Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/BProtector.Gen2, danach fliegende UFO's (https://www.trojaner-board.de/151426-tr-bprotector-gen2-danach-fliegende-ufos.html)

Kobra1983 24.03.2014 15:49

TR/BProtector.Gen2, danach fliegende UFO's
 
Hallo zusammen!

Schreibe grad für meine Mutter, denn sie hat noch nicht so lange einen PC und ich bin auch nicht wirklich der Profi.

Eine Freundin schickt ihr ständig schöne E-Mails mit kleinen Bildern. Ist nun z.B. mit der Maus auf ein Bärchen gegangen, hat rechte Maustaste geklickt, konnte eine Seite im neuen Tab öffnen und war dann bei www.incredimail.com.

Eigentlich ladet sie sonst immer was von chip.de herunter, aber diesmal tat sie es nicht.
Auf einmal meldet sich unten rechts beim Installieren der Datei Avira - es wurde ein unerwünschtes Programm gefunden.
Sie konnte die Installation jedoch nicht abbrechen, aber konnte unten rechts auf 'Entfernen' bei Avira klicken.
Ein kurzer Suchlauf startete, wo später rauskam, dass kein Virus gefunden wurde.
Es war auch nichts unter Quarantäne zu finden, doch unter Ereignisse 5-mal ein Fund mit TR/B protector.GEN2.

Unter Systemsteuerung dieses Programm von incredimail deinstalliert und auf einmal tauchten UFO's auf, die rumgeschossen haben und dann war es weg.
Sollte den Revo Uninstaller bei chip.de runterladen, weil der meiner Meinung nach gründlicher, alles komplett deinstalliert und der Fortschritt des Downloads war auch zu sehen, doch dann kamen erneut diese Untertassen, Schüsse waren zu hören und der Download ist verschwunden.

Was ist das denn bitte?
Wurde wohl eine Toolbar mit installiert, die Downloads einfach löscht?
Sie macht gerade einen Suchlauf. Und hat Windows 7 als Betriebssystem.

LG

cosinus 24.03.2014 16:12

Hallo und :hallo:


ich würd die Finger von Incredimail lassen. Buntblinkender Quatsch mit E-Mails, die keinem wirklichen Standard entsprechen, verwendet lieber sowas wie Mozilla Thunderbird. Außerdem wurde Incredimail nachgesagt, dass die ihre Nutzer ausspähen.


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Kobra1983 25.03.2014 15:18

Hallo cosinus,
erstmal danke für Deine Nachricht :)

Gestern als ich geschrieben habe, war ich bei mir zuhause und konnte deswegen nicht viel unternehmen. Heute bin ich bei meiner Mutter am PC.
Habe doch von diesen UFO's berichtet. Ich habe gerade ganz schnell Revo Uninstaller bei chip.de runtergeladen und nachgeschaut, was sich so an Programmen auf dem Computer befindet.
Darunter war Websteorids - habe ich erstmal deinstalliert und die fliegenden Untertassen sind schon mal weg *freu* Aber hat sich damit das Problem wohl erledigt?

Dieses 'Farbar Recovery Scan Tool FRST64' habe ich runtergeladen und hoffe, dass ich es richtig gemacht habe?! Jetzt ist erst 'FRST' dran, dann hätte ich da Addition und Shortcut.

Dieser Trojaner ist übrigens in der Quarantäne seit gestern 17:07 Uhr und die Meldung von ihm war um 14:09 Uhr und gleich 7-mal. Ansonsten keine Funde, keine Probleme.

LG

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Monika (administrator) on MONIKA-PC on 25-03-2014 14:24:06
Running from C:\Users\Monika\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4874960 2013-09-17] (SoftPerfect Research)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-04-01] (Ask)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a57c-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a5b8-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060dc2-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060de8-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {15eb48f9-d613-11e2-8448-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {86d27dc9-b950-11e2-b48e-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80083-b359-11e2-8985-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80093-b359-11e2-8985-902b3478eb45} - I:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {FDEF202F-835B-422A-9925-F59454AF7241} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CEFE001E101F7FB6&affID=119556&tsp=4930
SearchScopes: HKCU - {867BC69D-20BB-4F98-BB76-3ED591623624} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=668fe6f9-9a35-40c5-9cc6-729d867836b9&apn_sauid=2AFBA6F3-013E-4A0E-99C0-166DD702F9B7
SearchScopes: HKCU - {FDEF202F-835B-422A-9925-F59454AF7241} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0E8C3C20-4AC3-4785-A4AB-966A1771F569}: [NameServer]212.23.115.132 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default
FF user.js: detected! => C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-05-26] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys [85504 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-05-02] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 6BB25543428878BAFBC2F8446343B160
C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys 6BB25543428878BAFBC2F8446343B160
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys C2212C930D7A6CC21972B9882683D271
C:\Windows\System32\DRIVERS\ewusbmdm.sys 6E05228393CD614B983568EC40C262C3
C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys 6E05228393CD614B983568EC40C262C3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorA.sys 3A2C1EBCC6E5A7540AF36C36208F87D2
C:\Windows\System32\drivers\iaStorF.sys 1200D69DA2328EA64CDC448F08D5E57B
C:\Windows\system32\drivers\iaStorS.sys E6A6A5462E693D63F7C6729945C48E9E
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 371D7F91C0D2314EB984A4A6CBEABC92
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C2F868881D48A568B525255F084EF063
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys BD56BAE4403497E31727096CEBC42956
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\networx.sys 5064918C15C850AE77B09A2530B5F3D8
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\PciIsaSerial.sys 4EDB8D7DC85AD76C434D3037DA7631EC
C:\Windows\system32\drivers\PciPPorts.sys 28C9AF2398DA99BCCD647A44F838949B
C:\Windows\system32\drivers\PciSPorts.sys 443BCB6D87ACE6F3FCDC65B299DD3EB7
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 39A719875F572241C585A629EE62EB14
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 14:24 - 2014-03-25 14:24 - 00029555 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 14:23 - 2014-03-25 14:24 - 00000000 ____D () C:\FRST
2014-03-25 14:22 - 2014-03-25 14:22 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-25 14:21 - 2014-03-25 14:21 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST(1).exe
2014-03-25 14:16 - 2014-03-25 14:16 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 17:09 - 2014-03-25 14:03 - 00000894 _____ () C:\windows\PFRO.log
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 14:09 - 2014-03-24 14:09 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-24 13:58 - 2014-03-24 14:04 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA1K5TL.exe
2014-03-24 09:14 - 2014-03-24 09:14 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA3IXGF.exe
2014-03-24 09:14 - 2014-03-24 09:14 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA3IXFP.exe
2014-03-24 08:46 - 2014-03-25 14:04 - 00000224 _____ () C:\windows\setupact.log
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:24 - 2014-03-25 13:32 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-23 13:24 - 2014-03-23 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:21 - 2014-03-23 13:22 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-13 12:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 12:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 12:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 12:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 12:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 12:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 12:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 12:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 12:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 12:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 12:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 12:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 12:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 12:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 12:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 12:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 12:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 12:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 12:54 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 12:54 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 12:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 12:54 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-02-27 00:25 - 2014-02-27 23:41 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

==================== One Month Modified Files and Folders =======

2014-03-25 14:24 - 2014-03-25 14:24 - 00029555 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 14:24 - 2014-03-25 14:23 - 00000000 ____D () C:\FRST
2014-03-25 14:22 - 2014-03-25 14:22 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-25 14:21 - 2014-03-25 14:21 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST(1).exe
2014-03-25 14:16 - 2014-03-25 14:16 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-03-25 14:11 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 14:11 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 14:10 - 2011-04-12 08:43 - 00699432 _____ () C:\windows\system32\perfh007.dat
2014-03-25 14:10 - 2011-04-12 08:43 - 00149572 _____ () C:\windows\system32\perfc007.dat
2014-03-25 14:10 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 14:08 - 2014-01-14 10:21 - 01881677 _____ () C:\windows\WindowsUpdate.log
2014-03-25 14:04 - 2014-03-24 08:46 - 00000224 _____ () C:\windows\setupact.log
2014-03-25 14:04 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-25 14:03 - 2014-03-24 17:09 - 00000894 _____ () C:\windows\PFRO.log
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-25 13:32 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-24 15:39 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\ALDITALKVerbindungsassistent
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 14:09 - 2014-03-24 14:09 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-24 14:04 - 2014-03-24 13:58 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA1K5TL.exe
2014-03-24 09:14 - 2014-03-24 09:14 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA3IXGF.exe
2014-03-24 09:14 - 2014-03-24 09:14 - 00707360 _____ (ClientConnect) C:\Users\Monika\Downloads\Incredimail_TSA3IXFP.exe
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:25 - 2014-03-23 13:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:22 - 2014-03-23 13:21 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-23 11:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 00:48 - 2013-08-07 23:53 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 00:47 - 2012-09-17 09:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-16 11:30 - 2013-04-22 17:36 - 00000000 ____D () C:\Users\Monika
2014-03-01 07:05 - 2014-03-13 12:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 12:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 12:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 12:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 12:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 12:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 12:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 12:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 12:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 12:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 12:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 12:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 12:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 12:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 12:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 12:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 12:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 12:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 12:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 12:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 12:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 12:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 12:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 12:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 12:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 12:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 12:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 12:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 12:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 12:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 12:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 12:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 12:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 23:41 - 2014-02-27 00:25 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\winiml.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {current}
resumeobject            {1f109025-a04e-11e2-9869-902b341e4ccb}
displayorder            {current}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {1f109027-a04e-11e2-9869-902b341e4ccb}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {1f109025-a04e-11e2-9869-902b341e4ccb}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {1f109027-a04e-11e2-9869-902b341e4ccb}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{1f109028-a04e-11e2-9869-902b341e4ccb}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{1f109028-a04e-11e2-9869-902b341e4ccb}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {1f109025-a04e-11e2-9869-902b341e4ccb}
device                  partition=C:
path                    \windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {1f109028-a04e-11e2-9869-902b341e4ccb}
description            Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2014-03-20 00:34

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus 25.03.2014 15:20

Virenscanner-Logs fehlen und das additions.txt Log von FRST fehlt auch. Außerdem bat ich darum keine Häkchen in FRST zu veränder, das hast du aber gemacht wie man im Log eindeutig sehen kann.

Kobra1983 25.03.2014 16:15

Stimmt und sorry :( Habe überall ein Häkchen gemacht.
Ich weiß, man soll auf die Hilfe hören - weiß nicht, warum ich anders gehandelt habe - Entschuldigung, kommt nicht mehr vor!

ABER: Ich habe das nun erneut runtergeladen und werde an den Häkchen nichts machen, doch Addition.txt ist nicht ausgewählt. Also unter Optional Scan sind alle 4 Haken nicht da. Da Du aber Addition haben wolltest, habe ich nun das Häkchen dort gemacht.

Muss mich auch erstmal zurechtfinden und aller Anfang ist manchmal schwer.


FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Monika (administrator) on MONIKA-PC on 25-03-2014 15:55:10
Running from C:\Users\Monika\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Monika\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4874960 2013-09-17] (SoftPerfect Research)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-04-01] (Ask)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a57c-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a5b8-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060dc2-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060de8-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {15eb48f9-d613-11e2-8448-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {86d27dc9-b950-11e2-b48e-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80083-b359-11e2-8985-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80093-b359-11e2-8985-902b3478eb45} - I:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {FDEF202F-835B-422A-9925-F59454AF7241} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CEFE001E101F7FB6&affID=119556&tsp=4930
SearchScopes: HKCU - {867BC69D-20BB-4F98-BB76-3ED591623624} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=668fe6f9-9a35-40c5-9cc6-729d867836b9&apn_sauid=2AFBA6F3-013E-4A0E-99C0-166DD702F9B7
SearchScopes: HKCU - {FDEF202F-835B-422A-9925-F59454AF7241} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0E8C3C20-4AC3-4785-A4AB-966A1771F569}: [NameServer]212.23.115.132 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default
FF user.js: detected! => C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-05-26] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys [85504 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-05-02] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 15:53 - 2014-03-25 15:53 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64(2).exe
2014-03-25 15:45 - 2014-03-25 15:46 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64(1).exe
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 14:24 - 2014-03-25 15:55 - 00013807 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 14:24 - 2014-03-25 14:25 - 00021903 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:23 - 2014-03-25 15:55 - 00000000 ____D () C:\FRST
2014-03-25 14:22 - 2014-03-25 14:22 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-25 14:21 - 2014-03-25 14:21 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST(1).exe
2014-03-25 14:16 - 2014-03-25 14:16 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 14:09 - 2014-03-24 14:09 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-23 13:24 - 2014-03-25 15:05 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-23 13:24 - 2014-03-23 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:21 - 2014-03-23 13:22 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-13 12:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 12:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 12:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 12:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 12:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 12:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 12:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 12:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 12:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 12:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 12:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 12:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 12:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 12:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 12:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 12:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 12:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 12:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 12:54 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 12:54 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 12:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 12:54 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-02-27 00:25 - 2014-02-27 23:41 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

==================== One Month Modified Files and Folders =======

2014-03-25 15:55 - 2014-03-25 14:24 - 00013807 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 15:55 - 2014-03-25 14:23 - 00000000 ____D () C:\FRST
2014-03-25 15:53 - 2014-03-25 15:53 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64(2).exe
2014-03-25 15:46 - 2014-03-25 15:45 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64(1).exe
2014-03-25 15:05 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 14:25 - 2014-03-25 14:24 - 00021903 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:22 - 2014-03-25 14:22 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-25 14:21 - 2014-03-25 14:21 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST(1).exe
2014-03-25 14:16 - 2014-03-25 14:16 - 01145856 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-03-25 14:11 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 14:11 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 14:10 - 2011-04-12 08:43 - 00699432 _____ () C:\windows\system32\perfh007.dat
2014-03-25 14:10 - 2011-04-12 08:43 - 00149572 _____ () C:\windows\system32\perfc007.dat
2014-03-25 14:10 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 14:08 - 2014-01-14 10:21 - 01881677 ____N () C:\windows\WindowsUpdate.log
2014-03-25 14:04 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 15:39 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\ALDITALKVerbindungsassistent
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 14:09 - 2014-03-24 14:09 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-23 13:25 - 2014-03-23 13:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:22 - 2014-03-23 13:21 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-23 11:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 00:48 - 2013-08-07 23:53 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 00:47 - 2012-09-17 09:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-16 11:30 - 2013-04-22 17:36 - 00000000 ____D () C:\Users\Monika
2014-03-01 07:05 - 2014-03-13 12:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 12:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 12:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 12:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 12:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 12:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 12:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 12:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 12:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 12:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 12:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 12:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 12:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 12:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 12:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 12:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 12:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 12:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 12:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 12:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 12:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 12:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 12:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 12:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 12:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 12:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 12:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 12:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 12:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 12:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 12:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 12:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 12:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 23:41 - 2014-02-27 00:25 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\winiml.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 00:34

==================== End Of Log ============================

--- --- ---

--- --- ---



Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Monika at 2014-03-25 16:02:23
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.24.0 - Ask.com) <==== ATTENTION
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
IM Lock (HKLM-x32\...\IMLock) (Version:  - Comvigo, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NetWorx 5.2.10 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Windows 7 Games deluxe 1  (HKLM-x32\...\Windows 7 Games deluxe) (Version: 1 - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {6250116A-FA32-45F6-B896-B06167FDC556} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-01] () <==== ATTENTION
Task: {78855E1D-611E-4DF5-93E2-85C5B5976C6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CE24EA7A-3EE6-457B-B7B0-916F26B2E5E2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

==================== Loaded Modules (whitelisted) =============

2013-05-02 20:01 - 2013-05-26 16:47 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-14 10:04 - 2013-07-19 14:20 - 00687616 _____ () C:\Program Files\NetWorx\sqlite.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-05-02 20:01 - 2013-05-26 16:47 - 01780280 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
2013-06-17 22:34 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00102400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00106496 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00090112 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00196608 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00086016 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00012288 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00073728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00569344 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00139264 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00204800 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll
2013-05-02 20:01 - 2007-02-27 18:44 - 00823296 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00126976 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 01097728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\NDISAPI.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00614400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00303104 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll
2014-02-14 14:51 - 2014-02-14 14:51 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2f069b57965f456c3c25fb82419a363d\IsdiInterop.ni.dll
2012-09-17 09:06 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-18 13:26 - 2014-02-18 13:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 02:06:54 PM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (03/25/2014 02:06:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/23/2014 11:53:22 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/20/2014 00:47:15 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/14/2014 00:17:38 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/19/2014 03:33:53 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (02/19/2014 02:14:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.

Error: (02/05/2014 02:55:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (01/20/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/20/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/20/2014 00:00:57 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (12/17/2013 00:27:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (03/25/2014 02:06:54 PM) (Source: SecurityCenter)(User: )
Description:

Error: (03/25/2014 02:06:02 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL

Error: (03/25/2014 02:05:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ALDITALKVerbindungsassistent\MFC80U.DLL


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3981.28 MB
Available physical RAM: 2324.04 MB
Total Pagefile: 7960.74 MB
Available Pagefile: 5985.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:455.66 GB) (Free:417.51 GB) NTFS
Drive i: (Mobile Partner) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1ADCEB2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)

==================== End Of Log ============================


Code:

Exportierte Ereignisse:

24.03.2014 17:08 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\Temp\{F11D7058-A19A-4139-810F-DC7B98D32F2E}\setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Die Datei wurde zum Löschen nach einem Neustart markiert.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

24.03.2014 17:07 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\Temp\{F11D7058-A19A-4139-810F-DC7B98D32F2E}\setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5645f513.qua'
      verschoben!

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

24.03.2014 14:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\is-4VDKH.tmp\OptProCrash.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern


cosinus 25.03.2014 16:22

Zitat:

doch Addition.txt ist nicht ausgewählt.
Was auch völlig normal ist! Lies mal den Auszug aus der Anleitung:

Zitat:

Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (...)

Adware/Junkware/Toolbars entfernen


1. Schritt: Malwarebytes Anti-Malware

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Kobra1983 26.03.2014 18:23

Hallo cosinus,

den 1. Schritt habe ich schon mal gemacht und alles war in englischer Sprache, obwohl ich 'Deutsch' angeklickt habe - blickte nicht durch :(
Bin auch unter Anleitung gegangen, doch das Programm schaut nun ganz anders aus und so wie es da beschrieben ist, finde ich es nicht.

Auf der Startseite von Malwarebytes steht: Armaturenbrett, Suchlauf, Einstellungen (da konnte ich wenigstens die deutsche Sprache einstellen), Verlauf und da fand ich die infizierten Objekte, habe sie alle markiert und bin aufs blaue 'alles löschen' gegangen.

Jetzt sollte ich ja das Logfile posten, doch weiß nicht, was Notepad bedeutet und wüsste auch nicht, wo ich das nun finden soll.
Nachträglich könnte ich es unter Log Dateien finden, habe mir die Anweisungen angeschaut, doch da Malwarebytes Anti-Malware anders ausschaut, entdecke ich es einfach nicht.
Muss ich dann wohl mal alles anklicken und vielleicht sehe ich es irgendwo.

Den 2., 3. und 4. Schritt werde ich später auf jeden Fall machen, aber jetzt muss ich leider weg. Überlege auch, ob ich den PC meiner Mutter und auch meinen entsorgen soll, weil für einen Laien ist das echt heftig :eek:

Doch nochmal kurz da...
Unter Einstellungen steht: Exportieren Sie die Protokolldaten in folgendes Verzeichnis.
Finde ich da das dann wohl?
Obwohl dort irgendwie viel Gedöns ist und ich mit den Namen nichts anfangen kann.

cosinus 26.03.2014 22:07

Zitat:

den 1. Schritt habe ich schon mal gemacht und alles war in englischer Sprache, obwohl ich 'Deutsch' angeklickt habe - blickte nicht durch
Malwarebtes liegt nun in Version 2.x vor. Da ist alles etwas anders.
Logs findest du unter Verlauf => Anwendungsprotokolle

Kobra1983 26.03.2014 23:43

Hallo,
nicht böse sein, finde auch unter Verlauf, Anwendungsprotokolle nicht die Log Dateien.
Ich weiß leider noch nicht mal wo der Verlauf ist. :heulen:


Code:

# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 21:37:46
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Monika - MONIKA-PC
# Gestartet von : C:\Users\Monika\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Websteroids

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Monika\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Monika\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Monika\AppData\Roaming\Babylon
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\invalidprefs.js
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\user.js
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\853888ce03fea17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "cefed36f000000000000000000000000");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15887");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.523:09:18");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119556&tsp=4930");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=077E4031-5A5E-447F-A881-A701BF803AB9&n=77fce259&p2=^AW7^xdm013^YY^de&si=11417");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2013061721");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xdm013^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "11417");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.installation.toolbarId", "077E4031-5A5E-447F-A881-A701BF803AB9");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1371497883974");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "safepcrepair@mindspark.com");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");

*************************

AdwCleaner[R0].txt - [11932 octets] - [26/03/2014 21:32:15]
AdwCleaner[S0].txt - [11373 octets] - [26/03/2014 21:37:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11434 octets] ##########



FRST Logfile:

FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Monika (administrator) on MONIKA-PC on 26-03-2014 22:22:31
Running from C:\Users\Monika\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4874960 2013-09-17] (SoftPerfect Research)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a57c-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a5b8-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060dc2-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060de8-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {15eb48f9-d613-11e2-8448-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {86d27dc9-b950-11e2-b48e-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80083-b359-11e2-8985-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80093-b359-11e2-8985-902b3478eb45} - I:\AutoRun.exe
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {FDEF202F-835B-422A-9925-F59454AF7241} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{67A130DC-DFB0-41CA-A0E7-26C7A30671EB}: [NameServer]212.23.115.84 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-05-26] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys [85504 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-05-02] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-26 21:29 - 2014-03-26 21:37 - 00000000 ____D () C:\AdwCleaner
2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe
2014-03-26 16:15 - 2014-03-26 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 16:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-26 16:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-26 16:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-26 16:10 - 2014-03-26 16:11 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 14:24 - 2014-03-26 22:22 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 14:24 - 2014-03-25 16:03 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:23 - 2014-03-26 22:22 - 00000000 ____D () C:\FRST
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 17:09 - 2014-03-26 21:39 - 00026562 _____ () C:\windows\PFRO.log
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 08:46 - 2014-03-26 21:40 - 00000336 _____ () C:\windows\setupact.log
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:24 - 2014-03-26 20:54 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-23 13:24 - 2014-03-23 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:21 - 2014-03-23 13:22 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-13 12:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 12:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 12:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 12:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 12:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 12:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 12:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 12:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 12:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 12:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 12:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 12:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 12:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 12:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 12:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 12:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 12:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 12:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 12:54 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 12:54 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 12:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 12:54 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-02-27 00:25 - 2014-02-27 23:41 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

==================== One Month Modified Files and Folders =======

2014-03-26 22:22 - 2014-03-25 14:24 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-26 22:22 - 2014-03-25 14:23 - 00000000 ____D () C:\FRST
2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:44 - 2011-04-12 08:43 - 00699432 _____ () C:\windows\system32\perfh007.dat
2014-03-26 21:44 - 2011-04-12 08:43 - 00149572 _____ () C:\windows\system32\perfc007.dat
2014-03-26 21:44 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-26 21:41 - 2014-03-26 16:15 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 21:40 - 2014-03-24 08:46 - 00000336 _____ () C:\windows\setupact.log
2014-03-26 21:40 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-26 21:39 - 2014-03-24 17:09 - 00026562 _____ () C:\windows\PFRO.log
2014-03-26 21:39 - 2014-01-14 10:21 - 01901848 _____ () C:\windows\WindowsUpdate.log
2014-03-26 21:37 - 2014-03-26 21:29 - 00000000 ____D () C:\AdwCleaner
2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe
2014-03-26 20:54 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-26 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\TAPI
2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 16:11 - 2014-03-26 16:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 12:29 - 2013-04-22 17:36 - 00000000 ____D () C:\Users\Monika
2014-03-26 12:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt
2014-03-25 16:03 - 2014-03-25 14:24 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 15:39 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\ALDITALKVerbindungsassistent
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:25 - 2014-03-23 13:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:22 - 2014-03-23 13:21 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-23 11:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 00:48 - 2013-08-07 23:53 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 00:47 - 2012-09-17 09:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-05 09:26 - 2014-03-26 16:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 16:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 16:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-01 07:05 - 2014-03-13 12:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 12:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 12:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 12:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 12:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 12:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 12:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 12:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 12:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 12:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 12:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 12:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 12:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 12:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 12:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 12:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 12:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 12:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 12:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 12:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 12:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 12:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 12:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 12:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 12:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 12:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 12:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 12:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 12:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 12:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 12:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 12:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 12:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 23:41 - 2014-02-27 00:25 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\winiml.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 00:34

==================== End Of Log ============================


--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Monika (administrator) on MONIKA-PC on 26-03-2014 22:24:32
Running from C:\Users\Monika\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [4874960 2013-09-17] (SoftPerfect Research)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a57c-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {00b6a5b8-b358-11e2-83cb-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060dc2-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {07060de8-c5f6-11e2-a703-001e101fabdd} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {15eb48f9-d613-11e2-8448-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {86d27dc9-b950-11e2-b48e-902b3478eb45} - I:\AutoRun.exe
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80083-b359-11e2-8985-902b3478eb45} - I:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1759273969-1603499046-1894764506-1000\...\MountPoints2: {f8f80093-b359-11e2-8985-902b3478eb45} - I:\AutoRun.exe
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {FDEF202F-835B-422A-9925-F59454AF7241} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{67A130DC-DFB0-41CA-A0E7-26C7A30671EB}: [NameServer]212.23.115.84 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]

==================== Services (Whitelisted) =================

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-05-26] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-02] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\DRIVERS\ew_jubusenum.sys [85504 2013-05-02] (Huawei Technologies Co., Ltd.)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-05-02] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-26 21:29 - 2014-03-26 21:37 - 00000000 ____D () C:\AdwCleaner
2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe
2014-03-26 16:15 - 2014-03-26 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 16:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-26 16:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-26 16:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-26 16:10 - 2014-03-26 16:11 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 14:24 - 2014-03-26 22:24 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-25 14:24 - 2014-03-25 16:03 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:23 - 2014-03-26 22:24 - 00000000 ____D () C:\FRST
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 17:09 - 2014-03-26 21:39 - 00026562 _____ () C:\windows\PFRO.log
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 08:46 - 2014-03-26 21:40 - 00000336 _____ () C:\windows\setupact.log
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:24 - 2014-03-26 20:54 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-23 13:24 - 2014-03-23 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:21 - 2014-03-23 13:22 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-13 12:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 12:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 12:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 12:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 12:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 12:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 12:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 12:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 12:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 12:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 12:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 12:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 12:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 12:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 12:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 12:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 12:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 12:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 12:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 12:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 12:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 12:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 12:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 12:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 12:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 12:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 12:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 12:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 12:54 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 12:54 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 12:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 12:54 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 12:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-02-27 00:25 - 2014-02-27 23:41 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

==================== One Month Modified Files and Folders =======

2014-03-26 22:24 - 2014-03-25 14:24 - 00012660 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-03-26 22:24 - 2014-03-25 14:23 - 00000000 ____D () C:\FRST
2014-03-26 22:21 - 2014-03-26 22:21 - 02157056 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2014-03-26 22:15 - 2014-03-26 22:15 - 00001354 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-03-26 22:11 - 2014-03-26 22:11 - 01038974 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-03-26 22:11 - 2014-03-26 22:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:48 - 2009-07-14 05:45 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:44 - 2014-01-14 10:21 - 01901848 _____ () C:\windows\WindowsUpdate.log
2014-03-26 21:44 - 2011-04-12 08:43 - 00699432 _____ () C:\windows\system32\perfh007.dat
2014-03-26 21:44 - 2011-04-12 08:43 - 00149572 _____ () C:\windows\system32\perfc007.dat
2014-03-26 21:44 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-26 21:41 - 2014-03-26 16:15 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 21:40 - 2014-03-24 08:46 - 00000336 _____ () C:\windows\setupact.log
2014-03-26 21:40 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-26 21:39 - 2014-03-24 17:09 - 00026562 _____ () C:\windows\PFRO.log
2014-03-26 21:37 - 2014-03-26 21:29 - 00000000 ____D () C:\AdwCleaner
2014-03-26 21:28 - 2014-03-26 21:28 - 01950720 _____ () C:\Users\Monika\Downloads\adwcleaner.exe
2014-03-26 20:54 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-03-26 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\TAPI
2014-03-26 16:14 - 2014-03-26 16:14 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 16:14 - 2014-03-26 16:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 16:11 - 2014-03-26 16:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 12:29 - 2013-04-22 17:36 - 00000000 ____D () C:\Users\Monika
2014-03-26 12:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-03-25 16:08 - 2014-03-25 16:08 - 00005730 _____ () C:\Users\Monika\Documents\Ereignisse.txt
2014-03-25 16:03 - 2014-03-25 14:24 - 00021786 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-03-25 14:25 - 2014-03-25 14:25 - 00026783 _____ () C:\Users\Monika\Downloads\Shortcut.txt
2014-03-25 13:53 - 2014-03-25 13:53 - 00001235 _____ () C:\Users\Monika\Desktop\Revo Uninstaller.lnk
2014-03-25 13:53 - 2014-03-25 13:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-25 13:52 - 2014-03-25 13:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Monika\Downloads\revosetup95.exe
2014-03-24 15:39 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\ALDITALKVerbindungsassistent
2014-03-24 14:10 - 2014-03-24 14:10 - 00000000 ____D () C:\ProgramData\IncrediMail
2014-03-24 08:46 - 2014-03-24 08:46 - 00294184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 08:46 - 2014-03-24 08:46 - 00000000 _____ () C:\windows\setuperr.log
2014-03-23 13:25 - 2014-03-23 13:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 13:24 - 2014-03-23 13:24 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 13:24 - 2014-03-23 13:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 13:22 - 2014-03-23 13:21 - 34827424 _____ (Skype Technologies S.A.) C:\Users\Monika\Downloads\Skyp614eSetupFull.exe
2014-03-23 11:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-22 22:54 - 2014-03-22 22:54 - 00000000 ____D () C:\Users\Monika\Documents\Fax
2014-03-22 00:02 - 2014-03-22 00:02 - 01161080 _____ () C:\windows\SysWOW64\Websteroids.B324755F3F87.dll
2014-03-20 00:48 - 2013-08-07 23:53 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 00:47 - 2012-09-17 09:16 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 12:09 - 2014-03-16 12:09 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (3)
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Neuer Ordner
2014-03-16 11:30 - 2014-03-16 11:30 - 00000000 ____D () C:\Users\Monika\Documents\Neuer Ordner (2)
2014-03-05 09:26 - 2014-03-26 16:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 16:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 16:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-01 07:05 - 2014-03-13 12:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 12:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 12:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 12:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 12:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 12:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 12:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 12:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 12:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 12:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 12:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 12:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 12:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 12:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 12:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 12:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 12:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 12:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 12:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 12:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 12:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 12:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 12:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 12:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 12:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 12:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 12:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 12:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 12:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 12:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 12:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 12:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 12:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 12:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 12:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 12:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 23:41 - 2014-02-27 00:25 - 01594028 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\winiml.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 00:34

==================== End Of Log ============================

--- --- ---

--- --- ---


Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Monika at 2014-03-26 22:24:45
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
IM Lock (HKLM-x32\...\IMLock) (Version:  - Comvigo, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NetWorx 5.2.10 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.71 - Creative Island Media, LLC) <==== ATTENTION
Windows 7 Games deluxe 1  (HKLM-x32\...\Windows 7 Games deluxe) (Version: 1 - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {6250116A-FA32-45F6-B896-B06167FDC556} - \Scheduled Update for Ask Toolbar No Task File
Task: {78855E1D-611E-4DF5-93E2-85C5B5976C6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CE24EA7A-3EE6-457B-B7B0-916F26B2E5E2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

==================== Loaded Modules (whitelisted) =============

2013-05-02 20:01 - 2013-05-26 16:47 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-14 10:04 - 2013-07-19 14:20 - 00687616 _____ () C:\Program Files\NetWorx\sqlite.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-05-02 20:01 - 2013-05-26 16:47 - 01780280 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
2013-06-17 22:34 - 2013-01-25 09:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00102400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDatabase.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00106496 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00090112 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgPorts.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00196608 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDetection.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00086016 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDialup.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00012288 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGDebugs.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00073728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgDriverInstall.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00569344 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgCore.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00139264 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgBluetooth.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00204800 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LiveBoxCM.dll
2013-05-02 20:01 - 2007-02-27 18:44 - 00823296 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\LIBEAY32.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00126976 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WtgWiFi.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 01097728 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\NDISAPI.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00614400 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGXMLUtil.dll
2013-05-02 20:01 - 2013-05-26 16:47 - 00303104 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll
2014-02-14 14:51 - 2014-02-14 14:51 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2f069b57965f456c3c25fb82419a363d\IsdiInterop.ni.dll
2012-09-17 09:06 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-18 13:26 - 2014-02-18 13:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-02 20:01 - 2013-07-02 20:01 - 16033160 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3981.28 MB
Available physical RAM: 2343.71 MB
Total Pagefile: 7960.74 MB
Available Pagefile: 6015.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:455.66 GB) (Free:415.76 GB) NTFS
Drive i: (Mobile Partner) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1ADCEB2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)

==================== End Of Log ============================


Kobra1983 27.03.2014 01:31

Ich glaube, dass ich nun die Datei gefunden habe?!

Code:

Users shortcut scan result (x64) Version: 13-03-2014
Ran by Monika at 2014-03-25 14:25:32
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Games deluxe\Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk -> C:\Windows\System32\iml.vbs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx on the Web.lnk -> C:\Program Files\NetWorx\networx.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx.lnk -> C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\Uninstall NetWorx.lnk -> C:\Program Files\NetWorx\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IM Lock Internet Filter 2011\IM Lock.lnk -> C:\Program Files (x86)\IM_Lock\IMLock.exe (Comvigo, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Readme anzeigen.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent\ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent\Deinstallation ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\Uninstaller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\Links\Desktop.lnk -> C:\Users\Monika\Desktop ()
Shortcut: C:\Users\Monika\Links\Downloads.lnk -> C:\Users\Monika\Downloads ()
Shortcut: C:\Users\Monika\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Monika\Desktop\Windows 7 Games deluxe Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Games deluxe\Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.15 1748.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
Shortcut: C:\Users\Public\Desktop\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\IM Lock.lnk -> C:\Program Files (x86)\IM_Lock\IMLock.exe (Comvigo, Inc.)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\Desktop\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Monika\Desktop\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Default\Favorites\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Default\Desktop\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Monika\Favorites\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites (2).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites (3).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites.url -> 0
InternetURL: C:\Users\Monika\Desktop\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43

==================== End of log =============================
Users shortcut scan result (x64) Version: 13-03-2014
Ran by Monika at 2014-03-25 14:25:32
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Games deluxe\Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk -> C:\Windows\System32\iml.vbs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx on the Web.lnk -> C:\Program Files\NetWorx\networx.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx.lnk -> C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\Uninstall NetWorx.lnk -> C:\Program Files\NetWorx\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IM Lock Internet Filter 2011\IM Lock.lnk -> C:\Program Files (x86)\IM_Lock\IMLock.exe (Comvigo, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Readme anzeigen.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent\ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent\Deinstallation ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\Uninstaller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\Links\Desktop.lnk -> C:\Users\Monika\Desktop ()
Shortcut: C:\Users\Monika\Links\Downloads.lnk -> C:\Users\Monika\Downloads ()
Shortcut: C:\Users\Monika\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Monika\Desktop\Windows 7 Games deluxe Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Games deluxe\Spielesammlung.lnk -> C:\Program Files (x86)\Spiele\Windows 7 Games deluxe\Sampler\autorun.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.15 1748.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe ()
Shortcut: C:\Users\Public\Desktop\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\IM Lock.lnk -> C:\Program Files (x86)\IM_Lock\IMLock.exe (Comvigo, Inc.)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\Desktop\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Monika\Desktop\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Default\Favorites\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Default\Desktop\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Monika\Favorites\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites (2).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites (3).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Monika\Favorites\Links\Vorgeschlagene Sites.url -> 0
InternetURL: C:\Users\Monika\Desktop\Hyrican - Newsletter.url -> hxxp://www.hyrican.de/cms/front_content.php?idcat=43

==================== End of log =============================


cosinus 27.03.2014 10:29

Liste der Anhänge anzeigen (Anzahl: 1)
Verlauf ist wirklich unübersehbar

http://www.trojaner-board.de/attachm...1&d=1395912518

Kobra1983 27.03.2014 16:09

Ähm ja, hallo!
Ich koste Dich hoffentlich nicht viele Nerven :crazy:

Klar, der Verlauf sagte mir nun was und hast Du mir auch per Screenshot gezeigt – danke!
Brachte Deinen Satz einfach nicht mit dem Programm Malwarebytes in Verbindung und schaute deswegen woanders nach.
Obwohl ich ja schon gesehen habe, dass unter Quarantäne diese Anwendungsprotokolle stehen, aber die habe ich einfach nicht verinnerlicht.

Nun dazu aber noch kurz eine Frage, denn ich muss meine Mutter dafür anrufen, damit sie es macht. Wenn man z.B. auf Schutz-Protokoll klickt, öffnet sich ein Fenster. Kann man auf 'in die Zwischenablage kopieren' drücken und dann im Forum zwischen diese CODES setzen? Oder muss man diesen Pfad auf dem PC finden?

Ah, nochmal geguckt. Exportieren geht auch und dann kann man es als .txt abspeichern.

Kleines Problem, denn das Schutzprotokoll von gestern ist leer. Ich konnte jetzt nur das Suchlauf- Protokoll speichern und das Schutzprotokoll von heute.

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 26.03.2014
Suchlauf-Zeit: 17:40:15
Logdatei: Verlaufsprotokoll.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.26.04
Rootkit Datenbank: v2014.03.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Monika

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 237007
Verstrichene Zeit: 1 Std, 19 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 14
PUP.Optional.Conduit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [ae2edc2b47345ed8c0a3d93c16eb5ca4],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [f9e363a4b8c386b0f81eae8cc939f10f],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [f9e363a4b8c386b0f81eae8cc939f10f],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [f7e5788fc9b249eddc142fd6010110f0],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [f7e5788fc9b249eddc142fd6010110f0],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [d408ac5bfe7de452b40a7491738fd42c],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [d408ac5bfe7de452b40a7491738fd42c],
PUP.Optional.Delta.A, HKU\S-1-5-21-1759273969-1603499046-1894764506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Löschen bei Neustart, [805caf585b2067cf6fa7c376a959ad53],
PUP.Optional.Delta.A, HKU\S-1-5-21-1759273969-1603499046-1894764506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Löschen bei Neustart, [06d624e3215a0e28f52017221ce66f91],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, In Quarantäne, [16c644c381fad066026e58e313efc040],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, In Quarantäne, [5a823bcc9cdf93a34f215edda65c1ae6],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1759273969-1603499046-1894764506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [9646d43381fab87e4618195f60a308f8],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1759273969-1603499046-1894764506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Löschen bei Neustart, [7e5e1fe82e4dde58adbbb8c139ca9d63],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[c01c7493ea91270fde857a9b46bbb050]

Ordner: 19
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\Logs, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],

Dateien: 77
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [ae2edc2b47345ed8c0a3d93c16eb5ca4],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [4c9048bfe695f83ec59ecd48f11054ac],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [ebf1fa0d403be55167fc26ef649d6997],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [6a729374e3986fc7471c27ee877a817f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [c01c7493ea91270fde857a9b46bbb050],
PUP.Optional.SweetIM, C:\Users\Monika\Downloads\bubblehit_mp_pgr.exe, In Quarantäne, [ad2fdd2ac4b72016f34751d78b794ab6],
PUP.Optional.Conduit, C:\Users\Monika\Downloads\Incredimail_TSA1K5TL.exe, In Quarantäne, [588456b18dee0333dc7bea4430d406fa],
PUP.Optional.Conduit, C:\Users\Monika\Downloads\Incredimail_TSA3IXFP.exe, In Quarantäne, [1fbdd1366e0d5dd981d6032b5ca8f30d],
PUP.Optional.Conduit, C:\Users\Monika\Downloads\Incredimail_TSA3IXGF.exe, In Quarantäne, [3e9e0ff8512acd690a4d9f8f1ee6b24e],
PUP.Optional.Babylon.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\babylon.xml, In Quarantäne, [3ba110f75c1fe74f0ec2bd99748e2ed2],
PUP.Optional.Delta.A, C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\de4qfbfz.default\searchplugins\delta.xml, In Quarantäne, [6e6ecc3b4e2d3bfb98724e09996912ee],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [dffd0bfc8fec3ef8cdefe79b7291b848],

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 27.03.2014 01:48:34, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:48:34, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:48:34, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:48:39, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:48:39, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:48:39, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:48:43, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:48:44, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:48:44, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:58:48, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:58:48, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:58:48, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:58:55, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:58:55, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:58:55, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:59:04, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:59:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:59:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 01:59:09, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 01:59:09, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 01:59:09, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 02:01:03, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 02:01:03, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 02:01:03, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 02:02:04, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 02:02:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 02:02:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 02:02:44, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 02:02:44, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 02:02:44, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Detection, 27.03.2014 02:03:03, SYSTEM, MONIKA-PC, Protection, Malware Protection, File, PUP.Optional.WebSteroids.A, c:\windows\syswow64\websteroids.b324755f3f87.dll, Quarantine, [3ea18384cead61d5402fad5019ea1ce4]
Protection, 27.03.2014 02:03:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Error, 27.03.2014 02:03:04, SYSTEM, MONIKA-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\syswow64\websteroids.b324755f3f87.dll,
Protection, 27.03.2014 12:38:31, SYSTEM, MONIKA-PC, Protection, Malware Protection, Starting,
Protection, 27.03.2014 12:38:31, SYSTEM, MONIKA-PC, Protection, Malware Protection, Started,
Protection, 27.03.2014 12:38:31, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2014 12:39:15, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Started,
Protection, 27.03.2014 12:43:36, SYSTEM, MONIKA-PC, Protection, Malware Protection, Starting,
Protection, 27.03.2014 12:43:36, SYSTEM, MONIKA-PC, Protection, Malware Protection, Started,
Protection, 27.03.2014 12:43:36, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2014 12:44:17, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Started,
Update, 27.03.2014 14:02:01, SYSTEM, MONIKA-PC, Scheduler, Malware Database, 2014.3.26.7, 2014.3.27.3,
Protection, 27.03.2014 14:02:03, SYSTEM, MONIKA-PC, Protection, Refresh, Starting,
Protection, 27.03.2014 14:02:03, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 27.03.2014 14:02:03, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 27.03.2014 14:02:17, SYSTEM, MONIKA-PC, Protection, Refresh, Success,
Protection, 27.03.2014 14:02:18, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2014 14:02:18, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Started,
Update, 27.03.2014 14:57:26, SYSTEM, MONIKA-PC, Scheduler, Malware Database, 2014.3.27.3, 2014.3.27.4,
Protection, 27.03.2014 14:57:28, SYSTEM, MONIKA-PC, Protection, Refresh, Starting,
Protection, 27.03.2014 14:57:28, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 27.03.2014 14:57:28, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 27.03.2014 14:57:32, SYSTEM, MONIKA-PC, Protection, Refresh, Success,
Protection, 27.03.2014 14:57:32, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2014 14:57:32, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Started,
Protection, 27.03.2014 15:46:23, SYSTEM, MONIKA-PC, Protection, Malware Protection, Starting,
Protection, 27.03.2014 15:46:23, SYSTEM, MONIKA-PC, Protection, Malware Protection, Started,
Protection, 27.03.2014 15:46:23, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2014 15:47:53, SYSTEM, MONIKA-PC, Protection, Malicious Website Protection, Started,

(end)


cosinus 27.03.2014 16:14

Ähm, wo ist eigentlich das Log von JRT?

Kobra1983 27.03.2014 17:17

Gute Frage.
Also unter der Nachricht von gestern 23:43 Uhr sieht man auf jeden Fall oft das Wort 'JFR' und sie hat es definitiv runtergeladen. Leider haben sich da auch 2 Log Files wohl verschlungen.

Ich habe sogar die Schritte mit ihr zusammen gemacht und mir auch alles besorgt, obwohl ich es nicht benötige und meinem PC eventuell damit schade.
Doch der hat eh das Betriebssystem XP, ist ein älteres Modell, hat sich bald erledigt und anders können wir es nicht machen. Weil wenn sie mir nur alles vorliest, kann ich damit nichts anfangen – muss es selber sehen und ausführen.

Okay, nachgeschaut. Jetzt ist das vom AdwCleaner da, Malwarebytes ist ein Bericht nicht auffindbar, Farbar's Recovery einmal ohne und einmal mit Addition da.
Jau, JRT. Ich krieg die Krise. Gestern war ein Editor mit diesem Namen aber geöffnet.
Kann man den denn noch finden?

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Monika on 26.03.2014 at 22:11:46,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1759273969-1603499046-1894764506-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{867BC69D-20BB-4F98-BB76-3ED591623624}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\de4qfbfz.default\minidumps [178 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2014 at 22:15:59,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


cosinus 28.03.2014 00:46

Mach es nicht kompliziert, einfach das was in den Anleitungen steht ;)

Zum besseren Überblick frische FRST Logs bitte :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132