| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.01.2014, 12:06
| #1 |
| |  Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Hallo, ich hoffe ihr könnt mir schnell helfen. Habe mit Malwarebytes zunächst nur einen Quickscan durchgeführt und schon bei diesem wurden einige Funde gemacht. Anbei die Logdatei. Ich hoffe ihr könnt mir raten wie ich damit umgehen soll! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Cristina :: CRISTINA-PC [Administrator] 23.01.2014 11:46:18 MBAM-log-2014-01-23 (11-58-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207567 Laufzeit: 9 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsr8162.tmp\AskInstaller.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\Downloads\mp3rocket.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\Downloads\SoftonicDownloader_fuer_tor.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. (Ende) Vielen Dank. Geändert von _xcristi_ (23.01.2014 um 13:05 Uhr) |
|
23.01.2014, 12:58
| #2 |
| /// the machine /// TB-Ausbilder    | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.01.2014, 14:04
| #3 |
| | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. na danke ist aber ne sehr hilfreiche antwort, wenn du mir in deiner antwort schreibst wie ich logs zu posten habe....
__________________ich hab das andere thema aufgemacht weil ich die ergebnisse vom vollständigen suchlauf inzwischen habe und ich desweiteren hier gelesen hab, dass wenn ein beitrag schon ne antwort hat, andere nutzer denken, dass dem fragenden schon geholfen wurde. aber wie gesagt deine antwort war nicht wirklich allzu hilfreich |
|
25.01.2014, 11:55
| #4 |
| /// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Wenn Du deinen Beitrag nach meiner Antwort editierst kann ich das nicht riechen. Einfach mal weniger rumstänkern und mal umschauen was hier so die paar wenigen Gepflogenheiten sind, wenn man schon 300 Euro für nen PC Laden spart. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2014, 14:05
| #5 |
| | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014
Ran by Cristina (administrator) on CRISTINA-PC on 27-01-2014 13:48:23
Running from C:\Users\Cristina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-06-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-06-07] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Runonce: [Uninstall C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
Startup: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D5ACC8B30B8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&q={searchTerms}&SSPV=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]
CHR Extension: (Google Drive) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]
CHR Extension: (YouTube) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Google-Suche) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (AdBlock) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-23]
CHR Extension: (Proxy link for YouTube™) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Google Mail) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24904 2013-11-25] (Apache Software Foundation)
S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [121672 2013-11-25] (VisualSVN Ltd.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-27 13:48 - 2014-01-27 13:49 - 00012937 _____ C:\Users\Cristina\Downloads\FRST.txt
2014-01-27 13:48 - 2014-01-27 13:48 - 00000000 ____D C:\FRST
2014-01-27 13:43 - 2014-01-27 13:47 - 02078208 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe
2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 11:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 18:06 - 2014-01-22 19:26 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java
2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip
2014-01-02 03:01 - 2014-01-02 03:02 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip
2013-12-31 02:23 - 2013-12-31 02:26 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe
2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS
2013-12-31 02:22 - 2013-12-31 02:23 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe
2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG
2013-12-31 02:06 - 2013-12-31 12:44 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP
2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo!
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m
2013-12-31 01:59 - 2009-06-02 00:36 - 01418240 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop5.dll
2013-12-31 01:59 - 2009-06-02 00:36 - 00979456 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax6.dll
2013-12-31 01:59 - 2009-06-02 00:36 - 00503296 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll
2013-12-31 01:59 - 2009-06-02 00:35 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-12-31 01:59 - 2009-05-18 22:35 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2013-12-31 01:58 - 2013-12-31 02:03 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-31 01:58 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll
2013-12-31 01:54 - 2013-12-31 02:06 - 00239333 _____ C:\Windows\hpwins26.dat
2013-12-31 01:54 - 2013-12-31 02:06 - 00000777 _____ C:\ProgramData\hpzinstall.log
2013-12-31 01:54 - 2013-12-31 02:06 - 00000000 ____D C:\ProgramData\HP
2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef
2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef
2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef
2013-12-30 21:59 - 2013-12-30 22:00 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD
2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar
==================== One Month Modified Files and Folders =======
2014-01-27 13:49 - 2014-01-27 13:48 - 00012937 _____ C:\Users\Cristina\Downloads\FRST.txt
2014-01-27 13:48 - 2014-01-27 13:48 - 00000000 ____D C:\FRST
2014-01-27 13:48 - 2013-09-26 08:15 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Dropbox
2014-01-27 13:48 - 2013-09-22 20:54 - 01907305 _____ C:\Windows\WindowsUpdate.log
2014-01-27 13:47 - 2014-01-27 13:43 - 02078208 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe
2014-01-27 13:43 - 2013-09-26 08:17 - 00000000 ___RD C:\Users\Cristina\Dropbox
2014-01-27 13:40 - 2013-09-23 08:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 13:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 13:40 - 2009-07-14 05:51 - 00038777 _____ C:\Windows\setupact.log
2014-01-24 21:39 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 21:39 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 16:40 - 2013-09-23 08:44 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 19:26 - 2014-01-22 18:06 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt
2014-01-17 15:15 - 2013-09-23 08:47 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 17:59 - 2009-07-14 05:45 - 04918632 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:49 - 2013-09-26 08:17 - 00001033 _____ C:\Users\Cristina\Desktop\Dropbox.lnk
2014-01-15 23:49 - 2013-09-26 08:16 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 23:49 - 2013-09-22 21:34 - 00000000 ___RD C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 22:40 - 2013-12-10 19:54 - 00000000 ____D C:\Users\Cristina\AppData\Local\Eclipse
2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java
2014-01-03 15:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip
2014-01-02 03:02 - 2014-01-02 03:01 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-31 12:44 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP
2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip
2013-12-31 12:31 - 2013-09-23 08:43 - 00064408 _____ C:\Users\Cristina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 02:26 - 2013-12-31 02:23 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe
2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS
2013-12-31 02:23 - 2013-12-31 02:22 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe
2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG
2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP
2013-12-31 02:06 - 2013-12-31 01:54 - 00239333 _____ C:\Windows\hpwins26.dat
2013-12-31 02:06 - 2013-12-31 01:54 - 00000777 _____ C:\ProgramData\hpzinstall.log
2013-12-31 02:06 - 2013-12-31 01:54 - 00000000 ____D C:\ProgramData\HP
2013-12-31 02:06 - 2009-07-14 03:34 - 00000438 _____ C:\Windows\win.ini
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo!
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-31 02:03 - 2013-12-31 01:58 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m
2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef
2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef
2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef
2013-12-30 22:28 - 2013-11-12 14:00 - 00000000 ___RD C:\Users\Cristina\SkyDrive
2013-12-30 22:00 - 2013-12-30 21:59 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD
2013-12-30 19:08 - 2013-09-23 20:33 - 00000000 ____D C:\Program Files\Adobe
2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar
Some content of TEMP:
====================
C:\Users\Cristina\AppData\Local\Temp\avgnt.exe
C:\Users\Cristina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe
C:\Users\Cristina\AppData\Local\Temp\jpv1vzd8.dll
C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe
C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe
C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe
C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe
C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe
C:\Users\Cristina\AppData\Local\Temp\utt17C5.tmp.exe
C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe
C:\Users\Cristina\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-13 00:57
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014
Ran by Cristina at 2014-01-27 13:49:56
Running from C:\Users\Cristina\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39 - Atheros Communications Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Doc Convertor 1.0 (Beta) (x32 Version: - OverZone Software)
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (x32 Version: 8.15.10.2372 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
iTunes (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400 - Oracle)
Java(TM) 6 Update 25 (64-bit) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MP3 Rocket (x32 Version: 6.4.1 - MP3 TechSupport Inc)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (x32 Version: - Valve Corporation)
Synaptics Pointing Device Driver (Version: 15.1.12.0 - Synaptics Incorporated)
The Stanley Parable (x32 Version: - Galactic Cafe)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VisualSVN Server 2.7.3 (x32 Version: 2.7.3.0 - VisualSVN Ltd.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WordToPDF 2.9 (x32 Version: 2.9 - Mario Noack)
Yahoo! Toolbar (x32 Version: - )
==================== Restore Points =========================
26-12-2013 17:55:38 Windows Update
31-12-2013 11:38:33 Windows Update
31-12-2013 11:53:00 Windows Update
02-01-2014 02:00:17 Windows Update
07-01-2014 14:04:39 Windows Update
12-01-2014 22:39:55 Windows Update
16-01-2014 00:01:31 Windows Update
22-01-2014 16:14:35 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {84ABB391-6D18-4B55-BD2D-4726EE9B45A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.)
Task: {EBF2D344-597D-492C-8421-9031963362B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-23 23:03 - 2011-06-07 02:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-23 09:00 - 2013-09-23 08:58 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Cristina\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-17 15:15 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-17 15:15 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-17 15:15 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 15:15 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 15:15 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-11-18 15:13 - 2013-11-18 15:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2013-09-23 23:01 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2014 01:41:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 09:31:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 01:35:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3860369
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3860369
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/22/2014 05:07:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/24/2014 09:31:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/24/2014 09:31:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (01/24/2014 09:31:39 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/21/2014 11:18:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/21/2014 11:18:33 AM) (Source: DCOM) (User: )
Description: 1053HPSLPSVC{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (01/21/2014 11:18:32 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Network Devices Support erreicht.
Error: (01/09/2014 11:10:45 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (01/09/2014 11:10:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/09/2014 11:10:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (01/07/2014 08:12:41 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Microsoft Office Sessions:
=========================
Error: (01/27/2014 01:41:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 09:31:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 01:35:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3860369
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3860369
Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/22/2014 05:07:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-01-23 23:02:40.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 23:02:39.983
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 23:02:39.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 23:02:39.708
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 23:02:39.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 23:02:39.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 22:46:49.400
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 22:46:49.297
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 22:46:49.183
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 22:46:48.569
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 4003 MB
Available physical RAM: 1662.27 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 5142.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:421.44 GB) NTFS
Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:14.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=658 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
28.01.2014, 11:05
| #6 |
| /// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Nix dramatisches, bissl PUP und Adware. MBAM nochmal scannen lassen, Funde auch löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. |
|
28.01.2014, 21:59
| #7 |
| | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Vielen Dank! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 28/01/2014 um 01:03:50
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cristina - CRISTINA-PC
# Gestartet von : C:\Users\Cristina\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Cristina\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [12141 octets] - [28/01/2014 01:00:42]
AdwCleaner[S0].txt - [11448 octets] - [28/01/2014 01:03:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11509 octets] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cristina on 28.01.2014 at 21:40:09,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.01.2014 at 21:46:40,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Cristina (administrator) on CRISTINA-PC on 28-01-2014 21:55:53
Running from C:\Users\Cristina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-06-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-06-07] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Runonce: [Uninstall C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
Startup: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D5ACC8B30B8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]
CHR Extension: (Google Drive) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]
CHR Extension: (YouTube) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Google-Suche) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (AdBlock) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-23]
CHR Extension: (Proxy link for YouTube™) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Google Mail) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24904 2013-11-25] (Apache Software Foundation)
S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [121672 2013-11-25] (VisualSVN Ltd.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-28 21:55 - 2014-01-28 21:55 - 00000000 ____D C:\Users\Cristina\Downloads\FRST-OlderVersion
2014-01-28 21:46 - 2014-01-28 21:46 - 00000628 _____ C:\Users\Cristina\Desktop\JRT.txt
2014-01-28 21:40 - 2014-01-28 21:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 21:33 - 2014-01-28 21:34 - 01037068 _____ (Thisisu) C:\Users\Cristina\Downloads\JRT.exe
2014-01-28 01:00 - 2014-01-28 01:04 - 00000000 ____D C:\AdwCleaner
2014-01-28 00:59 - 2014-01-28 01:00 - 01236282 _____ C:\Users\Cristina\Downloads\adwcleaner.exe
2014-01-27 13:49 - 2014-01-27 13:50 - 00023345 _____ C:\Users\Cristina\Downloads\Addition.txt
2014-01-27 13:48 - 2014-01-28 21:55 - 00011416 _____ C:\Users\Cristina\Downloads\FRST.txt
2014-01-27 13:48 - 2014-01-28 21:55 - 00000000 ____D C:\FRST
2014-01-27 13:43 - 2014-01-28 21:55 - 02079232 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe
2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 11:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 18:06 - 2014-01-22 19:26 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java
2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip
2014-01-02 03:01 - 2014-01-02 03:02 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip
2013-12-31 02:23 - 2013-12-31 02:26 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe
2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS
2013-12-31 02:22 - 2013-12-31 02:23 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe
2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG
2013-12-31 02:06 - 2013-12-31 12:44 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP
2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo!
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m
2013-12-31 01:59 - 2009-06-02 00:36 - 01418240 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop5.dll
2013-12-31 01:59 - 2009-06-02 00:36 - 00979456 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax6.dll
2013-12-31 01:59 - 2009-06-02 00:36 - 00503296 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll
2013-12-31 01:59 - 2009-06-02 00:35 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-12-31 01:59 - 2009-05-18 22:35 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2013-12-31 01:58 - 2013-12-31 02:03 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-31 01:58 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll
2013-12-31 01:54 - 2013-12-31 02:06 - 00239333 _____ C:\Windows\hpwins26.dat
2013-12-31 01:54 - 2013-12-31 02:06 - 00000777 _____ C:\ProgramData\hpzinstall.log
2013-12-31 01:54 - 2013-12-31 02:06 - 00000000 ____D C:\ProgramData\HP
2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef
2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef
2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef
2013-12-30 21:59 - 2013-12-30 22:00 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD
2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar
==================== One Month Modified Files and Folders =======
2014-01-28 21:56 - 2014-01-27 13:48 - 00011416 _____ C:\Users\Cristina\Downloads\FRST.txt
2014-01-28 21:55 - 2014-01-28 21:55 - 00000000 ____D C:\Users\Cristina\Downloads\FRST-OlderVersion
2014-01-28 21:55 - 2014-01-27 13:48 - 00000000 ____D C:\FRST
2014-01-28 21:55 - 2014-01-27 13:43 - 02079232 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe
2014-01-28 21:52 - 2013-09-26 08:15 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Dropbox
2014-01-28 21:46 - 2014-01-28 21:46 - 00000628 _____ C:\Users\Cristina\Desktop\JRT.txt
2014-01-28 21:40 - 2014-01-28 21:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 21:34 - 2014-01-28 21:33 - 01037068 _____ (Thisisu) C:\Users\Cristina\Downloads\JRT.exe
2014-01-28 21:00 - 2013-09-23 08:44 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 19:30 - 2013-09-23 08:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 19:19 - 2013-09-23 08:47 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 16:59 - 2013-09-22 20:54 - 01989324 _____ C:\Windows\WindowsUpdate.log
2014-01-28 12:23 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 12:23 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 12:18 - 2013-09-26 08:17 - 00000000 ___RD C:\Users\Cristina\Dropbox
2014-01-28 12:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 12:15 - 2009-07-14 05:51 - 00038889 _____ C:\Windows\setupact.log
2014-01-28 01:04 - 2014-01-28 01:00 - 00000000 ____D C:\AdwCleaner
2014-01-28 01:00 - 2014-01-28 00:59 - 01236282 _____ C:\Users\Cristina\Downloads\adwcleaner.exe
2014-01-27 13:50 - 2014-01-27 13:49 - 00023345 _____ C:\Users\Cristina\Downloads\Addition.txt
2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 19:26 - 2014-01-22 18:06 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt
2014-01-16 17:59 - 2009-07-14 05:45 - 04918632 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:49 - 2013-09-26 08:17 - 00001033 _____ C:\Users\Cristina\Desktop\Dropbox.lnk
2014-01-15 23:49 - 2013-09-26 08:16 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 23:49 - 2013-09-22 21:34 - 00000000 ___RD C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 22:40 - 2013-12-10 19:54 - 00000000 ____D C:\Users\Cristina\AppData\Local\Eclipse
2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java
2014-01-03 15:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip
2014-01-02 03:02 - 2014-01-02 03:01 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-31 12:44 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP
2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip
2013-12-31 12:31 - 2013-09-23 08:43 - 00064408 _____ C:\Users\Cristina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 02:26 - 2013-12-31 02:23 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe
2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS
2013-12-31 02:23 - 2013-12-31 02:22 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe
2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG
2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP
2013-12-31 02:06 - 2013-12-31 01:54 - 00239333 _____ C:\Windows\hpwins26.dat
2013-12-31 02:06 - 2013-12-31 01:54 - 00000777 _____ C:\ProgramData\hpzinstall.log
2013-12-31 02:06 - 2013-12-31 01:54 - 00000000 ____D C:\ProgramData\HP
2013-12-31 02:06 - 2009-07-14 03:34 - 00000438 _____ C:\Windows\win.ini
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo!
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-31 02:03 - 2013-12-31 01:58 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m
2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef
2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef
2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef
2013-12-30 22:28 - 2013-11-12 14:00 - 00000000 ___RD C:\Users\Cristina\SkyDrive
2013-12-30 22:00 - 2013-12-30 21:59 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD
2013-12-30 19:08 - 2013-09-23 20:33 - 00000000 ____D C:\Program Files\Adobe
2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar
Some content of TEMP:
====================
C:\Users\Cristina\AppData\Local\Temp\avgnt.exe
C:\Users\Cristina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe
C:\Users\Cristina\AppData\Local\Temp\jpv1vzd8.dll
C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe
C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe
C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe
C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe
C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe
C:\Users\Cristina\AppData\Local\Temp\Quarantine.exe
C:\Users\Cristina\AppData\Local\Temp\utt17C5.tmp.exe
C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe
C:\Users\Cristina\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 15:05
==================== End Of Log ============================
|
|
29.01.2014, 12:30
| #8 |
| /// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. |
| dateien, durchgeführt, funde, gefunde, hoffe, infizierte datei, infizierte dateien, malwarebytes, nicht sicher, pup.optional.conduit.a, pup.optional.iminent.a, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.spigot.a, schnell, umgehen, verdächtige, zunächst |
Linear-Darstellung
