Och nöööö. jetzt ist Schritt 2 weg. Hab nicht dran gedacht und hab den Rechner wegen Schritt 3 neu gestartet :D
Ergebnis SCHRITT 3 Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 29.03.2014
Suchlauf-Zeit: 12:21:24
Logdatei: Scanner.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.03.29.01
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Anne
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 287642
Verstrichene Zeit: 36 Min, 59 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 3
PUP.Optional.DVDVideoSoft.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}, In Quarantäne, [c63a5da3778930d0ad730cfa907259a7],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [2fd1b848ab5507f9e6094b17a062e61a],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [e31d9967d32dab55420881fcdb28e61a],
Registrierungswerte: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {2E5BDE81-51E7-11E2-ACDD-E8039A19DF1F}, In Quarantäne, [e31d9967d32dab55420881fcdb28e61a]
Hijack.Autorun, HKU\S-1-5-21-578327087-4110603385-1361986703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\Anne\AppData\Local\Temp\roahsneaeskqgnuyb.exe", Löschen bei Neustart, [02fe7f81da2634cc4c9bcc990ef42ed2]
Registrierungsdaten: 1
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-578327087-4110603385-1361986703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q=%s, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q=%s),Löschen bei Neustart,[59a718e826dad62a736d818ada2afb05]
Ordner: 3
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\Themes, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
Dateien: 53
PUP.Optional.FileScout.A, C:\Users\Anne\AppData\Local\Temp\473C.tmp, In Quarantäne, [728e15eb22de32ce82f3ab5437c908f8],
PUP.Optional.InstallCore.A, C:\Users\Anne\AppData\Local\Temp\nsr8EF8.tmp, In Quarantäne, [c33ddc2410f0f30d886138b3857eb848],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\ccp.exe, In Quarantäne, [639d17e93dc316eafa26a777dd234bb5],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\CrxInstaller.dll, In Quarantäne, [24dcc23eb54bc7392f83ee22936ed32d],
PUP.Optional.Delta, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\MyDeltaTB.exe, In Quarantäne, [0cf4669af60aae52b7e746bac53c7a86],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\Setup.exe, In Quarantäne, [e8187f8104fc6e92fe2d57c74ab68e72],
Backdoor.Bot, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\android.exe, In Quarantäne, [946ce020e21e916f538c1b48956c9967],
PUP.Optional.Conduit.A, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\spidentifierimpl.exe, In Quarantäne, [6c949b65dc242ed2f2f9ef2698697c84],
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\software\tugs_awesomehp.exe, In Quarantäne, [1be57b857888926e7f63c28b2ad744bc],
PUP.Optional.SilenceInstall, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\software\VOPackage.exe, In Quarantäne, [c33d01ff06fa778949899aa08b750000],
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\package1.zip, In Quarantäne, [f30dd72940c0bf4126ed56dc4bb5966a],
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\QQBrowserFrame.dll, In Quarantäne, [fa061ce411ef3ec260b3240eb24ed927],
PUP.Optional.SupTab.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\tmp\SupTab.exe, In Quarantäne, [be424db32fd1ec14bc8f45f054ace818],
PUP.Optional.WpManager, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\tmp\wpm.exe, In Quarantäne, [42bee51bff0109f75bd80c4c5ca58878],
PUP.Optional.OpenCandy, C:\Users\Anne\AppData\Local\Temp\is-N6J6I.tmp\OCSetupHlp.dll, In Quarantäne, [5ba5a55b7b85ad539d91d15d36ced729],
PUP.Optional.Delta.A, C:\Users\Anne\AppData\Local\Temp\is357113909\DeltaTB.exe, In Quarantäne, [1ee2649c52aeaa5624dc639c38c89769],
PUP.Optional.DealPly.A, C:\Users\Anne\AppData\Local\Temp\is357113909\dp.exe, In Quarantäne, [ff01a45cc04011ef41a38ca4a2626d93],
PUP.Optional.WebCake.A, C:\Users\Anne\AppData\Local\Temp\is357113909\Setup-D502DD2B71B5.exe, In Quarantäne, [c83840c07888768a99df05fa7c84748c],
PUP.Optional.RegCleanPro, C:\Users\Anne\AppData\Local\Temp\is45637729\374014_stp\rcpsetup_adppi15_adppi15.exe, In Quarantäne, [966a59a741bf04fc206a67cd936ddd23],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\BExternal.dll, In Quarantäne, [a759768a9d6317e9be21f82aa060e719],
PUP.Optional.Conduit.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\ccp.exe, In Quarantäne, [d7295ca4649c8c743e4c2bed2ed3ee12],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\CrxInstaller.dll, In Quarantäne, [916f659bcf3157a9971b4fc19a678779],
PUP.Optional.Delta.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\DSearchLink.exe, In Quarantäne, [de221fe1619fcd33c0aaf7e212f115eb],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\MntrDLLInstall.dll, In Quarantäne, [49b7af5133cdaa56af04cd439b661ae6],
PUP.Optional.Delta, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\MyDeltaTB.exe, In Quarantäne, [b54b23ddb54ba35d653afb05a85909f7],
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\Setup.exe, In Quarantäne, [b24ee51b59a77f8194edb56ce7197f81],
Backdoor.Bot, C:\Users\Anne\AppData\Local\Temp\android\android.exe, In Quarantäne, [a35d1ee299679769647b0e5559a8bc44],
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU001\Update.exe, In Quarantäne, [3ec29c6443bd60a04be253c024dd51af],
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU002\Update.exe, In Quarantäne, [669a58a855ab3fc166c7080b37cae818],
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU003\Update.exe, In Quarantäne, [26da8b75f20e21df8da0dd360ff2e818],
PUP.Optional.Koyote.A, C:\Users\Anne\Downloads\FreeVideoConverterSetup-r135-n-bc.exe, In Quarantäne, [52aeaf51aa566c948c225bdc877a32ce],
PUP.Optional.OpenCandy, C:\Users\Anne\Downloads\FreeYouTubeDownload.exe, In Quarantäne, [5fa113ed718f6a962695ec1840c115eb],
PUP.Optional.OpenCandy, C:\Users\Anne\Downloads\FreeYouTubeDownload_3.2.11.812.exe, In Quarantäne, [9868ba468f7118e84b70c440827fb64a],
PUP.Optional.Bandoo, C:\Users\Anne\Downloads\iLividSetup-r390-n-bi.exe, In Quarantäne, [b7491de370900ef21b338a774bb60af6],
PUP.Optional.BundleInstaller.A, C:\Users\Anne\Downloads\Setup.exe, In Quarantäne, [9e622bd51ae647b9d72b4eecdf21629e],
PUP.Optional.RegCleanerPro, C:\Users\Anne\Downloads\sysrc_trial_25044.exe, In Quarantäne, [52ae56aa55abc04091f705fd8081df21],
PUP.Optional.SweetIM, C:\Windows\Installer\56292.msi, In Quarantäne, [11ef3dc30cf43bc5e1de2c01699b18e8],
PUP.Optional.SweetIM, C:\Windows\Installer\56298.msi, In Quarantäne, [7888e51bb14f4eb205baa88509fb41bf],
PUP.Optional.SweetIM, C:\Windows\Installer\5629e.msi, In Quarantäne, [21dfe51b8e72748cd1ee8e9f5ea61fe1],
Trojan.Agent.TPL, C:\ProgramData\2433f433, In Quarantäne, [b24ee11ffa060af62aaef97656ad52ae],
Trojan.Agent.TPL, C:\Users\Anne\AppData\Roaming\2433f433, In Quarantäne, [de2234cc88788c7411c7422d51b2fc04],
Trojan.Agent.TPL, C:\Users\Anne\AppData\Local\2433f433, In Quarantäne, [6b95d42c0df315eb99403837c53eb848],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\History.xml, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Jar of Hearts - Christina Perri Lyrics(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Jar of Hearts - Christina Perri Lyrics(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Klangkarussell - Sonnentanz(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Klangkarussell - Sonnentanz(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\new york alicia keys(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\new york alicia keys(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Rihanna Feat. Mikky Ekko - Stay(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Rihanna Feat. Mikky Ekko - Stay(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\White Apple Tree- Snowflake(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\White Apple Tree- Snowflake(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729],
Physische Sektoren: 0
(No malicious items detected)
(end) Der Scan dauert ja Jahre :stirn:
Ich werde das heute Abend nochmal machen. Muss jetzt leider los
Aber nach Schritt 2 war beim starten von dem IE schon kein Awesomehp mehr da. :daumenhoc
Schritt 4 Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed888453abdbd245bf9bdc054ae3554d
# engine=17672
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-29 12:10:32
# local_time=2014-03-29 01:10:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 22462888 147724882 0 0
# scanned=52332
# found=2
# cleaned=0
# scan_time=1952
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed888453abdbd245bf9bdc054ae3554d
# engine=17676
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-29 09:11:23
# local_time=2014-03-29 10:11:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 22495339 147757333 0 0
# scanned=219668
# found=3
# cleaned=0
# scan_time=8693
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"
Schritt 5
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Anne (administrator) on ANNE-PC on 29-03-2014 22:23:37
Running from C:\Users\Anne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-02-08] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: G - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {22ff0f9e-082b-11e3-91c0-e8039a19df1f} - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a02180a-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a021810-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6DF822B9-A391-4181-BA3B-6457E6B8BED9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6DF822B9-A391-4181-BA3B-6457E6B8BED9} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-01-04]
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-01-04]
FF Extension: PutLockerDownloader - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-09]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-07-15] (GEAR Software Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-10] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-29 22:23 - 2014-03-29 22:23 - 00012214 _____ () C:\Users\Anne\Downloads\FRST.txt
2014-03-29 12:31 - 2014-03-29 12:31 - 00010828 _____ () C:\Users\Anne\Desktop\Scanner.txt
2014-03-29 11:42 - 2014-03-29 12:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 11:42 - 2014-03-29 11:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-29 11:42 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-29 11:42 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-29 11:42 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-29 11:29 - 2014-03-29 11:36 - 00000000 ____D () C:\AdwCleaner
2014-03-28 22:50 - 2014-03-29 22:23 - 00000000 ____D () C:\FRST
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-26 20:50 - 2014-03-26 21:46 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-23 20:24 - 2014-03-23 20:50 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 21:42 - 2014-03-23 20:59 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-20 22:04 - 2014-03-20 22:05 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-19 21:45 - 2014-03-21 22:42 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-19 21:31 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-19 21:31 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-19 21:31 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-19 21:31 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-19 21:31 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-19 21:31 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-19 21:31 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-19 21:31 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-19 21:31 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-19 21:31 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-19 21:31 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-19 21:31 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-19 21:31 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-19 21:31 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-19 21:31 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-19 21:31 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-19 21:31 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-19 21:31 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-19 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-19 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-19 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-19 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-19 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-19 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-19 21:30 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-19 21:30 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:19 - 2014-03-05 16:53 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-07 19:11 - 2014-03-07 19:24 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial
==================== One Month Modified Files and Folders =======
2014-03-29 22:24 - 2014-03-29 22:23 - 00012214 _____ () C:\Users\Anne\Downloads\FRST.txt
2014-03-29 22:23 - 2014-03-28 22:50 - 00000000 ____D () C:\FRST
2014-03-29 20:35 - 2011-10-11 17:59 - 01240609 _____ () C:\windows\WindowsUpdate.log
2014-03-29 19:51 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 19:51 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 19:42 - 2010-11-21 04:47 - 00313098 _____ () C:\windows\PFRO.log
2014-03-29 19:42 - 2009-07-14 05:51 - 00079268 _____ () C:\windows\setupact.log
2014-03-29 12:31 - 2014-03-29 12:31 - 00010828 _____ () C:\Users\Anne\Desktop\Scanner.txt
2014-03-29 12:26 - 2014-03-29 11:42 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 12:23 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2014-03-29 12:22 - 2013-03-16 22:27 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\DVDVideoSoft
2014-03-29 11:53 - 2011-10-11 02:44 - 00703224 _____ () C:\windows\system32\perfh007.dat
2014-03-29 11:53 - 2011-10-11 02:44 - 00150832 _____ () C:\windows\system32\perfc007.dat
2014-03-29 11:53 - 2009-07-14 06:13 - 01629416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-29 11:42 - 2014-03-29 11:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-29 11:36 - 2014-03-29 11:29 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:36 - 2013-09-21 21:20 - 00000000 ____D () C:\Users\Anne\Desktop\Tools
2014-03-29 11:36 - 2013-01-04 18:41 - 00000000 ____D () C:\windows\System32\Tasks\ProtectedSearch
2014-03-29 11:19 - 2012-07-14 16:24 - 00000000 ____D () C:\Users\Anne
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-26 21:46 - 2014-03-26 20:50 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-23 20:59 - 2014-03-21 21:42 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-23 20:50 - 2014-03-23 20:24 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 22:42 - 2014-03-19 21:45 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-20 22:05 - 2014-03-20 22:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-20 20:59 - 2009-07-14 05:45 - 00423000 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 20:56 - 2013-08-14 21:58 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 20:54 - 2012-10-29 21:37 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-20 20:53 - 2012-07-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 09:40 - 2012-07-14 16:28 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:30 - 2013-11-19 22:53 - 00015816 _____ () C:\windows\IE11_main.log
2014-03-07 19:26 - 2014-02-22 20:29 - 02825940 _____ () C:\windows\system32\SavingsBullFilterService.log
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:24 - 2014-03-07 19:11 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial
2014-03-05 16:53 - 2014-03-07 19:19 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-05 09:26 - 2014-03-29 11:42 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-29 11:42 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-29 11:42 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-03 21:10 - 2013-08-03 17:17 - 01603696 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-19 21:31 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 21:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 21:31 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 21:31 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 21:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 21:31 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 21:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 21:31 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 21:31 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 21:31 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 21:31 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 21:31 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 21:31 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 21:31 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 21:31 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 21:31 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 21:31 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 21:31 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 21:31 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 21:31 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 21:31 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 21:31 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 21:31 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 21:31 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 21:31 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 21:31 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 21:31 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 21:31 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 21:31 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 21:31 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 21:31 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 21:31 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 21:31 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Public\AlexaNSISPlugin.6240.dll
Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\avgnt.exe
C:\Users\Anne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anne\AppData\Local\Temp\Quarantine.exe
C:\Users\Anne\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Anne\AppData\Local\Temp\uninst1.exe
C:\Users\Anne\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-07 19:02
==================== End Of Log ============================ --- --- ---
--- --- ---
So, jetzt müsste ich alles haben.
Ist es jetzt weg? :abklatsch: |