|
Plagegeister aller Art und deren Bekämpfung: TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.01.2014, 12:07 | #1 |
| TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? Der AVIRA PC CLEANER weist diese beiden Infektionen aus welche auch bei jedem Neustart wieder vorhanden sind. Bisher ist es mir nicht gelungen, diese mit Malwarebytes oder ESET online scan dauerhaft zu entfernen. Die Dateiendungen sind .pst und .oba. Mein System Windows 7 64 auf aktuellem Stand. Über eine Hilfestellung / Anleitung für einen Laien Schritt für Schritt würde ich mich sehr freuen cu Christian |
28.01.2014, 12:17 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
28.01.2014, 12:56 | #3 |
| TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? Hallo Cosinus,
__________________besten Dank für Deine Unterstützung; hier mal die erste log datei. Eine Addition.txt habe ich nicht gefunden. Ich bitte Dich um Schritt für Schritt Anleitung; mein Verständnis betreffs Trojanern etc. tendiert gegen 0. Vermutlich sind die Trojaner schon länger auf dem System, ich habe es nur erst jetzt gemerkt... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02 Ran by Admin (administrator) on ADMIN-PC on 28-01-2014 12:38:24 Running from C:\Users\Admin\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (LG Electronics) C:\Users\Admin\Bluebirds\BlueBirds.exe (Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Deutsche Telekom AG) C:\Users\Admin\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Michel Krämer) C:\Program Files (x86)\Spamihilator\spamihilator.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-12-01] (Analog Devices, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung) HKCU\...\Run: [bluebirds] - C:\Users\Admin\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics) MountPoints2: {4f02461a-de8f-11de-b135-806e6f6e6963} - D:\BlueBirds.exe MountPoints2: {7fb42fdf-59d5-11e3-a717-90e6ba4e2af9} - H:\Startme.exe MountPoints2: {9ee167d3-f858-11de-9881-90e6ba4e2af9} - K:\AutoRun.exe MountPoints2: {bf570633-c7a9-11e2-a247-90e6ba4e2af9} - L:\Startme.exe HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company) HKU\Gast\...\Run: [Akamai NetSession Interface] - C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk ShortcutTarget: Mediencenter.lnk -> C:\Users\Admin\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ShortcutTarget: Spamihilator.lnk -> C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE1036D08EE94CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File URLSearchHook: HKCU - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {70C22D03-8B88-4FA5-95CE-4E8CE7792C87} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} SearchScopes: HKCU - {9299175C-A429-46E7-9811-E20E33AFA120} URL = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1 SearchScopes: HKCU - {9F297C71-E3CB-4353-8F21-EF86EE910FA2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=ACDFF077-07C2-4D0C-9036-3EA70106BF5F&apn_sauid=B0335531-A6DB-40A4-991A-5670453BCB8C SearchScopes: HKCU - {D70B9E18-28F0-4237-B9B8-842D2C45FE2B} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {F5AA3C41-ACCB-4029-80B5-17EC0B9C34C8} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=9a754c4000000000000090e6ba4e2af9&r=373 SearchScopes: HKCU - {F79EDC1B-2857-4682-8C98-484AA0DD53D0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: AusweisApp 1.7.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {731B6776-6B7D-4B69-BB04-0C8B17DDF584} hxxp://www.starmoney.de/fileadmin/Dateien/StarMoney/support/Dateien/ou-services/setup.ocx DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{92F1B360-21C7-4D9F-A790-8892ABC321A3}: [NameServer]208.67.222.222 208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @eleco.com/o2cplayer - C:\Program Files (x86)\O2C Player\npO2CPlayer.DLL (Eleco plc) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Admin\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\searchplugins\duckduckgo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-06-28] FF Extension: anonymoX - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\client@anonymox.net.xpi [2013-07-12] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-01-20] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010-11-19] FF Extension: Greasemonkey - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2009-12-08] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-09] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-31] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" ], "restore_on_startup_migrated": true, "restore_on_startup" CHR DefaultSearchProvider: FBDownloader Search CHR DefaultSearchURL: hxxp://www.google.com CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-24] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-24] CHR Extension: (avast! Ad Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-09-10] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-24] CHR Extension: (Simple New Tab) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2013-12-26] CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-03-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-24] ==================== Services (Whitelisted) ================= R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-12-01] (Andrea Electronics Corporation) R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-24] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 OKI OPHK DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHKLDCS.EXE [20480 2007-07-24] (Oki Data Corporation) R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-12-01] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-12-01] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-01-26] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [25600 2009-12-01] (Creative Technology Ltd.) S3 MEMSWEEP2; C:\Windows\system32\BAC3.tmp [6144 2009-06-18] (Sophos Plc) R3 MTSBDA; C:\Windows\System32\DRIVERS\TerraTecPCI.sys [360568 2010-11-19] (TerraTec Provide) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 MtsHID; C:\Windows\System32\DRIVERS\TerraTecPciHid.sys [24696 2010-11-19] (TerraTec Electronic GmbH.) R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.) S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacmx64; C:\Windows\System32\drivers\nmwcdsacmx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia) S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia) R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.) S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies) R3 rpkmdrv; C:\Windows\System32\drivers\rpkmdrv.sys [21248 2012-08-16] () R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2009-12-01] (Acronis) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-28 12:38 - 2014-01-28 12:39 - 00025986 _____ C:\Users\Admin\Desktop\FRST.txt 2014-01-28 10:56 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BAC3.tmp 2014-01-28 10:26 - 2014-01-28 10:26 - 00000000 ____D C:\Program Files (x86)\Sophos 2014-01-28 10:26 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\D360.tmp 2014-01-27 15:06 - 2014-01-27 15:06 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-27 14:20 - 2014-01-27 14:20 - 00002037 _____ C:\Users\Admin\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-01-27 14:20 - 2014-01-27 14:20 - 00001981 _____ C:\Users\Admin\Desktop\Avira PC Cleaner.lnk 2014-01-27 13:29 - 2014-01-27 23:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 10:13 - 2014-01-27 10:13 - 09106898 _____ (tm ) C:\Users\Admin\Desktop\ECTSetup.exe 2014-01-27 08:34 - 2014-01-27 14:50 - 00000000 ____D C:\AdwCleaner 2014-01-26 15:46 - 2014-01-28 12:32 - 00000000 ____D C:\Users\Admin\Desktop\Virenscan 2014-01-26 10:39 - 2014-01-26 10:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\ProgramData\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\Program Files (x86)\Avira 2014-01-26 10:36 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-01-26 10:36 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-01-26 10:36 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Users\Admin\ffcmr 2014-01-26 10:29 - 2014-01-26 10:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-01-26 10:16 - 2014-01-26 10:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-25 18:15 - 2014-01-26 15:47 - 00000000 ____D C:\FRST 2014-01-25 18:14 - 2014-01-26 15:47 - 02078208 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-25 18:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-25 17:59 - 2014-01-28 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-24 17:57 - 2014-01-24 17:57 - 00015814 _____ C:\Users\Admin\Documents\ESt2013_Dohrn_Christian_und_Dohrn_Annette.elfo 2014-01-22 15:24 - 2014-01-22 15:24 - 00039080 _____ C:\Users\Admin\Documents\USt2013_Christian_Dohrn.elfo 2014-01-22 15:14 - 2014-01-22 15:14 - 00001239 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-17 10:02 - 2014-01-17 10:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-17 10:01 - 2014-01-17 10:01 - 00000000 ____D C:\Program Files\Java 2014-01-15 15:09 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 15:09 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 15:09 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 14:42 - 2014-01-13 14:42 - 00098839 _____ C:\_m.dmp 2014-01-13 14:22 - 2014-01-13 14:52 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-13 14:19 - 2014-01-13 15:04 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-02 10:58 - 2014-01-22 14:24 - 00002733 _____ C:\Users\Admin\Documents\Jahr2014.eca 2014-01-02 10:58 - 2014-01-02 10:58 - 00000000 ____D C:\Users\Admin\Documents\Backup2013 2013-12-31 12:54 - 2013-12-31 12:54 - 02405664 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HousecallLauncher64(1).exe 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\ProgramData\Sony Mobile 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile ==================== One Month Modified Files and Folders ======= 2014-01-28 12:39 - 2014-01-28 12:38 - 00025986 _____ C:\Users\Admin\Desktop\FRST.txt 2014-01-28 12:32 - 2014-01-26 15:46 - 00000000 ____D C:\Users\Admin\Desktop\Virenscan 2014-01-28 12:32 - 2013-07-24 06:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spamihilator 2014-01-28 12:32 - 2012-11-05 15:18 - 00000000 ___RD C:\Users\Admin\Mediencenter 2014-01-28 12:31 - 2013-11-14 14:53 - 00023075 _____ C:\Windows\setupact.log 2014-01-28 12:31 - 2009-12-04 18:06 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-28 12:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 12:26 - 2009-12-01 16:44 - 01639161 _____ C:\Windows\WindowsUpdate.log 2014-01-28 12:24 - 2012-03-30 10:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-28 11:50 - 2009-12-04 18:06 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-28 10:26 - 2014-01-28 10:26 - 00000000 ____D C:\Program Files (x86)\Sophos 2014-01-28 10:01 - 2012-10-25 13:19 - 00000000 ____D C:\Program Files (x86)\Aurora 2014-01-28 09:49 - 2014-01-25 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 23:55 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-27 23:55 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-27 23:49 - 2014-01-27 13:29 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 22:08 - 2013-03-05 13:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ECAAA66B-B97C-4AEB-BE8E-1B3A30FB9331} 2014-01-27 19:42 - 2013-04-05 11:42 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 S-Edition 2014-01-27 19:26 - 2009-12-02 21:43 - 00000000 ____D C:\Program Files (x86)\File Recover 2014-01-27 15:06 - 2014-01-27 15:06 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-27 14:52 - 2013-11-14 14:53 - 00414658 _____ C:\Windows\PFRO.log 2014-01-27 14:50 - 2014-01-27 08:34 - 00000000 ____D C:\AdwCleaner 2014-01-27 14:35 - 2009-12-30 22:12 - 00001034 _____ C:\Windows\Tasks\Google Software Updater.job 2014-01-27 14:20 - 2014-01-27 14:20 - 00002037 _____ C:\Users\Admin\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-01-27 14:20 - 2014-01-27 14:20 - 00001981 _____ C:\Users\Admin\Desktop\Avira PC Cleaner.lnk 2014-01-27 13:45 - 2009-12-05 16:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT 2014-01-27 13:44 - 2009-12-05 16:49 - 00000000 ____D C:\Users\Admin\Documents\UseNeXT 2014-01-27 13:25 - 2012-03-30 10:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-27 13:25 - 2012-03-30 10:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-27 13:25 - 2011-05-24 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-27 13:25 - 2009-12-02 19:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2014-01-27 13:09 - 2013-07-06 19:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Common 2014-01-27 13:04 - 2010-11-15 11:00 - 00000000 ____D C:\Users\Admin\Documents\Backups 2014-01-27 10:15 - 2011-12-28 17:13 - 00014448 _____ C:\Users\Admin\Documents\easyct.ini 2014-01-27 10:14 - 2011-12-28 17:12 - 00001033 _____ C:\Users\Admin\Desktop\EasyCash&Tax.lnk 2014-01-27 10:14 - 2011-12-28 17:12 - 00000000 ____D C:\Program Files (x86)\EasyCash&Tax 2014-01-27 10:13 - 2014-01-27 10:13 - 09106898 _____ (tm ) C:\Users\Admin\Desktop\ECTSetup.exe 2014-01-27 10:09 - 2011-05-24 11:35 - 00000000 ____D C:\Users\Admin\Desktop\Miete Konstanz 2014-01-27 10:07 - 2010-07-12 10:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate 2014-01-26 15:47 - 2014-01-25 18:15 - 00000000 ____D C:\FRST 2014-01-26 15:47 - 2014-01-25 18:14 - 02078208 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-01-26 15:46 - 2012-07-09 09:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-26 15:43 - 2009-12-22 18:52 - 00000000 ____D C:\Program Files\WinRAR 2014-01-26 15:34 - 2009-12-31 14:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\QuickScan 2014-01-26 10:39 - 2014-01-26 10:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\ProgramData\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\Program Files (x86)\Avira 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Users\Admin\ffcmr 2014-01-26 10:30 - 2009-12-01 16:44 - 00000000 ____D C:\Users\Admin 2014-01-26 10:29 - 2014-01-26 10:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-01-26 10:24 - 2013-04-19 13:50 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2008 2014-01-26 10:16 - 2014-01-26 10:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-25 15:45 - 2013-12-26 16:46 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-25 15:45 - 2012-03-31 17:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-25 15:45 - 2011-01-10 15:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-24 17:57 - 2014-01-24 17:57 - 00015814 _____ C:\Users\Admin\Documents\ESt2013_Dohrn_Christian_und_Dohrn_Annette.elfo 2014-01-22 18:53 - 2010-02-03 19:42 - 00000000 ___RD C:\Users\Admin\Desktop\Musikbearbeitung 2014-01-22 15:24 - 2014-01-22 15:24 - 00039080 _____ C:\Users\Admin\Documents\USt2013_Christian_Dohrn.elfo 2014-01-22 15:15 - 2011-01-19 13:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\elsterformular 2014-01-22 15:14 - 2014-01-22 15:14 - 00001239 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-22 15:13 - 2010-01-18 12:05 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-22 15:12 - 2010-01-29 08:30 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-22 15:11 - 2010-10-26 07:37 - 00000000 ____D C:\Program Files (x86)\PDF Password Cracker Pro v3.0 2014-01-22 14:24 - 2014-01-02 10:58 - 00002733 _____ C:\Users\Admin\Documents\Jahr2014.eca 2014-01-22 11:41 - 2009-12-04 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help 2014-01-20 11:04 - 2013-05-13 08:26 - 00000000 ____D C:\Users\Admin\Desktop\100MEDIA 2014-01-17 10:02 - 2014-01-17 10:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-17 10:01 - 2014-01-17 10:01 - 00000000 ____D C:\Program Files\Java 2014-01-16 03:21 - 2009-07-14 05:45 - 05149208 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 03:03 - 2013-08-09 11:13 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 03:00 - 2009-12-01 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-13 15:04 - 2014-01-13 14:19 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-13 14:52 - 2014-01-13 14:22 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-13 14:42 - 2014-01-13 14:42 - 00098839 _____ C:\_m.dmp 2014-01-13 08:18 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-10 13:53 - 2013-04-29 12:46 - 00000000 ____D C:\Users\Admin\Desktop\Acryl 2014-01-04 16:27 - 2013-05-13 18:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc 2014-01-02 10:58 - 2014-01-02 10:58 - 00000000 ____D C:\Users\Admin\Documents\Backup2013 2014-01-02 10:57 - 2013-01-02 14:35 - 00020246 _____ C:\Users\Admin\Documents\Jahr2013.eca 2013-12-31 17:53 - 2013-07-05 17:46 - 00000000 ____D C:\Users\Admin\Desktop\Nowusgames 2013-12-31 12:54 - 2013-12-31 12:54 - 02405664 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HousecallLauncher64(1).exe 2013-12-31 12:46 - 2009-12-01 16:44 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\ProgramData\Sony Mobile 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile 2013-12-30 07:11 - 2013-05-28 16:39 - 00000000 ___RD C:\Users\Admin\Desktop\Sony Tablet Z 2013-12-30 07:10 - 2013-05-28 16:31 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-12-30 07:10 - 2013-05-28 16:31 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson 2013-12-30 07:09 - 2013-11-30 16:46 - 00472622 _____ C:\Windows\DPINST.LOG 2013-12-30 07:08 - 2009-12-01 17:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 11:42 ==================== End Of Log ============================ --- --- --- [/CODE] |
28.01.2014, 14:27 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.01.2014, 17:12 | #5 |
| TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? Der Haken war mir nicht bekannt;gesetzt und nochmal gescannt: Code:
ATTFilter can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02 Ran by Admin (administrator) on ADMIN-PC on 28-01-2014 16:57:58 Running from C:\Users\Admin\Desktop\Anleitung Trojaner Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (LG Electronics) C:\Users\Admin\Bluebirds\BlueBirds.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Deutsche Telekom AG) C:\Users\Admin\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Michel Krämer) C:\Program Files (x86)\Spamihilator\spamihilator.exe (Mozilla Corporation) C:\Program Files (x86)\Aurora\firefox.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-12-01] (Analog Devices, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung) HKCU\...\Run: [bluebirds] - C:\Users\Admin\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics) MountPoints2: {4f02461a-de8f-11de-b135-806e6f6e6963} - D:\BlueBirds.exe MountPoints2: {7fb42fdf-59d5-11e3-a717-90e6ba4e2af9} - H:\Startme.exe MountPoints2: {9ee167d3-f858-11de-9881-90e6ba4e2af9} - K:\AutoRun.exe MountPoints2: {bf570633-c7a9-11e2-a247-90e6ba4e2af9} - L:\Startme.exe HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company) HKU\Gast\...\Run: [Akamai NetSession Interface] - C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk ShortcutTarget: Mediencenter.lnk -> C:\Users\Admin\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ShortcutTarget: Spamihilator.lnk -> C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE1036D08EE94CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File URLSearchHook: HKCU - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {70C22D03-8B88-4FA5-95CE-4E8CE7792C87} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} SearchScopes: HKCU - {9299175C-A429-46E7-9811-E20E33AFA120} URL = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1 SearchScopes: HKCU - {9F297C71-E3CB-4353-8F21-EF86EE910FA2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=ACDFF077-07C2-4D0C-9036-3EA70106BF5F&apn_sauid=B0335531-A6DB-40A4-991A-5670453BCB8C SearchScopes: HKCU - {D70B9E18-28F0-4237-B9B8-842D2C45FE2B} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {F5AA3C41-ACCB-4029-80B5-17EC0B9C34C8} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=9a754c4000000000000090e6ba4e2af9&r=373 SearchScopes: HKCU - {F79EDC1B-2857-4682-8C98-484AA0DD53D0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: AusweisApp 1.7.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {731B6776-6B7D-4B69-BB04-0C8B17DDF584} hxxp://www.starmoney.de/fileadmin/Dateien/StarMoney/support/Dateien/ou-services/setup.ocx DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{92F1B360-21C7-4D9F-A790-8892ABC321A3}: [NameServer]208.67.222.222 208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @eleco.com/o2cplayer - C:\Program Files (x86)\O2C Player\npO2CPlayer.DLL (Eleco plc) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Admin\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\searchplugins\duckduckgo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-06-28] FF Extension: anonymoX - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\client@anonymox.net.xpi [2013-07-12] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-01-20] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010-11-19] FF Extension: Greasemonkey - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ig6k12b.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2009-12-08] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-09] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-31] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" ], "restore_on_startup_migrated": true, "restore_on_startup" CHR DefaultSearchProvider: FBDownloader Search CHR DefaultSearchURL: hxxp://www.google.com CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-24] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-24] CHR Extension: (avast! Ad Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-09-10] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-24] CHR Extension: (Simple New Tab) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2013-12-26] CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-03-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-24] ==================== Services (Whitelisted) ================= R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-12-01] (Andrea Electronics Corporation) R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-24] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 OKI OPHK DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHKLDCS.EXE [20480 2007-07-24] (Oki Data Corporation) R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-12-01] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-12-01] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-01-26] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [25600 2009-12-01] (Creative Technology Ltd.) S3 MEMSWEEP2; C:\Windows\system32\BAC3.tmp [6144 2009-06-18] (Sophos Plc) R3 MTSBDA; C:\Windows\System32\DRIVERS\TerraTecPCI.sys [360568 2010-11-19] (TerraTec Provide) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 MtsHID; C:\Windows\System32\DRIVERS\TerraTecPciHid.sys [24696 2010-11-19] (TerraTec Electronic GmbH.) R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.) S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacmx64; C:\Windows\System32\drivers\nmwcdsacmx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia) S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia) R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.) S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies) R3 rpkmdrv; C:\Windows\System32\drivers\rpkmdrv.sys [21248 2012-08-16] () R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2009-12-01] (Acronis) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-28 12:57 - 2014-01-28 16:57 - 00000000 ____D C:\Users\Admin\Desktop\Anleitung Trojaner 2014-01-28 10:56 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BAC3.tmp 2014-01-28 10:26 - 2014-01-28 10:26 - 00000000 ____D C:\Program Files (x86)\Sophos 2014-01-28 10:26 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\D360.tmp 2014-01-27 15:06 - 2014-01-27 15:06 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-27 14:20 - 2014-01-27 14:20 - 00002037 _____ C:\Users\Admin\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-01-27 14:20 - 2014-01-27 14:20 - 00001981 _____ C:\Users\Admin\Desktop\Avira PC Cleaner.lnk 2014-01-27 13:29 - 2014-01-27 23:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 10:13 - 2014-01-27 10:13 - 09106898 _____ (tm ) C:\Users\Admin\Desktop\ECTSetup.exe 2014-01-27 08:34 - 2014-01-27 14:50 - 00000000 ____D C:\AdwCleaner 2014-01-26 15:46 - 2014-01-28 12:32 - 00000000 ____D C:\Users\Admin\Desktop\Virenscan 2014-01-26 10:39 - 2014-01-26 10:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\ProgramData\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\Program Files (x86)\Avira 2014-01-26 10:36 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-01-26 10:36 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-01-26 10:36 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Users\Admin\ffcmr 2014-01-26 10:29 - 2014-01-26 10:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-01-26 10:16 - 2014-01-26 10:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-25 18:15 - 2014-01-26 15:47 - 00000000 ____D C:\FRST 2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-25 18:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-25 17:59 - 2014-01-28 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-24 17:57 - 2014-01-24 17:57 - 00015814 _____ C:\Users\Admin\Documents\ESt2013_Dohrn_Christian_und_Dohrn_Annette.elfo 2014-01-22 15:24 - 2014-01-22 15:24 - 00039080 _____ C:\Users\Admin\Documents\USt2013_Christian_Dohrn.elfo 2014-01-22 15:14 - 2014-01-22 15:14 - 00001239 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-17 10:02 - 2014-01-17 10:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-17 10:01 - 2014-01-17 10:01 - 00000000 ____D C:\Program Files\Java 2014-01-15 15:09 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 15:09 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 15:09 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 15:09 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 14:42 - 2014-01-13 14:42 - 00098839 _____ C:\_m.dmp 2014-01-13 14:22 - 2014-01-13 14:52 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-13 14:19 - 2014-01-13 15:04 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-02 10:58 - 2014-01-22 14:24 - 00002733 _____ C:\Users\Admin\Documents\Jahr2014.eca 2014-01-02 10:58 - 2014-01-02 10:58 - 00000000 ____D C:\Users\Admin\Documents\Backup2013 2013-12-31 12:54 - 2013-12-31 12:54 - 02405664 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HousecallLauncher64(1).exe 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\ProgramData\Sony Mobile 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile ==================== One Month Modified Files and Folders ======= 2014-01-28 16:57 - 2014-01-28 12:57 - 00000000 ____D C:\Users\Admin\Desktop\Anleitung Trojaner 2014-01-28 16:55 - 2009-12-01 16:44 - 01643314 _____ C:\Windows\WindowsUpdate.log 2014-01-28 16:54 - 2013-07-24 06:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Spamihilator 2014-01-28 16:54 - 2012-11-05 15:18 - 00000000 ___RD C:\Users\Admin\Mediencenter 2014-01-28 16:52 - 2009-12-04 18:06 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-28 16:50 - 2013-11-14 14:53 - 00023299 _____ C:\Windows\setupact.log 2014-01-28 16:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 12:50 - 2009-12-04 18:06 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-28 12:40 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-28 12:40 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-28 12:32 - 2014-01-26 15:46 - 00000000 ____D C:\Users\Admin\Desktop\Virenscan 2014-01-28 12:24 - 2012-03-30 10:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-28 10:26 - 2014-01-28 10:26 - 00000000 ____D C:\Program Files (x86)\Sophos 2014-01-28 10:01 - 2012-10-25 13:19 - 00000000 ____D C:\Program Files (x86)\Aurora 2014-01-28 09:49 - 2014-01-25 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 23:49 - 2014-01-27 13:29 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 22:08 - 2013-03-05 13:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ECAAA66B-B97C-4AEB-BE8E-1B3A30FB9331} 2014-01-27 19:42 - 2013-04-05 11:42 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 S-Edition 2014-01-27 19:26 - 2009-12-02 21:43 - 00000000 ____D C:\Program Files (x86)\File Recover 2014-01-27 15:06 - 2014-01-27 15:06 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-27 14:52 - 2013-11-14 14:53 - 00414658 _____ C:\Windows\PFRO.log 2014-01-27 14:50 - 2014-01-27 08:34 - 00000000 ____D C:\AdwCleaner 2014-01-27 14:35 - 2009-12-30 22:12 - 00001034 _____ C:\Windows\Tasks\Google Software Updater.job 2014-01-27 14:20 - 2014-01-27 14:20 - 00002037 _____ C:\Users\Admin\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-01-27 14:20 - 2014-01-27 14:20 - 00001981 _____ C:\Users\Admin\Desktop\Avira PC Cleaner.lnk 2014-01-27 13:45 - 2009-12-05 16:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT 2014-01-27 13:44 - 2009-12-05 16:49 - 00000000 ____D C:\Users\Admin\Documents\UseNeXT 2014-01-27 13:25 - 2012-03-30 10:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-27 13:25 - 2012-03-30 10:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-27 13:25 - 2011-05-24 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-27 13:25 - 2009-12-02 19:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2014-01-27 13:09 - 2013-07-06 19:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Common 2014-01-27 13:04 - 2010-11-15 11:00 - 00000000 ____D C:\Users\Admin\Documents\Backups 2014-01-27 10:15 - 2011-12-28 17:13 - 00014448 _____ C:\Users\Admin\Documents\easyct.ini 2014-01-27 10:14 - 2011-12-28 17:12 - 00001033 _____ C:\Users\Admin\Desktop\EasyCash&Tax.lnk 2014-01-27 10:14 - 2011-12-28 17:12 - 00000000 ____D C:\Program Files (x86)\EasyCash&Tax 2014-01-27 10:13 - 2014-01-27 10:13 - 09106898 _____ (tm ) C:\Users\Admin\Desktop\ECTSetup.exe 2014-01-27 10:09 - 2011-05-24 11:35 - 00000000 ____D C:\Users\Admin\Desktop\Miete Konstanz 2014-01-27 10:07 - 2010-07-12 10:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate 2014-01-26 15:47 - 2014-01-25 18:15 - 00000000 ____D C:\FRST 2014-01-26 15:46 - 2012-07-09 09:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-26 15:43 - 2009-12-22 18:52 - 00000000 ____D C:\Program Files\WinRAR 2014-01-26 15:34 - 2009-12-31 14:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\QuickScan 2014-01-26 10:39 - 2014-01-26 10:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\ProgramData\Avira 2014-01-26 10:36 - 2014-01-26 10:36 - 00000000 ____D C:\Program Files (x86)\Avira 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Users\Admin\ffcmr 2014-01-26 10:30 - 2009-12-01 16:44 - 00000000 ____D C:\Users\Admin 2014-01-26 10:29 - 2014-01-26 10:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-01-26 10:24 - 2013-04-19 13:50 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2008 2014-01-26 10:16 - 2014-01-26 10:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-25 15:45 - 2013-12-26 16:46 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-01-25 15:45 - 2012-03-31 17:06 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-25 15:45 - 2012-03-31 17:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-25 15:45 - 2011-01-10 15:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-24 17:57 - 2014-01-24 17:57 - 00015814 _____ C:\Users\Admin\Documents\ESt2013_Dohrn_Christian_und_Dohrn_Annette.elfo 2014-01-22 18:53 - 2010-02-03 19:42 - 00000000 ___RD C:\Users\Admin\Desktop\Musikbearbeitung 2014-01-22 15:24 - 2014-01-22 15:24 - 00039080 _____ C:\Users\Admin\Documents\USt2013_Christian_Dohrn.elfo 2014-01-22 15:15 - 2011-01-19 13:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\elsterformular 2014-01-22 15:14 - 2014-01-22 15:14 - 00001239 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-22 15:13 - 2010-01-18 12:05 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-22 15:12 - 2010-01-29 08:30 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-22 15:11 - 2010-10-26 07:37 - 00000000 ____D C:\Program Files (x86)\PDF Password Cracker Pro v3.0 2014-01-22 14:24 - 2014-01-02 10:58 - 00002733 _____ C:\Users\Admin\Documents\Jahr2014.eca 2014-01-22 11:41 - 2009-12-04 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help 2014-01-20 11:04 - 2013-05-13 08:26 - 00000000 ____D C:\Users\Admin\Desktop\100MEDIA 2014-01-17 10:02 - 2014-01-17 10:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-17 10:02 - 2014-01-17 10:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-01-17 10:01 - 2014-01-17 10:01 - 00000000 ____D C:\Program Files\Java 2014-01-16 03:21 - 2009-07-14 05:45 - 05149208 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 03:03 - 2013-08-09 11:13 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 03:00 - 2009-12-01 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-13 15:04 - 2014-01-13 14:19 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-13 14:52 - 2014-01-13 14:22 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-13 14:42 - 2014-01-13 14:42 - 00098839 _____ C:\_m.dmp 2014-01-13 08:18 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-10 13:53 - 2013-04-29 12:46 - 00000000 ____D C:\Users\Admin\Desktop\Acryl 2014-01-04 16:27 - 2013-05-13 18:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc 2014-01-02 10:58 - 2014-01-02 10:58 - 00000000 ____D C:\Users\Admin\Documents\Backup2013 2014-01-02 10:57 - 2013-01-02 14:35 - 00020246 _____ C:\Users\Admin\Documents\Jahr2013.eca 2013-12-31 17:53 - 2013-07-05 17:46 - 00000000 ____D C:\Users\Admin\Desktop\Nowusgames 2013-12-31 12:54 - 2013-12-31 12:54 - 02405664 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HousecallLauncher64(1).exe 2013-12-31 12:46 - 2009-12-01 16:44 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-12-30 07:24 - 2013-12-30 07:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\ProgramData\Sony Mobile 2013-12-30 07:11 - 2013-12-30 07:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile 2013-12-30 07:11 - 2013-05-28 16:39 - 00000000 ___RD C:\Users\Admin\Desktop\Sony Tablet Z 2013-12-30 07:10 - 2013-05-28 16:31 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-12-30 07:10 - 2013-05-28 16:31 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson 2013-12-30 07:09 - 2013-11-30 16:46 - 00472622 _____ C:\Windows\DPINST.LOG 2013-12-30 07:08 - 2009-12-01 17:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 11:42 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02 Ran by Admin at 2014-01-28 16:59:15 Running from C:\Users\Admin\Desktop\Anleitung Trojaner Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 3D-Viewer-innoplus (x32 Version: 13.01.16 - INNOVA-engineering GmbH) Acronis*True*Image*Home (x32 Version: 13.0.6029 - Acronis) AdblockIE (x32 Version: 1.2 - af0.net) Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.3 - Adobe Systems) Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636 - Adobe Systems, Inc.) AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AirPort (x32 Version: 5.6.1.2 - Apple Inc.) Akamai NetSession Interface (HKCU Version: - ) Akamai NetSession Interface Service (x32 Version: - ) AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) ASUSUpdate (x32 Version: - ) ATI AVIVO64 Codecs (Version: 11.1.0.50504 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (Version: 3.0.778.0 - ATI Technologies, Inc.) Aurora 28.0a2 (x86 de) (x32 Version: 28.0a2 - Mozilla) AusweisApp (x32 Version: 1.7.0 - OpenLimit SignCubes AG) avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software) Avery Wizard 4.0 (x32 Version: 4.0.6 - Avery) AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.204 - AVG) Hidden Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira) Biet-O-Matic v2.12.6 (x32 Version: Biet-O-Matic v2.12.6 - BOM Development Team) Bonjour-Druckdienste (Version: 2.0.2.0 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden calibre (x32 Version: 1.10.0 - Kovid Goyal) Canon iP4800 series Printer Driver (Version: - ) Canon My Printer (x32 Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center HydraVision Full (x32 Version: 2010.0504.2152.37420 - ATI) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help English (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help French (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help German (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0504.2151.37420 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0504.2151.37420 - ATI) Hidden ccc-core-static (x32 Version: 2010.0504.2152.37420 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0504.2152.37420 - ATI) Hidden Cinergy C PCI V1.01.02.501 (x32 Version: 1.01.02.501 - ) CloneCD (x32 Version: - SlySoft) Corel Graphics - Windows Shell Extension (Version: 16.0.0.707 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.0.0.707 - Corel Corporation) CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden cyberJack Base Components (x32 Version: 6.10.0 - REINER SCT) CyberLink YouCam (x32 Version: 1.0.2914 - CyberLink Corp.) CyberLink YouCam (x32 Version: 1.0.2914 - CyberLink Corp.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation) DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Doodle Outlook Connector (HKCU Version: 1.5.0.0 - Doodle AG) DVBViewer Pro (x32 Version: 5.1 - CM&V) EasyCash&Tax 1.65 (x32 Version: - tm) Elster-Export 1.9 (x32 Version: - tm) ElsterFormular (x32 Version: 15.0.20140117 - Landesfinanzdirektion Thüringen) ESET Online Scanner v3 (x32 Version: - ) Free DVD Video Converter version 2.0.15.1125 (x32 Version: 2.0.15.1125 - DVDVideoSoft Ltd.) Free Studio version 2013 (x32 Version: 6.1.0.320 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1127 (x32 Version: 3.12.17.1127 - DVDVideoSoft Ltd.) Garmin Communicator Plugin (x32 Version: 2.9.1 - Garmin Ltd or its subsidiaries) Garmin POI Loader (x32 Version: 2.5.4.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (x32 Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Gigaset QuickSync (Version: 8.0.0856.1 - Gigaset Communications GmbH) GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team) GNU Backgammon (MAIN branch, 20091102 code) (x32 Version: - Free Software Foundation) Google Calendar Sync (x32 Version: - ) Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.) Google Chrome Frame (x32 Version: 65.107.16500 - Google, Inc.) Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Google Updater (x32 Version: 2.4.2432.1652 - Google Inc.) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden GPL Ghostscript (x32 Version: 9.04 - Artifex Software Inc.) Handy Safe Desktop Professional 2.03 (x32 Version: 2.3.190 - Epocware) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1 - Microsoft Corporation) HP Imaging Device Functions 13.0 (Version: 13.0 - HP) HP My Display (x32 Version: 1.35.003 - Portrait Displays, Inc.) HP Photosmart Essential 3.5 (Version: 3.5 - HP) HP Scanjet G3110 (Version: 13.0 - HP) HP Solution Center 13.0 (Version: 13.0 - HP) HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard) hpg3110 (x32 Version: 13.0.0.0 - Ihr Firmenname) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden iCloud (Version: 1.0.1.29 - Apple Inc.) iDevice Manager (Version: 1.3.0.0 - Marx Softwareentwicklung) iDevice Manager (x32 Version: 2.1.0.0 - Marx Softwareentwicklung) Inkscape 0.48.4 (x32 Version: 0.48.4 - ) Integrity Tool (x32 Version: 1.7.0 - OpenLimit SignCubes AG) IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan) IZArc 3.81 (x32 Version: 3.81 Build 1550 - Ivan Zahariev) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JStock (remove only) (x32 Version: - ) LensProIII v.3.85 (x32 Version: - ) Lexware Abschreibungsrechner (x32 Version: 10.50.04.0001 - Haufe-Lexware GmbH & Co.KG) Lexware Abschreibungsrechner (x32 Version: 4.60.00.0000 - Lexware) Hidden Lexware büro easy 2011 (x32 Version: 24.00.04.0033 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (x32 Version: 10.20.00.0134 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (x32 Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 13.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Lexware reisekosten 2009 (x32 Version: 16.00.00.0050 - Lexware) Hidden Lexware reisekosten plus 2009 (x32 Version: 16.00.00.0050 - Lexware) Lexware Zeiterfassung (x32 Version: 24.00.04.0001 - Haufe-Lexware GmbH & Co.KG) LightScribe System Software (x32 Version: 1.18.10.2 - LightScribe) LightScribe Template Labeler (x32 Version: 1.18.5.1 - LightScribe) LTplus Energiepass 8.2 (x32 Version: 8.2 - ArchitektenInitiative e.V.) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Max Uninstaller version 2.0 (x32 Version: 2.0 - hxxp://www.maxuninstaller.com/) Mediencenter 3.8.9799.6 (HKCU Version: 3.8.9799.6 - Deutsche Telekom AG) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Works 6-9 Converter (x32 Version: 9.7.0000 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0 - Mozilla) Mp3tag v2.58 (x32 Version: v2.58 - Florian Heidenreich) MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MusicBee 2.0 (x32 Version: 2.0 - Steven Mayall) NetObjects Fusion 11.0 (x32 Version: 11 German - ) NetObjects Fusion 12.0 (x32 Version: 12 German - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden O2C Player (x32 Version: - ) OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP) OKI Alert Info (x32 Version: 1.3.0 - Okidata) OKI Color Correct Utility (x32 Version: 2.17.1 - Okidata) OKI Color Swatch-Dienstprogramm (x32 Version: 2.1.11 - Okidata) OKI Configuration Tool (x32 Version: 1.6.0 - Okidata) OKI Device Setting (x32 Version: 1.6.0 - Okidata) OKI Network Setting (x32 Version: 1.0.2 - Okidata) OKI Storage Manager (x32 Version: 1.0.2 - Okidata) OKI User Setting (x32 Version: 1.4.0 - Okidata) orbis24 (HKCU Version: - Materna GmbH TMT) Outlook Backup v3.9.1 (x32 Version: - Osirius) PC Connectivity Solution (x32 Version: 8.47.7.0 - Nokia) PDF Password Cracker Pro v3.0 (x32 Version: - CrackPDF.com, Inc.) PDF Password Remover v3.0 (x32 Version: - VeryPDF.com Inc) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Pivot Software (x32 Version: 8.21.013 - Portrait Displays, Inc.) Hidden PixelNet Software 4.12.1 (x32 Version: 4.12.1 - ORWO Net) PixiePack Codec Pack (x32 Version: 1.1.1200.0 - None) PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC) Rapoo -Tastatur- und Maustreiber v1.6 (x32 Version: - Rapoo Inc.) Remote Control USB Driver (x32 Version: 2.3.2.317 - ) RENESIS® Player Browser Plugins (x32 Version: 1.1.1 - examotion® GmbH) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden Samsung PC Studio 7 (x32 Version: 7.2.24.9 - Samsung) Samsung PC Studio 7 (x32 Version: 7.2.24.9 - Samsung) Hidden Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.) SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1 - Samsung) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sony Mobile Update Engine (x32 Version: 2.13.14.201312091927 - Sony Mobile Communications AB) Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony) Sophos Anti-Rootkit 1.5.0 (x32 Version: 1.5.0 - Sophos Plc) SoundMAX (x32 Version: 6.10.2.6600 - Analog Devices) Spamihilator 1.5.0 (32-Bit) (x32 Version: 1.5.0 - Michel Krämer) SRWare Iron Version 24.0.1350.0 (x32 Version: 24.0.1350.0 - SRWare) StarMoney (x32 Version: 2.0 - StarFinanz) Hidden StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden StarMoney 7.0 (x32 Version: 7.0 - Star Finanz GmbH) StarMoney 9.0 S-Edition (x32 Version: 9.0 - Star Finanz GmbH) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System.Data.SQLite v1.0.81.0 (x32 Version: 1.0.81.0 - System.Data.SQLite Team) TeamViewer 6 (x32 Version: 6.0.13992 - TeamViewer GmbH) Total Commander (Remove or Repair) (x32 Version: 8.01 - Ghisler Software GmbH) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.2011.48 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.2000.15 - TuneUp Software) Hidden Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.) Unlocker 1.9.0-x64 (Version: 1.9.0 - Cedrick Collomb) Unlocker 1.9.1 (x32 Version: 1.9.1 - Cedrick Collomb) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) UseNeXT by Tangysoft (x32 Version: - Tangysoft Ltd.) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) VSO Image Resizer 3.0.1.76 (x32 Version: 3.0.1.76 - VSO-Software) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp) Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia) WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH) WinSCP 4.2.9 (x32 Version: 4.2.9 - Martin Prikryl) XING Connector 1.1 (x32 Version: 1.1 - XING AG) XMedia Recode Version 3.1.5.3 (x32 Version: 3.1.5.3 - XMedia Recode) Yahoo! Messenger (x32 Version: - Yahoo! Inc.) Yahoo! Software Update (x32 Version: - ) Yahoo! Toolbar (x32 Version: - ) Youtube Downloader HD v. 2.9.9.11 (x32 Version: - YoutubeDownloaderHD.com) Youtube to MP3 Converter v. 1.4 (x32 Version: - YoutubeDownloaderHD.com) ==================== Restore Points ========================= 22-01-2014 11:37:56 Avira PC Cleaner - 22.01.2014 12:37 22-01-2014 14:11:05 Avira PC Cleaner - 22.01.2014 15:11 25-01-2014 14:40:45 avast! antivirus system restore point ==================== Hosts content: ========================== 2011-10-14 15:53 - 2013-09-06 09:56 - 00000182 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 secure.tune-up.com 127.0.0.1 www.order.tune-up.com 127.0.0.1 www.tune-up.com 127.0.0.1 www.tune-up.com/order 127.0.0.1 www.registertuneup.com 127.0.0.1 www.tuneup.de ==================== Scheduled Tasks (whitelisted) ============= Task: {0683DFF0-0279-4C90-B3FF-3DE83C336EF7} - System32\Tasks\{7BDE52B3-FAD4-49BE-9ABF-CC3C87D35BDE} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {0765A3E9-A275-4321-8219-BC18831D5C57} - System32\Tasks\{6B49DBF8-8F40-49E9-9CD9-86FB836BA2CD} => C:\Program Files (x86)\Basement Softworks\AudioCon\AudioCon.exe Task: {0B21E0B7-9C06-4FD3-9967-267E9783A70F} - System32\Tasks\{AB3D65F6-B9F7-443F-A84C-71780DBDE209} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {0FD305BA-D35E-43BE-9F76-C3017B33074B} - System32\Tasks\{80A904B4-A675-4C8B-98C8-20198A142CCE} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2011-02-01] (ALNO AG) Task: {11ECA6B2-AF62-435C-8A66-0596F927BE98} - System32\Tasks\{6E631596-2825-438F-9EF8-9C52A5E99CB0} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {1513F2B5-CC1F-4E95-A3B2-F1B5104289A2} - System32\Tasks\{EA87E22B-20F4-4A13-9F19-B2313AD7FE66} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {166F9998-8123-49D0-AEAA-A5FA65FAA459} - System32\Tasks\{B39BA370-5AE4-496B-AACB-E0A3BEE7408B} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {19687CDB-FD39-4F3F-BDB7-9611B43F899B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {1CDB0657-E23C-465E-9CA2-5DAF9D2C2FA1} - System32\Tasks\{74D62D2A-2638-4772-AEC4-376A0A6C73D2} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {1FDB8C64-AAD9-41CB-B4C1-FFF53BFAF987} - System32\Tasks\{435209AF-5D4B-4643-8B0A-558050AC31E9} => C:\Users\Admin\Desktop\Musikbearbeitung\Nero Burning ROM 10.exe Task: {22D9F9A1-AE92-4017-A99B-953DFCD5206C} - System32\Tasks\{B680D474-FC7F-479E-8147-C6DF7C1EFB5B} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {23C91EF7-FAED-4B08-854C-E86F61ED69D0} - System32\Tasks\{08FA7EE6-D5E1-42B3-ABC4-1DBCA71D6776} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {23D66437-68A6-4320-9FB9-5206F417D3F7} - System32\Tasks\Update Manager => c:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {267AF463-1989-492E-BF50-A937085819C7} - System32\Tasks\{CA9F668B-A8C7-47B0-9EF3-9057A2DAB91C} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {2C9BCF9A-02E7-43A1-89B4-F9E509FA17FD} - System32\Tasks\{EA1AA7A7-5F85-426B-B22B-727B749E9E01} => C:\Program Files (x86)\AudioConverter Studio\converter.exe Task: {2EEC99AF-58D9-477F-B225-99085073CA53} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] () Task: {2FD4C413-8CB1-43BC-B7A9-E2098CD15910} - System32\Tasks\{FA984E8F-7957-49A0-8EDB-76F1FA353167} => C:\Users\Admin\Desktop\IE8-WindowsVista-x86-DEU.exe Task: {30FCA0CA-391E-47F5-9D9F-FE78FCFD6892} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-19] (Google) Task: {394500F3-C57A-4490-9ACA-9868002EB4C5} - System32\Tasks\{FD0C809F-8589-4246-ABBC-B104585E7CD1} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {3C8AB35E-883A-4158-9CA8-34A95809C566} - System32\Tasks\{D567C67F-B3D2-4CCC-A0C7-9DE8F0139C29} => C:\Program Files (x86)\EasyCash&Tax\EasyCT.exe Task: {3EE41868-A4B1-4153-85E4-71D95DDA2A42} - System32\Tasks\{12EA70EF-7B98-4F91-B297-7BDC46B0D104} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {402774A8-BAF8-4A2A-A90A-EE55C36057C4} - System32\Tasks\{9B4F2FFC-48D6-4FD1-8464-09197907368A} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {4068C016-E179-4D31-A56C-246036C22180} - System32\Tasks\{15B55193-1C8D-4377-BFC6-5CAA5D4C18BC} => C:\Users\Admin\Desktop\IPAD\redsn0w_win_0.9.6rc14\redsn0w.exe Task: {45748C26-3179-4630-A68B-D3991AC8064F} - System32\Tasks\{B90D88A1-B3DC-4564-8ADD-B17C517EA488} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {460F9660-505C-43F3-9FA0-77AFC6C2AE1F} - System32\Tasks\{069547AE-1C30-4FFB-98D3-1E0559DDFF21} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {4C467AB0-9966-40F8-9104-CDD028E03D10} - System32\Tasks\{FD18F216-E0C8-452A-BE2D-197CEFDEF6CA} => C:\Users\Admin\Desktop\IE8-WindowsVista-x86-DEU.exe Task: {576057A7-0549-404B-8161-2938FFC5CFC2} - System32\Tasks\{8761D37D-F60A-4B95-9112-495B8E2E648A} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {6325A0DE-2F71-40F9-99E4-C814AC5C9B44} - System32\Tasks\{E2831A69-5433-4044-B79D-85648120DCE3} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {64ADFD8D-F512-4FE3-B422-48DD59D9F2B1} - System32\Tasks\{27E67443-DE11-44BE-AF62-ED30E5425847} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {6B019A7C-89E6-44EC-88DF-DB2ADA95C476} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated) Task: {6B90CACA-1A40-4204-B2D9-11FAFE6D3DE2} - System32\Tasks\{74F8DFB0-5475-4D01-A112-F58B663B57DA} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {6CD93ED4-4DA5-4193-BB59-B31C70A83C43} - System32\Tasks\{F0A58610-996C-41C2-8C5C-8F6C349D0940} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {70BD5C91-471B-47AA-B659-67AB009BACA1} - System32\Tasks\{D3705C21-B6FC-490B-BC36-DD736421FC75} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {7245EBD0-A541-4F68-981F-C1A06B2B3FFB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {791A1AB1-23F9-4C56-9850-27DB9B734334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated) Task: {7BFCF061-5A14-434B-8907-2EE37357CE2E} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe Task: {7C256D8A-14FC-4480-A87C-FEAC59AB2F5E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe Task: {809A7681-7520-453F-8232-674E9DB96962} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software) Task: {8656F85F-21F5-43A1-A85B-8511FBF6DE5E} - System32\Tasks\{8BA32DFC-E7DC-49EE-A982-7229E1F1E7D8} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {865803B7-BD59-4D5C-A1F4-BEBCDCA0D69A} - System32\Tasks\{32A2B506-204B-4CD5-86B4-9BB4AB9719FA} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {88996FC3-CA49-4AD5-B3EE-650E7ABBF7EC} - System32\Tasks\{91D465F5-170B-4DFC-9629-FA9FF0A9A346} => C:\Users\Admin\Desktop\jxpiinstall.exe Task: {8B1ABB5E-6E56-4382-AA37-BF110302724E} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {921B6BCC-F52F-4701-AD31-9D55078AB9FB} - System32\Tasks\{AF6AEA85-C7B7-4CDC-A279-C2B6EBBF2C3B} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {97A23BCD-64DF-47AF-BBE2-DEEC5D22FC69} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard) Task: {9B96121C-83B6-489F-93F4-A3A0D6F952AA} - System32\Tasks\{423886D0-36D5-478B-9A5D-C2F1AF342481} => C:\Program Files (x86)\Basement Softworks\AudioCon\AudioCon.exe Task: {9CC9C2C1-6922-4898-893C-CFCB77BBF97D} - System32\Tasks\{78E9D77C-99C9-4B1C-937A-28D2D695758F} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {A949B300-BB4D-4306-8A1F-0342D1940A88} - System32\Tasks\{C1241CBF-B21E-477C-9D5F-42439D7C60FA} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) Task: {AA932E70-4FD7-4678-8E92-A6AA7787427E} - System32\Tasks\{CD226588-5BC6-42CD-B452-6D1DEDAB511B} => C:\Program Files (x86)\Lexware\bueroeasy2011\QBW32.exe Task: {B5052640-621D-4D7B-9AC8-A7E54947DF92} - System32\Tasks\{B2BF767A-6C08-4444-826C-F563A6CD63E1} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {B87A223D-5B68-4E07-8437-7D32B7BDFEA1} - System32\Tasks\{BD5B9B2B-9F1A-40A1-8596-F693F04918C2} => C:\Program Files (x86)\Lexware\bueroeasy2011\QBW32.exe Task: {BE3CA9AB-36B3-4592-A530-BC4DBBDE057F} - System32\Tasks\{19C92178-A226-455A-9240-EA8EC70B444F} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {C293CA55-6434-4B28-95FC-8512701D6EF9} - System32\Tasks\{FB5CFE0B-6318-4726-80F4-1426509FC1B8} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 11.0\Fusion.exe [2009-04-06] (NetObjects) Task: {C7701203-C0A6-48EB-9FF5-35EB4978322D} - System32\Tasks\{24C85044-3213-49C0-B0C0-F9A7CFAECD53} => C:\Program Files (x86)\Basement Softworks\AudioCon\AudioCon.exe Task: {CD7CF3C5-A6E7-4133-9BD5-8026716E3B75} - System32\Tasks\{73395899-09AF-4EDD-8202-8DD661FD285D} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {D4045ED3-7545-4A99-B95D-8D850512661A} - System32\Tasks\{4187D9F5-E230-4407-837C-ABFEA2C3B274} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {D5ACCF21-4E24-48C2-B51A-29D8647CCEF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-04] (Google Inc.) Task: {D7430B62-355E-4385-9D7F-22991510AB4E} - System32\Tasks\{E5EEFCBF-4D4B-4D23-B457-520DFD53E3AE} => C:\Users\Admin\Desktop\IE8-WindowsVista-x86-DEU.exe Task: {DE47B1D1-2744-44FA-BE3E-AD79542215A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-04] (Google Inc.) Task: {DEB0A4C0-DAED-4F5E-8F43-8742021BAD81} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {E183E512-C0AF-4474-B473-B339AE331CDD} - System32\Tasks\{A6DBC23E-BAB6-4292-815E-07C97C6D4476} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 12.0\Fusion.exe [2011-12-05] (NetObjects) Task: {E27DBB07-652D-4F3D-A17C-782705FA555F} - System32\Tasks\{FB3F0FC7-AECB-47B1-9258-415005F34695} => C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe Task: {EBF625DB-CDF2-42ED-A1DB-7A26AF99C1F8} - System32\Tasks\{53C64E71-5A03-4AB1-AA30-9965EE8E1752} => C:\Program Files (x86)\Basement Softworks\AudioCon\AudioCon.exe Task: {F1F54E0E-4B8F-46AC-AF26-0361D2A17A16} - System32\Tasks\{0119DD6C-7F6D-4DEB-81D9-AB4FEAD5BE03} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe [2012-03-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {FBDBB936-4665-4D73-975C-21B0A3EC8DEB} - System32\Tasks\Google Updater => C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe [2011-09-19] (Google) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2008-12-06 02:19 - 2008-12-06 02:19 - 00918016 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\phonebrowser64.dll 2009-05-16 00:20 - 2009-05-16 00:20 - 01103872 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSCM64_Samsung.dll 2014-01-28 12:37 - 2014-01-28 10:06 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012800\algo.dll 2014-01-26 10:36 - 2013-12-18 09:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-11-21 13:32 - 2007-05-31 06:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll 2011-11-10 15:55 - 2009-10-06 14:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney 7.0\ouservice\PATCHW32.dll 2013-10-16 11:24 - 2011-01-13 09:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-24 13:26 - 2013-10-24 13:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-07-24 06:29 - 2013-07-24 06:29 - 00060416 _____ () C:\Program Files (x86)\Spamihilator\zlib1.dll 2013-07-24 06:29 - 2013-07-24 06:29 - 00279040 _____ () C:\Program Files (x86)\Spamihilator\sqlite3.dll 2013-02-12 07:02 - 2014-01-28 10:01 - 03686512 _____ () C:\Program Files (x86)\Aurora\mozjs.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBV6VGVFLVPVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GVV1VLVV5VXVVD AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LBV6VGVFLVPVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GVV1VLVV5VXVVD AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LBV6VGVFLVPVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GVV1VLVV5VXVVD AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LBV6VGVFLVPVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GVV1VLVV5VXVVD AlternateDataStreams: C:\ProgramData\TEMP:24051EFF ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: USB-Chip Description: USB-Chip Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Diskettenlaufwerk Description: Diskettenlaufwerk Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318} Manufacturer: (Standarddiskettenlaufwerke) Service: flpydisk Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/28/2014 10:01:14 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2014 06:29:59 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden. Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. ], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet. ]. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (01/27/2014 06:29:59 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten. Fehlerkontext: DeviceIoControl(\\?\Volume{4f024617-de8f-11de-b135-806e6f6e6963} - 0000000000000118,0x0053c010,00000000003C6030,0,00000000003C8050,4096,[0]). Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (01/27/2014 03:06:01 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2014 03:05:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2014 03:05:52 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2014 02:31:40 PM) (Source: Application Hang) (User: ) Description: Programm notepad.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1340 Startzeit: 01cf1b64120a6e24 Endzeit: 16 Anwendungspfad: C:\Windows\SysWOW64\notepad.exe Berichts-ID: 57ac92f0-8757-11e3-82aa-90e6ba4e2af9 Error: (01/27/2014 02:31:01 PM) (Source: Application Hang) (User: ) Description: Programm notepad.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 123c Startzeit: 01cf1b63e4ca4dad Endzeit: 0 Anwendungspfad: C:\Windows\SysWOW64\notepad.exe Berichts-ID: 40843804-8757-11e3-82aa-90e6ba4e2af9 Error: (01/27/2014 02:29:49 PM) (Source: Application Hang) (User: ) Description: Programm notepad.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16e0 Startzeit: 01cf1b63a4049bf8 Endzeit: 15 Anwendungspfad: C:\Windows\SysWOW64\notepad.exe Berichts-ID: 0ef4d18f-8757-11e3-82aa-90e6ba4e2af9 Error: (01/25/2014 03:43:09 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: efc Startzeit: 01cf19db78a69dd3 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: System errors: ============= Error: (01/28/2014 00:58:31 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (01/28/2014 10:56:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/28/2014 10:56:17 AM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\BAC3.tmp nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (01/28/2014 10:34:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/28/2014 10:34:43 AM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\D360.tmp nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (01/28/2014 10:26:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/28/2014 10:26:54 AM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\D360.tmp nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (01/26/2014 02:56:19 PM) (Source: DCOM) (User: ) Description: {0006F03A-0000-0000-C000-000000000046} Error: (01/25/2014 03:46:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (01/22/2014 06:38:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Microsoft Office Sessions: ========================= Error: (01/28/2014 10:01:14 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\Virenscan\esetsmartinstaller_deu.exe Error: (01/27/2014 06:29:59 PM) (Source: VSS)(User: ) Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet. 0x00000000, Der Vorgang wurde erfolgreich beendet. 0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. 0x00000000, Der Vorgang wurde erfolgreich beendet. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (01/27/2014 06:29:59 PM) (Source: VSS)(User: ) Description: DeviceIoControl(\\?\Volume{4f024617-de8f-11de-b135-806e6f6e6963} - 0000000000000118,0x0053c010,00000000003C6030,0,00000000003C8050,4096,[0]) Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (01/27/2014 03:06:01 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe Error: (01/27/2014 03:05:57 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe Error: (01/27/2014 03:05:52 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe Error: (01/27/2014 02:31:40 PM) (Source: Application Hang)(User: ) Description: notepad.exe6.1.7600.16385134001cf1b64120a6e2416C:\Windows\SysWOW64\notepad.exe57ac92f0-8757-11e3-82aa-90e6ba4e2af9 Error: (01/27/2014 02:31:01 PM) (Source: Application Hang)(User: ) Description: notepad.exe6.1.7600.16385123c01cf1b63e4ca4dad0C:\Windows\SysWOW64\notepad.exe40843804-8757-11e3-82aa-90e6ba4e2af9 Error: (01/27/2014 02:29:49 PM) (Source: Application Hang)(User: ) Description: notepad.exe6.1.7600.1638516e001cf1b63a4049bf815C:\Windows\SysWOW64\notepad.exe0ef4d18f-8757-11e3-82aa-90e6ba4e2af9 Error: (01/25/2014 03:43:09 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.1efc01cf19db78a69dd30C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe CodeIntegrity Errors: =================================== Date: 2014-01-28 10:56:17.247 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\BAC3.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-28 10:56:17.088 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\BAC3.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-28 10:34:43.029 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\D360.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-28 10:34:42.867 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\D360.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-28 10:26:54.414 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\D360.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-28 10:26:54.250 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\D360.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-15 09:20:38.840 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-15 09:20:38.697 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-15 09:20:36.272 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-15 09:20:36.122 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8191.12 MB Available physical RAM: 5636.42 MB Total Pagefile: 16380.41 MB Available Pagefile: 13620.54 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.76 GB) (Free:316.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Sicherung System) (Fixed) (Total:465.76 GB) (Free:372.98 GB) NTFS Drive f: (Medien) (Fixed) (Total:1397.26 GB) (Free:161.38 GB) NTFS Drive g: (Medien) (Fixed) (Total:1397.26 GB) (Free:147.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: F838A31B) Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7FE1D461) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: F838A30B) Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9BDC7C00) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
29.01.2014, 00:40 | #6 | |||||
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen?Zitat:
Zitat:
Zitat:
Mal abgesehen davon, dass TuneUp der letzte Unsinn ist. Zitat:
Ich habe den Eindruck, das ist ein gewerblich genutztes System. Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ --> TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? |
29.01.2014, 08:56 | #7 |
| TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? HILFE mein lieber Cosinus sieht in meinen Augen anders aus und besteht weder aus irgendwelchen Animositäten noch Unterstellungen - vielleicht machst Du Dir einmal darüber Gedanken für Deinen nächsten Betroffenen? Es war ein Versuch für mich, wenn auch ein missglückter... Weitere Debatten scheinen hier wenig zielführend zu sein und so verabschiede ich mich auf diesem Wege und werde vermutlich das einzig Richtige tun - mein System neu aufsetzen. Allen Anderen viel Erfolg bei der Beseitigung und dem Cosinus sei Dank für seine Zeit. |
29.01.2014, 10:53 | #8 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen?Zitat:
- den TuneUp-Adressen die in der Hosts auf den localhost geerdet sind - die ganzen Professional-Versionen die gewerbliche Nutzung vermuten lassen Das mit den zwei Virenscannern braucht man jetzt nicht extra zu erwähnen, aber du solltest es zur Kenntnis nehmen und halt eben wissen, dass man zwei solcher Scanner nicht parallel nutzen sollte. Zitat:
Voraussetzung für Hilfe ist eine vernünftige Mitarbeit und dass du keine gecrackte Software auf der Kiste hast. So sind hier die Regeln und es ist nun absolut nicht mein Problem, dass du das anders siehst. Ich wünsche dir viel Spaß bei der Neuinstallation deines Rechners.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen? |
anleitung, avira, chris, christian, cleaner, dauerhaft, ellung, entferne, entfernen, eset, freue, gen, hilfestellung, infektionen, laien, leitung, malwarebytes, neustart, online, phish/paypal.27959, scan, schritt, tr/agent.131072.v, vorhanden, wie entfernen, wie entfernen?, würde |