014-06-19 06:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 06:09 - 2014-03-22 13:07 - 00000000 ___RD () C:\Program Files\Skype
2014-06-19 06:09 - 2013-04-02 21:41 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 06:05 - 2012-10-14 15:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 11:42 - 2014-06-18 11:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 15:46 - 2013-01-12 13:41 - 00000000 ____D () C:\Windows\rescache
2014-06-13 08:16 - 2013-11-04 14:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 08:16 - 2013-11-04 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-12 09:34 - 2014-05-07 00:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 00:13 - 2013-08-14 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:11 - 2012-10-17 16:00 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 10:48 - 2014-06-11 23:21 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 23:21 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-30 11:18 - 2014-06-11 23:22 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-11 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-11 23:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-11 23:22 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-11 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-11 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 23:22 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-11 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 23:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-11 23:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-11 23:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-11 23:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-11 23:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-11 23:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-11 23:22 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 23:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 23:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-11 23:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 23:22 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-11 23:22 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-11 23:22 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-11 23:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 23:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 23:22 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-11 23:22 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-11 23:22 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-11 23:22 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-11 23:22 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\luna\AppData\Local\Temp\avgnt.exe
C:\Users\luna\AppData\Local\Temp\Quarantine.exe
C:\Users\luna\AppData\Local\Temp\System.Data.SQLite.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-19 09:50
==================== End Of Log ============================
--- --- --- |
|
27.06.2014, 07:16
| #4 |
| /// the machine /// TB-Ausbilder | Facebook - Script antwortet nicht mehrESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 09:09
| #5 |
| | Facebook - Script antwortet nicht mehr ja dieser eset-online-check will nicht starten , der erzählt mir irgendwas von proxy und update fehlgeschlagen |
|
28.06.2014, 12:47
| #6 |
| /// the machine /// TB-Ausbilder | Facebook - Script antwortet nicht mehr Lass ESET weg und mach nen Vollscan mit deinem AV Programm.
__________________ --> Facebook - Script antwortet nicht mehr |
|
| Themen zu Facebook - Script antwortet nicht mehr |
| antivir, association, avira, converter, desktop, fast start, firefox, flash player, homepage, kaspersky, newtab, object, port, problem, pup.optional.browsersafeguard.a, realtek, registry, rockettab, rundll, security, services.exe, software, svchost.exe, sweet-page, sweet-page entfernen, system, warnung, windows, windowsprotectmanger |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
