Vielen Dank für die schnelle Antwort!
Ich habe 2 Dateien, die sich mit dem Uninstaller im Modus Moderat nicht entfernen lassen. Einmal kann ich den Task, der mit ATTENTION gekennzeichnet ist, nicht finden und einmal bekomme ich eine Fehlermeldung, wenn ich Bitguard deinstallieren will.
Irgendwelche Ratschläge?
Ok, habe soweit alles durch und das ist das, was ich ausgespuckt bekommen habe...hoffe es hilft bei der Analyse.
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.03.2014
Suchlauf-Zeit: 12:13:23
Logdatei: mbam.txt
Administrator: Nein
Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Felix
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256352
Verstrichene Zeit: 32 Min, 10 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 11
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7e251deb4d2e7fb71280a794808234cc],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7e251deb4d2e7fb71280a794808234cc],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Löschen bei Neustart, [03a08880b4c77fb74f4311299b67ff01],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Löschen bei Neustart, [03a08880b4c77fb74f4311299b67ff01],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Löschen bei Neustart, [8320bf49c1bae74f405105354db5cc34],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Löschen bei Neustart, [8320bf49c1bae74f405105354db5cc34],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Löschen bei Neustart, [148ff216c9b2251114b19edcc73c03fd],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [5e45f90fbfbc70c63490accecd36a55b],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, Löschen bei Neustart, [564dfa0e80fbde58923bd5a61ae99a66],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Löschen bei Neustart, [abf8db2dccafff37b9155f1c7a892ad6],
PUP.Optional.BProtector.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [9f0413f50e6d162029f91f5f44bf5ba5],
Registrierungswerte: 2
PUP.BProtector, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.google.de/, Löschen bei Neustart, [bbe805038bf00630f0d680fa0df6e61a]
PUP.BProtector, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Löschen bei Neustart, [049fd335b4c7af87c7003b3f0201c33d]
Registrierungsdaten: 1
Rogue.InternetSecurityEssentials, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll, Gut: (), Schlecht: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll),Ersetzt,[6f348c7c5f1c3afc23a776dffe028b75]
Ordner: 7
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\B0D80AF6D8E444E692371ADDCC6B9A73, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\FD86FDAD12EC4814AA58D0B3230B4BC1, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Roaming\File Scout, In Quarantäne, [4d566b9d7ffc82b48ec5c48aa959ae52],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297265, In Quarantäne, [544f02069edd42f4862d70de9b673ec2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
Dateien: 64
Rogue.InternetSecurityEssentials, C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll, Löschen bei Neustart, [6f348c7c5f1c3afc23a776dffe028b75],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Roaming\OpenCandy\FD86FDAD12EC4814AA58D0B3230B4BC1\DeltaTB.exe, In Quarantäne, [edb627e1067537ff4608fc01748c748c],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Local\Temp\setup_fsu_cid.exe, In Quarantäne, [752e35d3c2b9a4920932728d48b8ea16],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\D1B5.tmp, In Quarantäne, [742fd632601b072fc090a47418e9ee12],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ECF.tmp, In Quarantäne, [03a01fe9e497a492a7a99583f809a060],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus49DB\CrxUpdater_d.exe, In Quarantäne, [762d97716714c96d9812d50509faa45c],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus4FCA\CrxUpdater_d.exe, In Quarantäne, [4b580efa80fb74c2565413c759aa3cc4],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus69C3\CrxUpdater_d.exe, In Quarantäne, [8122a0685a21171fe2c8f3e7a75ca858],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus6EDE\CrxUpdater_d.exe, In Quarantäne, [01a267a13447cf67f1b9b426649f1be5],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus9C32\CrxUpdater_d.exe, In Quarantäne, [386b8c7cc1bae056694105d51de6f40c],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busAAC\CrxUpdater_d.exe, In Quarantäne, [70339d6b304b52e484261bbf45beeb15],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busC564\CrxUpdater_d.exe, In Quarantäne, [c7dc7395a2d9f93dacfe2baf42c1eb15],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busC755\CrxUpdater_d.exe, In Quarantäne, [841f14f4a8d33afcb6f45486da29e51b],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busF23B\CrxUpdater_d.exe, In Quarantäne, [eab99e6a3f3c41f573378f4bc53e728e],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busF89B\CrxUpdater_d.exe, In Quarantäne, [3370f90f0675e254a00a5387bd464eb2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\div66DD.tmp\checktbexist.exe, In Quarantäne, [6b38f90fee8dee485f30b965cc3424dc],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\div66DD.tmp\mism.exe, In Quarantäne, [752e7692750638fed759c758ea166a96],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus17A7\CrxUpdater_d.exe, In Quarantäne, [f4aff711f38885b16d3d904ab64d936d],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus1CC8\CrxUpdater_d.exe, In Quarantäne, [3b68a365bcbf0135406a1fbb996a22de],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus218A\CrxUpdater_d.exe, In Quarantäne, [13904abe057635015e4c409a8182a759],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus2E1\CrxUpdater_d.exe, In Quarantäne, [a5fe9e6a7efd55e128820bcf9073966a],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus3A2D\CrxUpdater_d.exe, In Quarantäne, [d9ca32d6b0cb181ee1c9994102010ff1],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus3CB5\CrxUpdater_d.exe, In Quarantäne, [416251b7443773c36f3be4f66c9747b9],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus433D\CrxUpdater_d.exe, In Quarantäne, [772ca0689fdc7cba2e7cfdddce35eb15],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\BExternal.dll, In Quarantäne, [7e2536d20d6e54e224bace547f8133cd],
PUP.Optional.BabSolution.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\BUSolution.dll, In Quarantäne, [1a89f90fb5c65dd92e9520e3758c9070],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\CrxInstaller.dll, In Quarantäne, [723127e1dba0092dcaaec54b37caa15f],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\MntrDLLInstall.dll, In Quarantäne, [119256b2fe7d03337900ee2215ec9070],
PUP.Optional.Delta, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\MyDeltaTB.exe, In Quarantäne, [4a5955b372091c1a610422def1108b75],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\Setup.exe, In Quarantäne, [386b16f2255641f57ea2f8264db318e8],
PUP.Optional.OpenCandy, C:\Users\Felix\Downloads\FreeYouTubeToMP3Converter_3.12.11.812.exe, In Quarantäne, [e8bbdf29344758de750ca55fe819c937],
PUP.Optional.BProtector.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\bProtector_extensions.sqlite, In Quarantäne, [247f51b7b0cb5fd70345c396c83a6a96],
PUP.Optional.BProtector.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\bprotector_prefs.js, In Quarantäne, [3f6422e6bcbfef47ae9bd782d131a759],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [059e6f995427013597c76df14cb6eb15],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\B0D80AF6D8E444E692371ADDCC6B9A73\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [4d566b9d7ffc82b48ec5c48aa959ae52],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [544f02069edd42f4862d70de9b673ec2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[841fdb2d4d2e85b1e851062d50b46898]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[950eec1c33484cea26139b98cb3915eb]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[2083749422597abcd2670d26b64e21df]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[178c09ff80fb979f0435fd367c88ce32]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[31725cac7ffc90a678c1e251709454ac]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[2a79ef19ee8d88ae34058ca741c33bc5]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[efb4ad5b780365d11c1da2916f95ea16]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "d0fa6da3000000000000689423580536");), Ersetzt,[d9ca22e66e0d310579c0e053887cfa06]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15941");), Ersetzt,[c8db0bfd8cef40f62613f63da163827e]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[a20143c5bbc045f195a4102314f02dd3]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[e0c3c64232492d090e2b51e24cb8b54b]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[e0c35caccfac989ed56436fd28dc857b]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[b8ebd335c6b5e94d86b3e54e33d19f61]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[bbe8996f99e27bbb82b75cd702025fa1]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[257e1fe9057676c064d5c37050b4fb05]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[822153b5552647ef31081e157c8836ca]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[841f798f770475c117224be8d92ba858]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.5");), Ersetzt,[b6edae5afc7f0d290f2a6fc44bb9817f]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.51:56:37");), Ersetzt,[0d96f4146d0eee489d9c6bc85ba97c84]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.5");), Ersetzt,[ced54dbb6714aa8c51e82b087d8755ab]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[b5ee15f3b6c593a30237cb682cd86898]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=121564&tt=200813_245&tsp=4984");), Ersetzt,[307347c1b1ca7bbb51e8bb78da2a5ea2]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[386b0bfd433874c2a396b97a71935aa6]
Physische Sektoren: 0
(No malicious items detected)
(end) --- ---
AdwCleaner Code:
# AdwCleaner v3.022 - Bericht erstellt am 28/03/2014 um 12:26:01
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Felix - FELIX-PC
# Gestartet von : C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VQDEUON\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Splashtop
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\f68888b268bd42
Schlüssel Gelöscht : HKLM\SOFTWARE\f68888b268bd42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Splashtop Inc.
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Splashtop Inc.
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Splashtop Inc.
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3004 octets] - [28/03/2014 12:21:51]
AdwCleaner[S0].txt - [2550 octets] - [28/03/2014 12:26:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2610 octets] ########## --- ---
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Felix on 28.03.2014 at 12:31:18,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3009733026-2546922508-490237941-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Felix\AppData\Roaming\splashtop"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2014 at 12:42:29,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- ---
FRST
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Felix (administrator) on FELIX-PC on 28-03-2014 12:51:54
Running from C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VQDEUON
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\x86\EgisService.exe
() C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\ReminderService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\aoiosnap.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\LockKey.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Spotify Ltd) C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [524928 2011-05-07] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2697512 2011-02-18] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [InstantView Agent] - C:\Program Files (x86)\InstantView\tools\aoiosnap.exe [1127840 2011-05-12] (Splashtop Inc.)
HKLM\...\Run: [InstantView LockKey] - C:\Program Files (x86)\InstantView\tools\LockKey.exe [1498472 2011-07-15] (Splashtop Inc.)
HKLM\...\Run: [ProShieldTSR] - C:\Program Files\Acer ProShield\EgisTSR.exe [165936 2011-08-20] (Egis Technology Inc. )
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1100880 2011-05-21] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\Run: [Spotify] - C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\Run: [Spotify Web Helper] - C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\MountPoints2: {1c0b4db0-5127-11e3-9dbb-729423580536} - E:\setup.exe
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\MountPoints2: {1c0b4dd8-5127-11e3-9dbb-729423580536} - G:\setup.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Acer ProShield\x86\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt [2013-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt20 [2013-04-03]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EgisTec Service; C:\Program Files\Acer ProShield\x86\EgisService.exe [196144 2011-08-20] (Egis Technology Inc. )
R2 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [212016 2011-08-20] (Egis Technology Inc. )
R2 msftesql$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MSSQL$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 ReminderService; C:\Program Files (x86)\InstantView\tools\ReminderService.exe [26488 2011-07-15] (Splashtop Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SecureStorageService; C:\Program Files\Acer ProShield\Secure Storage Manager\SecureStorageService.exe [2128776 2011-01-06] (Wave Systems Corp.)
R2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-19] (Disc Soft Ltd)
R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 12:42 - 2014-03-28 12:42 - 00000891 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-03-28 12:31 - 2014-03-28 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 12:29 - 2014-03-28 12:29 - 00002698 _____ () C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2014-03-28 12:20 - 2014-03-28 12:20 - 00016178 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-03-28 11:39 - 2014-03-28 12:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 11:37 - 2014-03-28 12:26 - 00000000 ____D () C:\AdwCleaner
2014-03-28 11:36 - 2014-03-28 11:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 11:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 11:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 11:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 11:11 - 2014-03-28 11:11 - 00001268 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-03-28 11:11 - 2014-03-28 11:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 10:27 - 2014-03-28 12:51 - 00000000 ____D () C:\FRST
2014-03-28 10:25 - 2014-03-28 10:26 - 00000472 _____ () C:\Users\Felix\Desktop\defogger_disable.log
2014-03-28 10:25 - 2014-03-28 10:25 - 00000168 _____ () C:\Users\Felix\defogger_reenable
2014-03-28 09:54 - 2014-03-28 09:54 - 00262144 _____ () C:\Windows\Minidump\032814-27346-01.dmp
2014-03-28 09:51 - 2014-03-28 09:51 - 00000000 ____D () C:\Windows\Profiles\Felix
2014-03-28 09:46 - 2014-03-28 09:46 - 00262144 _____ () C:\Windows\Minidump\032814-23899-01.dmp
2014-03-28 09:41 - 2014-03-28 09:54 - 531979922 _____ () C:\Windows\MEMORY.DMP
2014-03-28 09:41 - 2014-03-28 09:54 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 09:41 - 2014-03-28 09:41 - 00262144 _____ () C:\Windows\Minidump\032814-24414-01.dmp
2014-03-22 17:09 - 2014-03-22 17:09 - 00000000 ____D () C:\ProgramData\Visan
2014-03-22 17:08 - 2014-03-22 17:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 17:08 - 2014-03-22 17:40 - 00000000 ____D () C:\ProgramData\HP
2014-03-22 17:08 - 2014-03-22 17:08 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-22 17:08 - 2014-03-22 17:08 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\HpUpdate
2014-03-22 17:07 - 2014-03-22 17:11 - 00000000 ____D () C:\Users\Felix\AppData\Local\HP
2014-03-19 22:28 - 2014-03-19 22:29 - 00000000 ____D () C:\Users\Felix\Desktop\whatsapp
2014-03-19 22:25 - 2014-03-19 22:25 - 00000000 ____D () C:\Users\Felix\Desktop\facebook bilder
2014-03-13 01:07 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 01:07 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 01:07 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 01:07 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 01:07 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 01:07 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 01:07 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 01:07 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 01:07 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 01:07 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 01:07 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 01:07 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 01:07 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 01:07 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 01:07 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 01:06 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 01:06 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 01:06 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 01:06 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 01:06 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 01:06 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 01:06 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 01:06 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 01:06 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 01:06 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 01:06 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 01:06 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 01:06 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 01:06 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 01:06 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 01:06 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 01:06 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 01:06 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 01:06 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 01:06 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 01:06 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 01:06 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 01:06 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 01:06 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 01:06 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 01:06 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 01:06 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 01:06 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 01:06 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 01:05 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 01:05 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 01:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 01:05 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 20:02 - 2014-03-09 20:02 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
==================== One Month Modified Files and Folders =======
2014-03-28 12:51 - 2014-03-28 10:27 - 00000000 ____D () C:\FRST
2014-03-28 12:42 - 2014-03-28 12:42 - 00000891 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-03-28 12:34 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 12:34 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 12:31 - 2014-03-28 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 12:29 - 2014-03-28 12:29 - 00002698 _____ () C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2014-03-28 12:27 - 2013-11-29 19:57 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Spotify
2014-03-28 12:27 - 2013-11-11 10:55 - 00000000 ___RD () C:\Users\Felix\Dropbox
2014-03-28 12:27 - 2013-11-11 10:53 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Dropbox
2014-03-28 12:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 12:26 - 2014-03-28 11:37 - 00000000 ____D () C:\AdwCleaner
2014-03-28 12:26 - 2013-04-03 05:05 - 01491350 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 12:26 - 2010-11-21 04:47 - 00303110 _____ () C:\Windows\PFRO.log
2014-03-28 12:26 - 2009-07-14 05:51 - 00090096 _____ () C:\Windows\setupact.log
2014-03-28 12:20 - 2014-03-28 12:20 - 00016178 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-03-28 12:19 - 2014-03-28 11:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-03-28 12:07 - 2013-08-25 14:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 11:36 - 2014-03-28 11:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 11:11 - 2014-03-28 11:11 - 00001268 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-03-28 11:11 - 2014-03-28 11:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 10:26 - 2014-03-28 10:25 - 00000472 _____ () C:\Users\Felix\Desktop\defogger_disable.log
2014-03-28 10:25 - 2014-03-28 10:25 - 00000168 _____ () C:\Users\Felix\defogger_reenable
2014-03-28 10:25 - 2013-04-26 18:46 - 00000000 ____D () C:\Users\Felix
2014-03-28 09:54 - 2014-03-28 09:54 - 00262144 _____ () C:\Windows\Minidump\032814-27346-01.dmp
2014-03-28 09:54 - 2014-03-28 09:41 - 531979922 _____ () C:\Windows\MEMORY.DMP
2014-03-28 09:54 - 2014-03-28 09:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 09:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 09:51 - 2014-03-28 09:51 - 00000000 ____D () C:\Windows\Profiles\Felix
2014-03-28 09:46 - 2014-03-28 09:46 - 00262144 _____ () C:\Windows\Minidump\032814-23899-01.dmp
2014-03-28 09:41 - 2014-03-28 09:41 - 00262144 _____ () C:\Windows\Minidump\032814-24414-01.dmp
2014-03-27 23:13 - 2013-06-07 18:45 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-03-26 17:19 - 2013-06-09 12:38 - 00000000 ____D () C:\Users\Felix\Desktop\Magic
2014-03-22 17:41 - 2014-03-22 17:08 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 17:40 - 2014-03-22 17:08 - 00000000 ____D () C:\ProgramData\HP
2014-03-22 17:40 - 2013-04-26 18:47 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 17:11 - 2014-03-22 17:07 - 00000000 ____D () C:\Users\Felix\AppData\Local\HP
2014-03-22 17:09 - 2014-03-22 17:09 - 00000000 ____D () C:\ProgramData\Visan
2014-03-22 17:08 - 2014-03-22 17:08 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-22 17:08 - 2014-03-22 17:08 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\HpUpdate
2014-03-21 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-19 22:29 - 2014-03-19 22:28 - 00000000 ____D () C:\Users\Felix\Desktop\whatsapp
2014-03-19 22:25 - 2014-03-19 22:25 - 00000000 ____D () C:\Users\Felix\Desktop\facebook bilder
2014-03-19 14:32 - 2013-11-29 19:57 - 00000000 ____D () C:\Users\Felix\AppData\Local\Spotify
2014-03-19 14:03 - 2013-07-10 11:33 - 00002062 ____H () C:\Users\Felix\Documents\Default.rdp
2014-03-13 17:08 - 2009-07-14 05:45 - 00443280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:07 - 2013-06-08 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 17:07 - 2013-06-08 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:05 - 2013-04-29 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 21:07 - 2013-08-25 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:07 - 2013-08-25 14:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:07 - 2012-02-08 06:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 20:02 - 2014-03-09 20:02 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-03-09 20:02 - 2012-02-08 07:27 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-03-28 11:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 11:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-28 11:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 11:32 - 2013-09-30 13:22 - 00000000 ____D () C:\Users\Felix\Desktop\Valencia
2014-03-01 07:05 - 2014-03-13 01:06 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 01:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 01:07 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 01:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 01:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 01:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 01:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 01:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 01:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 01:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 01:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 01:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 01:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 01:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 01:06 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 01:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 01:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 01:07 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 01:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-13 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-13 01:06 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 01:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 01:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 01:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 01:06 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 01:06 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 01:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 01:06 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 01:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 01:06 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 01:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 01:06 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 01:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 01:07 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 01:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 01:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-01 03:02 - 2013-04-29 18:44 - 01821100 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 03:02 - 2013-04-03 14:55 - 00786018 _____ () C:\Windows\system32\perfh007.dat
2014-03-01 03:02 - 2013-04-03 14:55 - 00179230 _____ () C:\Windows\system32\perfc007.dat
2014-03-01 03:02 - 2009-07-14 06:13 - 01821100 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\AskSLib.dll
C:\Users\Felix\AppData\Local\Temp\avgnt.exe
C:\Users\Felix\AppData\Local\Temp\ose00000.exe
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe
C:\Users\Felix\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Felix\AppData\Local\Temp\uninst1.exe
C:\Users\Felix\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-23 19:20
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Und nochmals 1000 Dank für die Hilfe
Ok, habe soweit alles durch und das ist das, was ich ausgespuckt bekommen habe...hoffe es hilft bei der Analyse.
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.03.2014
Suchlauf-Zeit: 12:13:23
Logdatei: mbam.txt
Administrator: Nein
Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Felix
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256352
Verstrichene Zeit: 32 Min, 10 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 11
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7e251deb4d2e7fb71280a794808234cc],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7e251deb4d2e7fb71280a794808234cc],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Löschen bei Neustart, [03a08880b4c77fb74f4311299b67ff01],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Löschen bei Neustart, [03a08880b4c77fb74f4311299b67ff01],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Löschen bei Neustart, [8320bf49c1bae74f405105354db5cc34],
PUP.Optional.Delta.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Löschen bei Neustart, [8320bf49c1bae74f405105354db5cc34],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Löschen bei Neustart, [148ff216c9b2251114b19edcc73c03fd],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [5e45f90fbfbc70c63490accecd36a55b],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, Löschen bei Neustart, [564dfa0e80fbde58923bd5a61ae99a66],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Löschen bei Neustart, [abf8db2dccafff37b9155f1c7a892ad6],
PUP.Optional.BProtector.A, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [9f0413f50e6d162029f91f5f44bf5ba5],
Registrierungswerte: 2
PUP.BProtector, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.google.de/, Löschen bei Neustart, [bbe805038bf00630f0d680fa0df6e61a]
PUP.BProtector, HKU\S-1-5-21-3009733026-2546922508-490237941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Löschen bei Neustart, [049fd335b4c7af87c7003b3f0201c33d]
Registrierungsdaten: 1
Rogue.InternetSecurityEssentials, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll, Gut: (), Schlecht: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll),Ersetzt,[6f348c7c5f1c3afc23a776dffe028b75]
Ordner: 7
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\B0D80AF6D8E444E692371ADDCC6B9A73, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\FD86FDAD12EC4814AA58D0B3230B4BC1, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Roaming\File Scout, In Quarantäne, [4d566b9d7ffc82b48ec5c48aa959ae52],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297265, In Quarantäne, [544f02069edd42f4862d70de9b673ec2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
Dateien: 64
Rogue.InternetSecurityEssentials, C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll, Löschen bei Neustart, [6f348c7c5f1c3afc23a776dffe028b75],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Roaming\OpenCandy\FD86FDAD12EC4814AA58D0B3230B4BC1\DeltaTB.exe, In Quarantäne, [edb627e1067537ff4608fc01748c748c],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Local\Temp\setup_fsu_cid.exe, In Quarantäne, [752e35d3c2b9a4920932728d48b8ea16],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\D1B5.tmp, In Quarantäne, [742fd632601b072fc090a47418e9ee12],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ECF.tmp, In Quarantäne, [03a01fe9e497a492a7a99583f809a060],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus49DB\CrxUpdater_d.exe, In Quarantäne, [762d97716714c96d9812d50509faa45c],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus4FCA\CrxUpdater_d.exe, In Quarantäne, [4b580efa80fb74c2565413c759aa3cc4],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus69C3\CrxUpdater_d.exe, In Quarantäne, [8122a0685a21171fe2c8f3e7a75ca858],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus6EDE\CrxUpdater_d.exe, In Quarantäne, [01a267a13447cf67f1b9b426649f1be5],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus9C32\CrxUpdater_d.exe, In Quarantäne, [386b8c7cc1bae056694105d51de6f40c],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busAAC\CrxUpdater_d.exe, In Quarantäne, [70339d6b304b52e484261bbf45beeb15],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busC564\CrxUpdater_d.exe, In Quarantäne, [c7dc7395a2d9f93dacfe2baf42c1eb15],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busC755\CrxUpdater_d.exe, In Quarantäne, [841f14f4a8d33afcb6f45486da29e51b],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busF23B\CrxUpdater_d.exe, In Quarantäne, [eab99e6a3f3c41f573378f4bc53e728e],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\busF89B\CrxUpdater_d.exe, In Quarantäne, [3370f90f0675e254a00a5387bd464eb2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\div66DD.tmp\checktbexist.exe, In Quarantäne, [6b38f90fee8dee485f30b965cc3424dc],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\div66DD.tmp\mism.exe, In Quarantäne, [752e7692750638fed759c758ea166a96],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus17A7\CrxUpdater_d.exe, In Quarantäne, [f4aff711f38885b16d3d904ab64d936d],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus1CC8\CrxUpdater_d.exe, In Quarantäne, [3b68a365bcbf0135406a1fbb996a22de],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus218A\CrxUpdater_d.exe, In Quarantäne, [13904abe057635015e4c409a8182a759],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus2E1\CrxUpdater_d.exe, In Quarantäne, [a5fe9e6a7efd55e128820bcf9073966a],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus3A2D\CrxUpdater_d.exe, In Quarantäne, [d9ca32d6b0cb181ee1c9994102010ff1],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus3CB5\CrxUpdater_d.exe, In Quarantäne, [416251b7443773c36f3be4f66c9747b9],
PUP.Optional.CRX.A, C:\Users\Felix\AppData\Local\Temp\bus433D\CrxUpdater_d.exe, In Quarantäne, [772ca0689fdc7cba2e7cfdddce35eb15],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\BExternal.dll, In Quarantäne, [7e2536d20d6e54e224bace547f8133cd],
PUP.Optional.BabSolution.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\BUSolution.dll, In Quarantäne, [1a89f90fb5c65dd92e9520e3758c9070],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\CrxInstaller.dll, In Quarantäne, [723127e1dba0092dcaaec54b37caa15f],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\MntrDLLInstall.dll, In Quarantäne, [119256b2fe7d03337900ee2215ec9070],
PUP.Optional.Delta, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\MyDeltaTB.exe, In Quarantäne, [4a5955b372091c1a610422def1108b75],
PUP.Optional.Babylon.A, C:\Users\Felix\AppData\Local\Temp\16BC521B-BAB0-7891-ABC9-67C13A61DF6A\Latest\Setup.exe, In Quarantäne, [386b16f2255641f57ea2f8264db318e8],
PUP.Optional.OpenCandy, C:\Users\Felix\Downloads\FreeYouTubeToMP3Converter_3.12.11.812.exe, In Quarantäne, [e8bbdf29344758de750ca55fe819c937],
PUP.Optional.BProtector.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\bProtector_extensions.sqlite, In Quarantäne, [247f51b7b0cb5fd70345c396c83a6a96],
PUP.Optional.BProtector.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\bprotector_prefs.js, In Quarantäne, [3f6422e6bcbfef47ae9bd782d131a759],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [059e6f995427013597c76df14cb6eb15],
PUP.Optional.OpenCandy, C:\Users\Felix\AppData\Roaming\OpenCandy\B0D80AF6D8E444E692371ADDCC6B9A73\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [a30096723645d462da61e866ed1522de],
PUP.Optional.FileScout.A, C:\Users\Felix\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [4d566b9d7ffc82b48ec5c48aa959ae52],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [564dc0487efd34022f849db16e941ce4],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [544f02069edd42f4862d70de9b673ec2],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
PUP.Optional.Conduit.A, C:\Users\Felix\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [584b30d84239bd799e1576d87a88a65a],
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[841fdb2d4d2e85b1e851062d50b46898]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[950eec1c33484cea26139b98cb3915eb]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[2083749422597abcd2670d26b64e21df]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[178c09ff80fb979f0435fd367c88ce32]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[31725cac7ffc90a678c1e251709454ac]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[2a79ef19ee8d88ae34058ca741c33bc5]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[efb4ad5b780365d11c1da2916f95ea16]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "d0fa6da3000000000000689423580536");), Ersetzt,[d9ca22e66e0d310579c0e053887cfa06]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15941");), Ersetzt,[c8db0bfd8cef40f62613f63da163827e]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[a20143c5bbc045f195a4102314f02dd3]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[e0c3c64232492d090e2b51e24cb8b54b]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[e0c35caccfac989ed56436fd28dc857b]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[b8ebd335c6b5e94d86b3e54e33d19f61]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[bbe8996f99e27bbb82b75cd702025fa1]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[257e1fe9057676c064d5c37050b4fb05]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[822153b5552647ef31081e157c8836ca]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[841f798f770475c117224be8d92ba858]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.5");), Ersetzt,[b6edae5afc7f0d290f2a6fc44bb9817f]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.51:56:37");), Ersetzt,[0d96f4146d0eee489d9c6bc85ba97c84]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.5");), Ersetzt,[ced54dbb6714aa8c51e82b087d8755ab]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[b5ee15f3b6c593a30237cb682cd86898]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=121564&tt=200813_245&tsp=4984");), Ersetzt,[307347c1b1ca7bbb51e8bb78da2a5ea2]
PUP.Optional.Delta.A, C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[386b0bfd433874c2a396b97a71935aa6]
Physische Sektoren: 0
(No malicious items detected)
(end) --- ---
AdwCleaner Code:
# AdwCleaner v3.022 - Bericht erstellt am 28/03/2014 um 12:26:01
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Felix - FELIX-PC
# Gestartet von : C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VQDEUON\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Splashtop
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\f68888b268bd42
Schlüssel Gelöscht : HKLM\SOFTWARE\f68888b268bd42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Splashtop Inc.
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Splashtop Inc.
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Splashtop Inc.
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3004 octets] - [28/03/2014 12:21:51]
AdwCleaner[S0].txt - [2550 octets] - [28/03/2014 12:26:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2610 octets] ########## --- ---
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Felix on 28.03.2014 at 12:31:18,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3009733026-2546922508-490237941-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Felix\AppData\Roaming\splashtop"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2014 at 12:42:29,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- ---
FRST
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Felix (administrator) on FELIX-PC on 28-03-2014 12:51:54
Running from C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VQDEUON
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\x86\EgisService.exe
() C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\ReminderService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\aoiosnap.exe
(Splashtop Inc.) C:\Program Files (x86)\InstantView\tools\LockKey.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Spotify Ltd) C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [524928 2011-05-07] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2697512 2011-02-18] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [InstantView Agent] - C:\Program Files (x86)\InstantView\tools\aoiosnap.exe [1127840 2011-05-12] (Splashtop Inc.)
HKLM\...\Run: [InstantView LockKey] - C:\Program Files (x86)\InstantView\tools\LockKey.exe [1498472 2011-07-15] (Splashtop Inc.)
HKLM\...\Run: [ProShieldTSR] - C:\Program Files\Acer ProShield\EgisTSR.exe [165936 2011-08-20] (Egis Technology Inc. )
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1100880 2011-05-21] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\Run: [Spotify] - C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\Run: [Spotify Web Helper] - C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-19] (Spotify Ltd)
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\MountPoints2: {1c0b4db0-5127-11e3-9dbb-729423580536} - E:\setup.exe
HKU\S-1-5-21-3009733026-2546922508-490237941-1000\...\MountPoints2: {1c0b4dd8-5127-11e3-9dbb-729423580536} - G:\setup.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Acer ProShield\x86\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vfsxdnws.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt [2013-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt20 [2013-04-03]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EgisTec Service; C:\Program Files\Acer ProShield\x86\EgisService.exe [196144 2011-08-20] (Egis Technology Inc. )
R2 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [212016 2011-08-20] (Egis Technology Inc. )
R2 msftesql$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MSSQL$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 ReminderService; C:\Program Files (x86)\InstantView\tools\ReminderService.exe [26488 2011-07-15] (Splashtop Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SecureStorageService; C:\Program Files\Acer ProShield\Secure Storage Manager\SecureStorageService.exe [2128776 2011-01-06] (Wave Systems Corp.)
R2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-19] (Disc Soft Ltd)
R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 12:42 - 2014-03-28 12:42 - 00000891 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-03-28 12:31 - 2014-03-28 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 12:29 - 2014-03-28 12:29 - 00002698 _____ () C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2014-03-28 12:20 - 2014-03-28 12:20 - 00016178 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-03-28 11:39 - 2014-03-28 12:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 11:37 - 2014-03-28 12:26 - 00000000 ____D () C:\AdwCleaner
2014-03-28 11:36 - 2014-03-28 11:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 11:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 11:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 11:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 11:11 - 2014-03-28 11:11 - 00001268 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-03-28 11:11 - 2014-03-28 11:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 10:27 - 2014-03-28 12:51 - 00000000 ____D () C:\FRST
2014-03-28 10:25 - 2014-03-28 10:26 - 00000472 _____ () C:\Users\Felix\Desktop\defogger_disable.log
2014-03-28 10:25 - 2014-03-28 10:25 - 00000168 _____ () C:\Users\Felix\defogger_reenable
2014-03-28 09:54 - 2014-03-28 09:54 - 00262144 _____ () C:\Windows\Minidump\032814-27346-01.dmp
2014-03-28 09:51 - 2014-03-28 09:51 - 00000000 ____D () C:\Windows\Profiles\Felix
2014-03-28 09:46 - 2014-03-28 09:46 - 00262144 _____ () C:\Windows\Minidump\032814-23899-01.dmp
2014-03-28 09:41 - 2014-03-28 09:54 - 531979922 _____ () C:\Windows\MEMORY.DMP
2014-03-28 09:41 - 2014-03-28 09:54 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 09:41 - 2014-03-28 09:41 - 00262144 _____ () C:\Windows\Minidump\032814-24414-01.dmp
2014-03-22 17:09 - 2014-03-22 17:09 - 00000000 ____D () C:\ProgramData\Visan
2014-03-22 17:08 - 2014-03-22 17:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 17:08 - 2014-03-22 17:40 - 00000000 ____D () C:\ProgramData\HP
2014-03-22 17:08 - 2014-03-22 17:08 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-22 17:08 - 2014-03-22 17:08 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\HpUpdate
2014-03-22 17:07 - 2014-03-22 17:11 - 00000000 ____D () C:\Users\Felix\AppData\Local\HP
2014-03-19 22:28 - 2014-03-19 22:29 - 00000000 ____D () C:\Users\Felix\Desktop\whatsapp
2014-03-19 22:25 - 2014-03-19 22:25 - 00000000 ____D () C:\Users\Felix\Desktop\facebook bilder
2014-03-13 01:07 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 01:07 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 01:07 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 01:07 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 01:07 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 01:07 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 01:07 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 01:07 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 01:07 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 01:07 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 01:07 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 01:07 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 01:07 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 01:07 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 01:07 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 01:06 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 01:06 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 01:06 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 01:06 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 01:06 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 01:06 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 01:06 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 01:06 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 01:06 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 01:06 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 01:06 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 01:06 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 01:06 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 01:06 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 01:06 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 01:06 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 01:06 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 01:06 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 01:06 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 01:06 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 01:06 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 01:06 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 01:06 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 01:06 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 01:06 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 01:06 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 01:06 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 01:06 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 01:06 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 01:05 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 01:05 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 01:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 01:05 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 20:02 - 2014-03-09 20:02 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
==================== One Month Modified Files and Folders =======
2014-03-28 12:51 - 2014-03-28 10:27 - 00000000 ____D () C:\FRST
2014-03-28 12:42 - 2014-03-28 12:42 - 00000891 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-03-28 12:34 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 12:34 - 2009-07-14 05:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 12:31 - 2014-03-28 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 12:29 - 2014-03-28 12:29 - 00002698 _____ () C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2014-03-28 12:27 - 2013-11-29 19:57 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Spotify
2014-03-28 12:27 - 2013-11-11 10:55 - 00000000 ___RD () C:\Users\Felix\Dropbox
2014-03-28 12:27 - 2013-11-11 10:53 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Dropbox
2014-03-28 12:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 12:26 - 2014-03-28 11:37 - 00000000 ____D () C:\AdwCleaner
2014-03-28 12:26 - 2013-04-03 05:05 - 01491350 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 12:26 - 2010-11-21 04:47 - 00303110 _____ () C:\Windows\PFRO.log
2014-03-28 12:26 - 2009-07-14 05:51 - 00090096 _____ () C:\Windows\setupact.log
2014-03-28 12:20 - 2014-03-28 12:20 - 00016178 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-03-28 12:19 - 2014-03-28 11:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-03-28 12:07 - 2013-08-25 14:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 11:36 - 2014-03-28 11:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 11:36 - 2014-03-28 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 11:11 - 2014-03-28 11:11 - 00001268 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-03-28 11:11 - 2014-03-28 11:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 10:26 - 2014-03-28 10:25 - 00000472 _____ () C:\Users\Felix\Desktop\defogger_disable.log
2014-03-28 10:25 - 2014-03-28 10:25 - 00000168 _____ () C:\Users\Felix\defogger_reenable
2014-03-28 10:25 - 2013-04-26 18:46 - 00000000 ____D () C:\Users\Felix
2014-03-28 09:54 - 2014-03-28 09:54 - 00262144 _____ () C:\Windows\Minidump\032814-27346-01.dmp
2014-03-28 09:54 - 2014-03-28 09:41 - 531979922 _____ () C:\Windows\MEMORY.DMP
2014-03-28 09:54 - 2014-03-28 09:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 09:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 09:51 - 2014-03-28 09:51 - 00000000 ____D () C:\Windows\Profiles\Felix
2014-03-28 09:46 - 2014-03-28 09:46 - 00262144 _____ () C:\Windows\Minidump\032814-23899-01.dmp
2014-03-28 09:41 - 2014-03-28 09:41 - 00262144 _____ () C:\Windows\Minidump\032814-24414-01.dmp
2014-03-27 23:13 - 2013-06-07 18:45 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-03-26 17:19 - 2013-06-09 12:38 - 00000000 ____D () C:\Users\Felix\Desktop\Magic
2014-03-22 17:41 - 2014-03-22 17:08 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 17:40 - 2014-03-22 17:08 - 00000000 ____D () C:\ProgramData\HP
2014-03-22 17:40 - 2013-04-26 18:47 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 17:11 - 2014-03-22 17:07 - 00000000 ____D () C:\Users\Felix\AppData\Local\HP
2014-03-22 17:09 - 2014-03-22 17:09 - 00000000 ____D () C:\ProgramData\Visan
2014-03-22 17:08 - 2014-03-22 17:08 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-22 17:08 - 2014-03-22 17:08 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\HpUpdate
2014-03-21 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-19 22:29 - 2014-03-19 22:28 - 00000000 ____D () C:\Users\Felix\Desktop\whatsapp
2014-03-19 22:25 - 2014-03-19 22:25 - 00000000 ____D () C:\Users\Felix\Desktop\facebook bilder
2014-03-19 14:32 - 2013-11-29 19:57 - 00000000 ____D () C:\Users\Felix\AppData\Local\Spotify
2014-03-19 14:03 - 2013-07-10 11:33 - 00002062 ____H () C:\Users\Felix\Documents\Default.rdp
2014-03-13 17:08 - 2009-07-14 05:45 - 00443280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:07 - 2013-06-08 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 17:07 - 2013-06-08 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:05 - 2013-04-29 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 21:07 - 2013-08-25 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:07 - 2013-08-25 14:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:07 - 2012-02-08 06:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 20:02 - 2014-03-09 20:02 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 20:02 - 2014-03-09 20:02 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-03-09 20:02 - 2012-02-08 07:27 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-03-28 11:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 11:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-28 11:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 11:32 - 2013-09-30 13:22 - 00000000 ____D () C:\Users\Felix\Desktop\Valencia
2014-03-01 07:05 - 2014-03-13 01:06 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 01:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 01:07 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 01:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 01:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 01:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 01:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 01:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 01:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 01:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 01:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 01:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 01:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 01:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 01:06 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 01:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 01:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 01:07 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 01:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-13 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-13 01:06 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 01:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 01:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 01:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 01:06 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 01:06 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 01:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 01:06 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 01:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 01:06 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 01:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 01:06 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 01:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 01:07 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 01:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 01:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-01 03:02 - 2013-04-29 18:44 - 01821100 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 03:02 - 2013-04-03 14:55 - 00786018 _____ () C:\Windows\system32\perfh007.dat
2014-03-01 03:02 - 2013-04-03 14:55 - 00179230 _____ () C:\Windows\system32\perfc007.dat
2014-03-01 03:02 - 2009-07-14 06:13 - 01821100 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\AskSLib.dll
C:\Users\Felix\AppData\Local\Temp\avgnt.exe
C:\Users\Felix\AppData\Local\Temp\ose00000.exe
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe
C:\Users\Felix\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Felix\AppData\Local\Temp\uninst1.exe
C:\Users\Felix\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-23 19:20
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Und nochmals 1000 Dank für die Hilfe
Und sorry für den doppelpost... |