| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.04.2014, 20:58
| #1 |
| |  Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Liebes Trojaner Board! Ich brauche Eure Hilfe. Ich habe seit einiger Zeit komisches Verhalten meines Rechners. Unter anderem poppt nach dem Aufstarten eine Message auf die folgendes besagt: "Problem beim Starten von c:\users\[user]\Appdata\Roaming\newnext.me\\nengine.dll - Das angegebene Modul wurde nicht gefunden".  Des weiteren kriege ich unerwünschte Pop-Ups mit wenn ich im Internet-Explorer im web unterwegs bin. Nachfolgend meine Log-Files gem. Euren Anleitungen. defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:07 on 16/04/2014 (Meier)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by Meier (administrator) on MEIER-PC on 16-04-2014 21:11:11
Running from C:\Users\Meier\trojaner_board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dwwin.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-09-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [MotiveReportAgent] => C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe [143360 2005-09-06] (Motive Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-13] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-06] (Easybits)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-24] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3885408 2009-02-06] (Microsoft Corporation)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Meier\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Meier\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d8efa14e10a7252646c981fe173f3df2-a69a1722efff4313d66b68fa783037b2a16ba27d /CMPID=0214c
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableChangePassword] 0
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM - {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM-x32 - DefaultScope {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM-x32 - {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={9BC5C332-B164-4C97-BF5D-56E70C24206B}&mid=d8efa14e10a7252646c981fe173f3df2-a69a1722efff4313d66b68fa783037b2a16ba27d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 21:25:11&v=17.0.0.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={9BC5C332-B164-4C97-BF5D-56E70C24206B}&mid=d8efa14e10a7252646c981fe173f3df2-a69a1722efff4313d66b68fa783037b2a16ba27d&lang=de&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-07 21:25:11&v=17.0.0.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Media View - {6f41c4a0-2297-47c5-84ba-7961ef39dca2} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Media View - {90cbbd29-8905-4aae-9521-bc70958384d2} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CH/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-05] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 87.245.64.10 87.245.64.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha6881.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha2601.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff [2014-03-15]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009-10-11]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\affahaionodbmiganclalfoaiegfjdai [2014-03-10]
CHR Extension: (Google Search) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdppgiopkkcbonjnljnkcmjnffpfbmgd [2014-03-15]
CHR Extension: (AVG Secure Search) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-10]
CHR Extension: (Google Wallet) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]
CHR HKLM-x32\...\Chrome\Extension: [affahaionodbmiganclalfoaiegfjdai] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch\MediaViewV1alpha6881.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [fdppgiopkkcbonjnljnkcmjnffpfbmgd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch\MediaViewV1alpha2601.crx [2014-02-26]
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-16 21:11 - 2014-04-16 21:11 - 00000000 ____D () C:\FRST
2014-04-16 21:07 - 2014-04-16 21:07 - 00000000 _____ () C:\Users\Meier\defogger_reenable
2014-04-16 21:04 - 2014-04-16 21:11 - 00000000 ____D () C:\Users\Meier\trojaner_board
2014-04-09 20:08 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 20:08 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 20:08 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 20:08 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 20:08 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:08 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:08 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:08 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:08 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:08 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:08 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:08 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:08 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:08 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:08 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 20:08 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 20:08 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 20:08 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 20:08 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 20:08 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 20:08 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-31 09:06 - 2014-03-31 09:10 - 00000000 ____D () C:\Program Files (x86)\Steuern13
2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk
==================== One Month Modified Files and Folders =======
2014-04-16 21:11 - 2014-04-16 21:11 - 00000000 ____D () C:\FRST
2014-04-16 21:11 - 2014-04-16 21:04 - 00000000 ____D () C:\Users\Meier\trojaner_board
2014-04-16 21:10 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:10 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-16 21:07 - 2014-04-16 21:07 - 00000000 _____ () C:\Users\Meier\defogger_reenable
2014-04-16 21:07 - 2009-10-31 16:36 - 00000000 ____D () C:\Users\Meier
2014-04-16 20:40 - 2012-06-12 15:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-16 20:39 - 2009-10-11 01:16 - 01163181 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 20:35 - 2014-02-16 16:55 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-16 20:35 - 2010-02-11 12:10 - 00000000 ____D () C:\Users\Meier\Tracing
2014-04-16 20:34 - 2014-02-05 21:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-16 20:34 - 2013-06-06 19:43 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-16 20:34 - 2012-08-20 13:06 - 00041584 _____ () C:\Windows\setupact.log
2014-04-16 20:34 - 2012-06-22 20:50 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 20:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 21:17 - 2012-06-22 20:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 20:24 - 2013-04-03 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 20:16 - 2009-09-05 18:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 20:16 - 2009-09-05 18:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 20:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 21:26 - 2013-08-09 11:17 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 20:31 - 2009-10-31 16:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 20:30 - 2013-08-15 11:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 20:26 - 2010-03-06 22:18 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 20:12 - 2012-06-22 20:50 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-09 20:12 - 2012-06-22 20:50 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-06 20:55 - 2014-02-16 17:04 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-31 09:15 - 2010-03-04 12:52 - 00000000 ____D () C:\Users\Meier\Documents\SteuernSH
2014-03-31 09:10 - 2014-03-31 09:06 - 00000000 ____D () C:\Program Files (x86)\Steuern13
2014-03-31 09:10 - 2013-03-25 10:47 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.jfwupdate
2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.Kanton SH
2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Local\.Kanton SH
2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk
2014-03-31 08:45 - 2012-11-17 20:53 - 00227014 _____ () C:\Windows\PFRO.log
2014-03-31 03:16 - 2014-04-09 20:08 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 20:08 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-23 21:28 - 2009-11-12 11:46 - 00000000 ____D () C:\Users\Meier\Documents\Helen
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-14 19:39
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by Meier at 2014-04-16 21:12:24
Running from C:\Users\Meier\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MG5100 series Benutzerregistrierung (HKLM-x32\...\Canon MG5100 series Benutzerregistrierung) (Version: - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
DigitalPersona Personal 4.10 (HKLM\...\{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}) (Version: 4.10.3787 - DigitalPersona, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.2.10.0 - Ifolor AG)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.19.0 - MAGIX AG)
Media View (HKLM-x32\...\MediaViewV1alpha2601) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha6881) (Version: 1.1 - Media View) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.0.7820.0 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Steuern09 (HKLM-x32\...\Steuern09) (Version: 1.1.1.669 - Abraxas Informatik AG)
Steuern10 (HKLM-x32\...\Steuern10) (Version: 1.0.1.938 - Abraxas Informatik AG)
Steuern11 (HKLM-x32\...\Steuern11) (Version: 1.0.1.1375 - Abraxas Informatik AG)
Steuern12 (HKLM-x32\...\Steuern12) (Version: 1.0.2.1801 - Abraxas Informatik AG)
Steuern13 (HKLM-x32\...\{D32134B6-A503-4F19-8559-4CE5E324BEEC}) (Version: 1.0.2 - Abraxas Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Restore Points =========================
26-02-2014 11:06:17 Windows Update
02-03-2014 10:07:20 Windows Update
02-03-2014 20:07:37 Windows-Sicherung
10-03-2014 18:11:45 Windows-Sicherung
14-03-2014 13:34:07 Windows Update
21-03-2014 19:38:41 Windows-Sicherung
23-03-2014 19:20:05 Windows Update
31-03-2014 06:56:29 Windows-Sicherung
31-03-2014 07:06:23 Installed Steuern13
06-04-2014 19:13:54 Windows-Sicherung
11-04-2014 18:23:57 Windows Update
13-04-2014 19:30:28 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0458E7EA-60C9-4441-B715-793B243917DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {08BAD61E-2A14-4717-B0B2-6E0C001FBF7C} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {10BBF1B9-9DAA-4229-8E5A-72CFA409219A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {11A4BFCA-8FCA-4495-B9A2-C939D4ED7D04} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {3B77BBE5-80B7-41E3-AB70-B0C019410B17} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {3C11281A-C30D-4AAF-B1FE-4968AACF1644} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: {435E1580-094A-4130-9089-EAE75413B2DF} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {632F5108-D75B-4B81-B76F-91B5599A0EBB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7921914F-4780-49D9-BD23-2610965BE004} - System32\Tasks\AmiUpdXp => C:\Users\Meier\AppData\Local\SwvUpdater\Updater.exe [2014-02-16] () <==== ATTENTION
Task: {7A97740F-3AF2-407F-B290-3D634A3E46F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7E53DB01-519C-405B-AA60-0511DE6FC877} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AB311E96-CC75-4139-B79D-FA5BBED9A42C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {AFA6BFF9-70A4-4888-86C8-B6BBD18AA1EE} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {BA7584CC-73E5-448A-9806-3C0B203BE322} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Meier Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {E863043E-7AB8-44D6-A2B9-C758162D6E89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F4516B3A-83DB-4C8E-A406-4313DD48796B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {FC160BFA-1C90-4252-A81D-B76B45A04626} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Meier\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-09-05 09:49 - 2009-01-21 20:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-21 10:34 - 2009-07-21 10:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-06-24 11:36 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-11 01:15 - 2009-10-11 01:15 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-08-13 20:38 - 2011-11-03 17:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
2012-07-05 03:27 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2012-07-05 03:27 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2012-07-05 03:27 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2012-07-05 03:27 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 11:36 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2012-07-05 03:27 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2012-07-05 03:27 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-07-05 03:27 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-07-05 03:27 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-07-24 18:24 - 2009-07-24 18:24 - 00124288 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
2009-07-24 18:24 - 2009-07-24 18:24 - 00275848 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
2009-07-24 18:24 - 2009-07-24 18:24 - 00349480 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll
2014-02-26 23:49 - 2014-02-26 23:49 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2014 08:35:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0019cc30
ID des fehlerhaften Prozesses: 0xab8
Startzeit der fehlerhaften Anwendung: 0xmsnmsgr.exe0
Pfad der fehlerhaften Anwendung: msnmsgr.exe1
Pfad des fehlerhaften Moduls: msnmsgr.exe2
Berichtskennung: msnmsgr.exe3
Error: (04/14/2014 07:43:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (04/14/2014 07:24:18 PM) (Source: HP Support Assistant Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (04/11/2014 08:50:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00041300
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xmsnmsgr.exe0
Pfad der fehlerhaften Anwendung: msnmsgr.exe1
Pfad des fehlerhaften Moduls: msnmsgr.exe2
Berichtskennung: msnmsgr.exe3
Error: (04/11/2014 08:20:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0026c67a
ID des fehlerhaften Prozesses: 0xa04
Startzeit der fehlerhaften Anwendung: 0xmsnmsgr.exe0
Pfad der fehlerhaften Anwendung: msnmsgr.exe1
Pfad des fehlerhaften Moduls: msnmsgr.exe2
Berichtskennung: msnmsgr.exe3
Error: (04/07/2014 09:33:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0026c67a
ID des fehlerhaften Prozesses: 0x854
Startzeit der fehlerhaften Anwendung: 0xmsnmsgr.exe0
Pfad der fehlerhaften Anwendung: msnmsgr.exe1
Pfad des fehlerhaften Moduls: msnmsgr.exe2
Berichtskennung: msnmsgr.exe3
Error: (04/06/2014 08:48:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8064.206, Zeitstempel: 0x498cf586
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0019cc30
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xmsnmsgr.exe0
Pfad der fehlerhaften Anwendung: msnmsgr.exe1
Pfad des fehlerhaften Moduls: msnmsgr.exe2
Berichtskennung: msnmsgr.exe3
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1270722
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1270722
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (04/13/2014 09:30:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/13/2014 09:30:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 10:20:38 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 10:20:38 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:43:18 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:43:18 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:31:19 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:31:19 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:15:24 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2014 09:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Software Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (04/16/2014 08:35:45 PM) (Source: Application Error)(User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586c00000050019cc30ab801cf59a28a300de5C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeebba2a66-c595-11e3-971e-00269e5e4005
Error: (04/14/2014 07:43:31 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (04/14/2014 07:24:18 PM) (Source: HP Support Assistant Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (04/11/2014 08:50:42 PM) (Source: Application Error)(User: )
Description: msnmsgr.exe14.0.8064.206498cf586unknown0.0.0.000000000c000000500041300ea401cf55b6cc8b218aC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeunknown2e72de3a-c1aa-11e3-9c23-002713373563
Error: (04/11/2014 08:20:27 PM) (Source: Application Error)(User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586c00000050026c67aa0401cf55b27f230260C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exef42ba656-c1a5-11e3-8c15-002713373563
Error: (04/07/2014 09:33:41 PM) (Source: Application Error)(User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586c00000050026c67a85401cf529828bb1261C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe8581253e-be8b-11e3-8671-00269e5e4005
Error: (04/06/2014 08:48:45 PM) (Source: Application Error)(User: )
Description: msnmsgr.exe14.0.8064.206498cf586msnmsgr.exe14.0.8064.206498cf586c00000050019cc3094001cf51c87283f3d2C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe149e497e-bdbc-11e3-96ed-00269e5e4005
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1270722
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1270722
Error: (03/31/2014 11:11:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4092.2 MB
Available physical RAM: 1765.19 MB
Total Pagefile: 8182.38 MB
Available Pagefile: 5215.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.02 GB) (Free:79.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:20.69 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.57 GB) (Free:2.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 23522EF3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0FA290D9)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-16 21:34:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-60F3T1 rev.12.01A12 232.89GB
Running: Gmer-19357.exe; Driver: C:\Users\Meier\AppData\Local\Temp\ugloypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003002000 63 bytes [00, 00, 0D, 02, 41, 76, 67, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003002040 73 bytes [A0, CE, A8, 06, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ad8791 5 bytes JMP 00000001649c7e6f
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076be6143 5 bytes JMP 0000000164f34244
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076943e59 5 bytes JMP 00000001649f8f9e
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076943eae 5 bytes JMP 0000000164a097ad
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076944731 5 bytes JMP 0000000164a08ee7
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[3952] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076945dee 5 bytes JMP 0000000164a2c9e1
? C:\Windows\system32\mssprxy.dll [3952] entry point in ".rdata" section 000000005cc971e6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076321465 2 bytes [32, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763214bb 2 bytes [32, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713373563
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713373563 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
 |
|
16.04.2014, 22:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
17.04.2014, 20:36
| #3 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Ich habe das Antivirenprogramm AVG Antivirus FREE. Er hat am 10.03.2014 drei Infektionen festgestellt und angeblich entfernt. Es handelt sich dabei um jeweils den gleichen Virus:
__________________Bedrohung: "Adware: Generic5.AOJM" Objektname: "C/Users/[user]/AppData/Local/genienext/nengine.dll" Ich konnte das entsprechende Logfile jedoch nicht finden. Weiter erhalten wir verschiedene Meldungen via Internet PopUp-Fenster. Unter anderem mit solchem Pfad: hxxp://rvzr-a.akamaihd.net/sd/dw31.html?u=http%3A%2F%2Fdlvr.readserver.net%2Fbp%3Fsection%3D2455%26type%3D2&p=Media%20View&a=&c=4300-1009&b=msie&bv=11&t1=1397762742131&tt=1397762742131&r=www.google.ch&ua=5&n=apptv&sn=&mpa=0&mp=0 In der Meldung steht: Windows PC-Reparatur Windows 7-Fehler reparieren – so funktioniert's Eine weitere Meldung via Internet PopUp-Fenster ist folgende: Festplattenspeicher überprüfen Repair Windows Errors Ich weiss nicht, ob es sich hierbei auch um Viren handelt... |
|
19.04.2014, 21:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.04.2014, 21:26
| #5 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Hallo Cosinus Nachstehend meine Log-Files gemäss deinen Anleitungen: 1. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.04.2014 Suchlauf-Zeit: 21:05:28 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.20.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Meier Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271282 Verstrichene Zeit: 18 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 4 PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], Registrierungsschlüssel: 30 PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6f41c4a0-2297-47c5-84ba-7961ef39dca2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{317c3e33-c00c-445b-be96-023b585a58e0}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B82D55E4-6793-4917-AF4B-5EB03DF63B01}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B82D55E4-6793-4917-AF4B-5EB03DF63B01}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{317c3e33-c00c-445b-be96-023b585a58e0}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{90cbbd29-8905-4aae-9521-bc70958384d2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{69b3c50d-a0e3-4627-9f95-77634436f812}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A94E081-B845-45DF-8A49-8993EF5AFDC7}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A94E081-B845-45DF-8A49-8993EF5AFDC7}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{69b3c50d-a0e3-4627-9f95-77634436f812}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha2601, In Quarantäne, [9f61ca36f40c659bce91dc9b7e8408f8], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha6881, In Quarantäne, [718f69975fa1956b38279bdc23df9868], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaViewV1alpha2601, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaViewV1alpha6881, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], Registrierungswerte: 3 PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha6881.net, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff, In Quarantäne, [0af60af63dc3e21ea3bd6e09bc464cb4] PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha2601.net, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff, In Quarantäne, [8c74699752aed22e3e22db9c9c66b749] PUP.Optional.NextLive.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Meier\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [36ca4ab6f01088784cee334dd72b718f] Registrierungsdaten: 0 (No malicious items detected) Ordner: 18 PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\cache, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601, Löschen bei Neustart, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\default, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie, Löschen bei Neustart, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881, Löschen bei Neustart, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\default, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie, Löschen bei Neustart, [fc04a35d77891fe120e1f17332d049b7], Dateien: 24 PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.SoftwareUpdater, C:\Users\Meier\AppData\Local\SwvUpdater\Updater.exe, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [02fe60a08977649c43ff196e669cd828], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\uninstall.exe, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch\MediaViewV1alpha2601.crx, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome.manifest, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\install.rdf, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\ffMediaViewV1alpha2601.js, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\ffMediaViewV1alpha2601ffaction.js, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\overlay.xul, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\Thumbs.db, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\default\MediaViewV1alpha2601_32.png, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\uninstall.exe, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch\MediaViewV1alpha6881.crx, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome.manifest, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\install.rdf, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\ffMediaViewV1alpha6881.js, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\ffMediaViewV1alpha6881ffaction.js, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\overlay.xul, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\Thumbs.db, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\default\MediaViewV1alpha6881_32.png, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 21:31:33
# Aktualisiert 20/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Meier - MEIER-PC
# Gestartet von : C:\Users\Meier\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Meier\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Meier\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Meier\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Meier\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Meier\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\MediaViewV1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6456 octets] - [20/04/2014 21:30:37]
AdwCleaner[S0].txt - [5998 octets] - [20/04/2014 21:31:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6058 octets] ##########
[/CODE] 3. JRT - Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Meier on 20.04.2014 at 21:40:55.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB8ED58E-D449-4EF5-B34E-BF4F3694A25E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EB8ED58E-D449-4EF5-B34E-BF4F3694A25E}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 21:52:32.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Meier (administrator) on MEIER-PC on 20-04-2014 22:12:23 Running from C:\Users\Meier\trojaner_board Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (Hewlett-Packard) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe (CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-09-05] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [MotiveReportAgent] => C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe [143360 2005-09-06] (Motive Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-13] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-06] (Easybits) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-24] (Microsoft Corporation) HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3885408 2009-02-06] (Microsoft Corporation) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Meier\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d8efa14e10a7252646c981fe173f3df2-a69a1722efff4313d66b68fa783037b2a16ba27d /CMPID=0214c HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableChangePassword] 0 Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch SearchScopes: HKLM - {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CH/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-05] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 87.245.64.10 87.245.64.11 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009-10-11] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\affahaionodbmiganclalfoaiegfjdai [2014-03-10] CHR Extension: (Google Search) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10] CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdppgiopkkcbonjnljnkcmjnffpfbmgd [2014-03-15] CHR Extension: (No Name) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-10] CHR Extension: (Google Wallet) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Gmail) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10] CHR HKLM-x32\...\Chrome\Extension: [affahaionodbmiganclalfoaiegfjdai] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch\MediaViewV1alpha6881.crx [2013-08-10] CHR HKLM-x32\...\Chrome\Extension: [fdppgiopkkcbonjnljnkcmjnffpfbmgd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch\MediaViewV1alpha2601.crx [2013-08-10] ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 21:52 - 2014-04-20 21:52 - 00001039 _____ () C:\Users\Meier\Desktop\JRT.txt 2014-04-20 21:40 - 2014-04-20 21:40 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 21:30 - 2014-04-20 21:31 - 00000000 ____D () C:\AdwCleaner 2014-04-20 21:29 - 2014-04-20 21:29 - 01308369 _____ () C:\Users\Meier\Desktop\adwcleaner.exe 2014-04-20 21:15 - 2014-04-20 21:15 - 00014129 _____ () C:\Users\Meier\Desktop\mbam.txt 2014-04-20 20:45 - 2014-04-20 21:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 20:44 - 2014-04-20 20:44 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 20:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 20:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-20 20:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-20 20:41 - 2014-04-20 20:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Meier\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 19:46 - 2014-04-20 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-17 21:06 - 2014-04-17 21:06 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\TeamViewer 2014-04-16 21:11 - 2014-04-20 22:12 - 00000000 ____D () C:\FRST 2014-04-16 21:04 - 2014-04-20 22:12 - 00000000 ____D () C:\Users\Meier\trojaner_board 2014-04-09 20:08 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 20:08 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 20:08 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 20:08 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 20:08 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 20:08 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 20:08 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 20:08 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 20:08 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 20:08 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 20:08 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 20:08 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 20:08 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 20:08 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 20:08 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 20:08 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-03-31 09:06 - 2014-03-31 09:10 - 00000000 ____D () C:\Program Files (x86)\Steuern13 2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk ==================== One Month Modified Files and Folders ======= 2014-04-20 22:12 - 2014-04-16 21:11 - 00000000 ____D () C:\FRST 2014-04-20 22:12 - 2014-04-16 21:04 - 00000000 ____D () C:\Users\Meier\trojaner_board 2014-04-20 21:52 - 2014-04-20 21:52 - 00001039 _____ () C:\Users\Meier\Desktop\JRT.txt 2014-04-20 21:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:47 - 2014-04-20 20:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 21:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-04-20 21:40 - 2014-04-20 21:40 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 21:39 - 2009-10-11 01:16 - 01220698 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 21:35 - 2010-02-11 12:10 - 00000000 ____D () C:\Users\Meier\Tracing 2014-04-20 21:34 - 2014-02-05 21:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-04-20 21:34 - 2013-06-06 19:43 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-04-20 21:34 - 2012-08-20 13:06 - 00041920 _____ () C:\Windows\setupact.log 2014-04-20 21:34 - 2012-06-22 20:50 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-20 21:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 21:31 - 2014-04-20 21:30 - 00000000 ____D () C:\AdwCleaner 2014-04-20 21:29 - 2014-04-20 21:29 - 01308369 _____ () C:\Users\Meier\Desktop\adwcleaner.exe 2014-04-20 21:24 - 2013-04-03 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 21:17 - 2012-06-22 20:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-20 21:15 - 2014-04-20 21:15 - 00014129 _____ () C:\Users\Meier\Desktop\mbam.txt 2014-04-20 21:14 - 2009-09-05 18:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-20 21:14 - 2009-09-05 18:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-20 21:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 21:07 - 2014-03-10 20:02 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 2014-04-20 21:07 - 2012-11-17 20:53 - 00239188 _____ () C:\Windows\PFRO.log 2014-04-20 20:44 - 2014-04-20 20:44 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 20:41 - 2014-04-20 20:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Meier\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 19:48 - 2012-06-12 15:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-20 19:46 - 2014-04-20 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-17 21:37 - 2009-10-31 16:36 - 00000000 ____D () C:\Users\Meier 2014-04-17 21:06 - 2014-04-17 21:06 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\TeamViewer 2014-04-14 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-11 21:26 - 2013-08-09 11:17 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-11 20:31 - 2009-10-31 16:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 20:30 - 2013-08-15 11:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 20:26 - 2010-03-06 22:18 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 20:12 - 2012-06-22 20:50 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-09 20:12 - 2012-06-22 20:50 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-06 20:55 - 2014-02-16 17:04 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-03 09:51 - 2014-04-20 20:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 20:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-20 20:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:15 - 2010-03-04 12:52 - 00000000 ____D () C:\Users\Meier\Documents\SteuernSH 2014-03-31 09:10 - 2014-03-31 09:06 - 00000000 ____D () C:\Program Files (x86)\Steuern13 2014-03-31 09:10 - 2013-03-25 10:47 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.jfwupdate 2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.Kanton SH 2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Local\.Kanton SH 2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk 2014-03-31 03:16 - 2014-04-09 20:08 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-09 20:08 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-23 21:28 - 2009-11-12 11:46 - 00000000 ____D () C:\Users\Meier\Documents\Belen Some content of TEMP: ==================== C:\Users\Meier\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-14 19:39 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Meier at 2014-04-20 22:11:05
Running from C:\Users\Meier\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MG5100 series Benutzerregistrierung (HKLM-x32\...\Canon MG5100 series Benutzerregistrierung) (Version: - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
DigitalPersona Personal 4.10 (HKLM\...\{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}) (Version: 4.10.3787 - DigitalPersona, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.2.10.0 - Ifolor AG)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.19.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.0.7820.0 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Steuern09 (HKLM-x32\...\Steuern09) (Version: 1.1.1.669 - Abraxas Informatik AG)
Steuern10 (HKLM-x32\...\Steuern10) (Version: 1.0.1.938 - Abraxas Informatik AG)
Steuern11 (HKLM-x32\...\Steuern11) (Version: 1.0.1.1375 - Abraxas Informatik AG)
Steuern12 (HKLM-x32\...\Steuern12) (Version: 1.0.2.1801 - Abraxas Informatik AG)
Steuern13 (HKLM-x32\...\{D32134B6-A503-4F19-8559-4CE5E324BEEC}) (Version: 1.0.2 - Abraxas Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Restore Points =========================
10-03-2014 18:11:45 Windows-Sicherung
14-03-2014 13:34:07 Windows Update
21-03-2014 19:38:41 Windows-Sicherung
23-03-2014 19:20:05 Windows Update
31-03-2014 06:56:29 Windows-Sicherung
31-03-2014 07:06:23 Installed Steuern13
06-04-2014 19:13:54 Windows-Sicherung
11-04-2014 18:23:57 Windows Update
13-04-2014 19:30:28 Windows-Sicherung
20-04-2014 17:53:20 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0458E7EA-60C9-4441-B715-793B243917DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {08BAD61E-2A14-4717-B0B2-6E0C001FBF7C} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {10BBF1B9-9DAA-4229-8E5A-72CFA409219A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {11A4BFCA-8FCA-4495-B9A2-C939D4ED7D04} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {3B77BBE5-80B7-41E3-AB70-B0C019410B17} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {3C11281A-C30D-4AAF-B1FE-4968AACF1644} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: {435E1580-094A-4130-9089-EAE75413B2DF} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {632F5108-D75B-4B81-B76F-91B5599A0EBB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A97740F-3AF2-407F-B290-3D634A3E46F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7E53DB01-519C-405B-AA60-0511DE6FC877} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AB311E96-CC75-4139-B79D-FA5BBED9A42C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {AFA6BFF9-70A4-4888-86C8-B6BBD18AA1EE} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {BA7584CC-73E5-448A-9806-3C0B203BE322} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Meier Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {E863043E-7AB8-44D6-A2B9-C758162D6E89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F4516B3A-83DB-4C8E-A406-4313DD48796B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {FC160BFA-1C90-4252-A81D-B76B45A04626} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-21 10:34 - 2009-07-21 10:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-06-24 11:36 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2009-09-05 09:49 - 2009-01-21 20:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-11 01:15 - 2009-10-11 01:15 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-13 20:38 - 2011-11-03 17:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-07-05 03:27 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2012-07-05 03:27 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2012-07-05 03:27 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2012-07-05 03:27 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 11:36 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2012-07-05 03:27 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2012-07-05 03:27 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-07-05 03:27 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-07-05 03:27 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 4092.2 MB
Available physical RAM: 2292.08 MB
Total Pagefile: 8182.38 MB
Available Pagefile: 5840.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.02 GB) (Free:81.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:15.24 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.57 GB) (Free:2.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 23522EF3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0FA290D9)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
20.04.2014, 21:27
| #6 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Hallo Cosinus Nachstehend meine Log-Files gemäss deinen Anleitungen: 1. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.04.2014 Suchlauf-Zeit: 21:05:28 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.20.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Meier Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271282 Verstrichene Zeit: 18 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 4 PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], Registrierungsschlüssel: 30 PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6f41c4a0-2297-47c5-84ba-7961ef39dca2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{317c3e33-c00c-445b-be96-023b585a58e0}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B82D55E4-6793-4917-AF4B-5EB03DF63B01}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B82D55E4-6793-4917-AF4B-5EB03DF63B01}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{317c3e33-c00c-445b-be96-023b585a58e0}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F41C4A0-2297-47C5-84BA-7961EF39DCA2}, In Quarantäne, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{90cbbd29-8905-4aae-9521-bc70958384d2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{69b3c50d-a0e3-4627-9f95-77634436f812}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A94E081-B845-45DF-8A49-8993EF5AFDC7}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A94E081-B845-45DF-8A49-8993EF5AFDC7}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{69b3c50d-a0e3-4627-9f95-77634436f812}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.MediaView.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{90CBBD29-8905-4AAE-9521-BC70958384D2}, In Quarantäne, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha2601, In Quarantäne, [9f61ca36f40c659bce91dc9b7e8408f8], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha6881, In Quarantäne, [718f69975fa1956b38279bdc23df9868], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaViewV1alpha2601, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaViewV1alpha6881, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], Registrierungswerte: 3 PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha6881.net, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff, In Quarantäne, [0af60af63dc3e21ea3bd6e09bc464cb4] PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha2601.net, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff, In Quarantäne, [8c74699752aed22e3e22db9c9c66b749] PUP.Optional.NextLive.A, HKU\S-1-5-21-1072354909-1271674683-2832249625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Meier\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [36ca4ab6f01088784cee334dd72b718f] Registrierungsdaten: 0 (No malicious items detected) Ordner: 18 PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\cache, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601, Löschen bei Neustart, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\default, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie, Löschen bei Neustart, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881, Löschen bei Neustart, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\default, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie, Löschen bei Neustart, [fc04a35d77891fe120e1f17332d049b7], Dateien: 24 PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ie\MediaViewV1alpha6881.dll, Löschen bei Neustart, [36cac13f9967d828effe114124e01fe1], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ie\MediaViewV1alpha2601.dll, Löschen bei Neustart, [c13fc53bde2210f03ab3a2b0b54faa56], PUP.Optional.SoftwareUpdater, C:\Users\Meier\AppData\Local\SwvUpdater\Updater.exe, In Quarantäne, [ff01c838768ad42c15186cb37d854bb5], PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [02fe60a08977649c43ff196e669cd828], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.NextLive.A, C:\Users\Meier\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [5ba5936d13edce3242c666fb758d7888], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\uninstall.exe, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch\MediaViewV1alpha2601.crx, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome.manifest, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\install.rdf, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\ffMediaViewV1alpha2601.js, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\ffMediaViewV1alpha2601ffaction.js, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\overlay.xul, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\Thumbs.db, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ff\chrome\content\icons\default\MediaViewV1alpha2601_32.png, In Quarantäne, [e7194fb1fb050ff16c95521242c0f808], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\uninstall.exe, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch\MediaViewV1alpha6881.crx, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome.manifest, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\install.rdf, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\ffMediaViewV1alpha6881.js, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\ffMediaViewV1alpha6881ffaction.js, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\overlay.xul, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\Thumbs.db, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ff\chrome\content\icons\default\MediaViewV1alpha6881_32.png, In Quarantäne, [fc04a35d77891fe120e1f17332d049b7], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 21:31:33
# Aktualisiert 20/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Meier - MEIER-PC
# Gestartet von : C:\Users\Meier\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Meier\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Meier\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Meier\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Meier\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Meier\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\MediaViewV1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6456 octets] - [20/04/2014 21:30:37]
AdwCleaner[S0].txt - [5998 octets] - [20/04/2014 21:31:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6058 octets] ##########
[/CODE] 3. JRT - Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Meier on 20.04.2014 at 21:40:55.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB8ED58E-D449-4EF5-B34E-BF4F3694A25E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EB8ED58E-D449-4EF5-B34E-BF4F3694A25E}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 21:52:32.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Meier (administrator) on MEIER-PC on 20-04-2014 22:12:23 Running from C:\Users\Meier\trojaner_board Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (Hewlett-Packard) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe (CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-09-05] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [MotiveReportAgent] => C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe [143360 2005-09-06] (Motive Communications, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-13] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-06] (Easybits) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-24] (Microsoft Corporation) HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3885408 2009-02-06] (Microsoft Corporation) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Meier\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d8efa14e10a7252646c981fe173f3df2-a69a1722efff4313d66b68fa783037b2a16ba27d /CMPID=0214c HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1072354909-1271674683-2832249625-1000\...\Policies\system: [DisableChangePassword] 0 Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch SearchScopes: HKLM - {EB8ED58E-D449-4EF5-B34E-BF4F3694A25E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CH/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-05] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 87.245.64.10 87.245.64.11 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [] FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009-10-11] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\affahaionodbmiganclalfoaiegfjdai [2014-03-10] CHR Extension: (Google Search) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10] CHR Extension: (Media View) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdppgiopkkcbonjnljnkcmjnffpfbmgd [2014-03-15] CHR Extension: (No Name) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-10] CHR Extension: (Google Wallet) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Gmail) - C:\Users\Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10] CHR HKLM-x32\...\Chrome\Extension: [affahaionodbmiganclalfoaiegfjdai] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6881\ch\MediaViewV1alpha6881.crx [2013-08-10] CHR HKLM-x32\...\Chrome\Extension: [fdppgiopkkcbonjnljnkcmjnffpfbmgd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2601\ch\MediaViewV1alpha2601.crx [2013-08-10] ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 21:52 - 2014-04-20 21:52 - 00001039 _____ () C:\Users\Meier\Desktop\JRT.txt 2014-04-20 21:40 - 2014-04-20 21:40 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 21:30 - 2014-04-20 21:31 - 00000000 ____D () C:\AdwCleaner 2014-04-20 21:29 - 2014-04-20 21:29 - 01308369 _____ () C:\Users\Meier\Desktop\adwcleaner.exe 2014-04-20 21:15 - 2014-04-20 21:15 - 00014129 _____ () C:\Users\Meier\Desktop\mbam.txt 2014-04-20 20:45 - 2014-04-20 21:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 20:44 - 2014-04-20 20:44 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 20:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 20:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-20 20:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-20 20:41 - 2014-04-20 20:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Meier\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 19:46 - 2014-04-20 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-17 21:06 - 2014-04-17 21:06 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\TeamViewer 2014-04-16 21:11 - 2014-04-20 22:12 - 00000000 ____D () C:\FRST 2014-04-16 21:04 - 2014-04-20 22:12 - 00000000 ____D () C:\Users\Meier\trojaner_board 2014-04-09 20:08 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 20:08 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 20:08 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 20:08 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 20:08 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 20:08 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 20:08 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 20:08 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 20:08 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 20:08 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 20:08 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 20:08 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 20:08 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 20:08 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 20:08 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 20:08 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 20:08 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-03-31 09:06 - 2014-03-31 09:10 - 00000000 ____D () C:\Program Files (x86)\Steuern13 2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk ==================== One Month Modified Files and Folders ======= 2014-04-20 22:12 - 2014-04-16 21:11 - 00000000 ____D () C:\FRST 2014-04-20 22:12 - 2014-04-16 21:04 - 00000000 ____D () C:\Users\Meier\trojaner_board 2014-04-20 21:52 - 2014-04-20 21:52 - 00001039 _____ () C:\Users\Meier\Desktop\JRT.txt 2014-04-20 21:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:47 - 2014-04-20 20:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 21:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-04-20 21:40 - 2014-04-20 21:40 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 21:39 - 2009-10-11 01:16 - 01220698 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 21:35 - 2010-02-11 12:10 - 00000000 ____D () C:\Users\Meier\Tracing 2014-04-20 21:34 - 2014-02-05 21:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-04-20 21:34 - 2013-06-06 19:43 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-04-20 21:34 - 2012-08-20 13:06 - 00041920 _____ () C:\Windows\setupact.log 2014-04-20 21:34 - 2012-06-22 20:50 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-20 21:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 21:31 - 2014-04-20 21:30 - 00000000 ____D () C:\AdwCleaner 2014-04-20 21:29 - 2014-04-20 21:29 - 01308369 _____ () C:\Users\Meier\Desktop\adwcleaner.exe 2014-04-20 21:24 - 2013-04-03 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 21:17 - 2012-06-22 20:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-20 21:15 - 2014-04-20 21:15 - 00014129 _____ () C:\Users\Meier\Desktop\mbam.txt 2014-04-20 21:14 - 2009-09-05 18:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-20 21:14 - 2009-09-05 18:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-20 21:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 21:07 - 2014-03-10 20:02 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 2014-04-20 21:07 - 2012-11-17 20:53 - 00239188 _____ () C:\Windows\PFRO.log 2014-04-20 20:44 - 2014-04-20 20:44 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 20:41 - 2014-04-20 20:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Meier\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 19:48 - 2012-06-12 15:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-20 19:46 - 2014-04-20 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-17 21:37 - 2009-10-31 16:36 - 00000000 ____D () C:\Users\Meier 2014-04-17 21:06 - 2014-04-17 21:06 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\TeamViewer 2014-04-14 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-11 21:26 - 2013-08-09 11:17 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-11 20:31 - 2009-10-31 16:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 20:30 - 2013-08-15 11:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 20:26 - 2010-03-06 22:18 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 20:12 - 2012-06-22 20:50 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-09 20:12 - 2012-06-22 20:50 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-06 20:55 - 2014-02-16 17:04 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-03 09:51 - 2014-04-20 20:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 20:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-20 20:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:15 - 2010-03-04 12:52 - 00000000 ____D () C:\Users\Meier\Documents\SteuernSH 2014-03-31 09:10 - 2014-03-31 09:06 - 00000000 ____D () C:\Program Files (x86)\Steuern13 2014-03-31 09:10 - 2013-03-25 10:47 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.jfwupdate 2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Roaming\.Kanton SH 2014-03-31 09:07 - 2010-03-04 12:15 - 00000000 ____D () C:\Users\Meier\AppData\Local\.Kanton SH 2014-03-31 09:06 - 2014-03-31 09:06 - 00000981 _____ () C:\Users\Public\Desktop\Steuern13.lnk 2014-03-31 03:16 - 2014-04-09 20:08 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-09 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-09 20:08 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-23 21:28 - 2009-11-12 11:46 - 00000000 ____D () C:\Users\Meier\Documents\Belen Some content of TEMP: ==================== C:\Users\Meier\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-14 19:39 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Meier at 2014-04-20 22:11:05
Running from C:\Users\Meier\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MG5100 series Benutzerregistrierung (HKLM-x32\...\Canon MG5100 series Benutzerregistrierung) (Version: - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
DigitalPersona Personal 4.10 (HKLM\...\{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}) (Version: 4.10.3787 - DigitalPersona, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.2.10.0 - Ifolor AG)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.19.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.0.7820.0 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Steuern09 (HKLM-x32\...\Steuern09) (Version: 1.1.1.669 - Abraxas Informatik AG)
Steuern10 (HKLM-x32\...\Steuern10) (Version: 1.0.1.938 - Abraxas Informatik AG)
Steuern11 (HKLM-x32\...\Steuern11) (Version: 1.0.1.1375 - Abraxas Informatik AG)
Steuern12 (HKLM-x32\...\Steuern12) (Version: 1.0.2.1801 - Abraxas Informatik AG)
Steuern13 (HKLM-x32\...\{D32134B6-A503-4F19-8559-4CE5E324BEEC}) (Version: 1.0.2 - Abraxas Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Restore Points =========================
10-03-2014 18:11:45 Windows-Sicherung
14-03-2014 13:34:07 Windows Update
21-03-2014 19:38:41 Windows-Sicherung
23-03-2014 19:20:05 Windows Update
31-03-2014 06:56:29 Windows-Sicherung
31-03-2014 07:06:23 Installed Steuern13
06-04-2014 19:13:54 Windows-Sicherung
11-04-2014 18:23:57 Windows Update
13-04-2014 19:30:28 Windows-Sicherung
20-04-2014 17:53:20 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0458E7EA-60C9-4441-B715-793B243917DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {08BAD61E-2A14-4717-B0B2-6E0C001FBF7C} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {10BBF1B9-9DAA-4229-8E5A-72CFA409219A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {11A4BFCA-8FCA-4495-B9A2-C939D4ED7D04} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {3B77BBE5-80B7-41E3-AB70-B0C019410B17} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {3C11281A-C30D-4AAF-B1FE-4968AACF1644} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: {435E1580-094A-4130-9089-EAE75413B2DF} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {632F5108-D75B-4B81-B76F-91B5599A0EBB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A97740F-3AF2-407F-B290-3D634A3E46F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7E53DB01-519C-405B-AA60-0511DE6FC877} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AB311E96-CC75-4139-B79D-FA5BBED9A42C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {AFA6BFF9-70A4-4888-86C8-B6BBD18AA1EE} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {BA7584CC-73E5-448A-9806-3C0B203BE322} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Meier Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {E863043E-7AB8-44D6-A2B9-C758162D6E89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F4516B3A-83DB-4C8E-A406-4313DD48796B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {FC160BFA-1C90-4252-A81D-B76B45A04626} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{515C197B-9ED8-480C-B0EB-C9218664BCE2}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-21 10:34 - 2009-07-21 10:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-06-24 11:36 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2009-09-05 09:49 - 2009-01-21 20:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-11 01:15 - 2009-10-11 01:15 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-13 20:38 - 2011-11-03 17:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-13 20:38 - 2011-11-03 17:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-15 17:51 - 2009-07-15 17:51 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-15 17:50 - 2009-07-15 17:50 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-07-05 03:27 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2012-07-05 03:27 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2012-07-05 03:27 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2012-07-05 03:27 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 11:36 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2012-07-05 03:27 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2012-07-05 03:27 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-07-05 03:27 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-07-05 03:27 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 11:36 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 4092.2 MB
Available physical RAM: 2292.08 MB
Total Pagefile: 8182.38 MB
Available Pagefile: 5840.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.02 GB) (Free:81.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:15.24 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.57 GB) (Free:2.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 23522EF3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0FA290D9)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 |
|
21.04.2014, 20:41
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2014, 19:34
| #8 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden"Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Meier at 2014-04-22 20:27:33 Run:1
Running from C:\Users\Meier\trojaner_board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
|
|
22.04.2014, 21:16
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2014, 06:30
| #10 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Hallo Cosinus Hier die zwei Logfiles: 1. mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.04.2014 Suchlauf-Zeit: 20:34:39 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.23.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Meier Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271529 Verstrichene Zeit: 11 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=de85fa843354bd42bab896e1e47e4d44
# engine=17997
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-24 05:16:09
# local_time=2014-04-24 07:16:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5050524 149946419 0 0
# scanned=291981
# found=0
# cleaned=0
# scan_time=38031
falken |
|
24.04.2014, 08:31
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2014, 16:29
| #12 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Hallo Cosinus Vielen Dank für deine Hilfe und deine Tipps. Du hast uns super geholfen!!! :-) Ich denke, unser System sollte wieder in Ordnung sein. Liebe Grüsse und nochmals vielen Dank falken |
|
27.04.2014, 21:58
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2014, 21:27
| #14 |
| | Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" Okey! Vielen Dank nochmals für die Tipps. Bin echt froh, dass du mir geholfen hast! :-))) Viele Grüsse falken |
|
| Themen zu Windows 7: Meldung "...newnext.me\nengine.dll - Das angegebene Modul konnte nicht gefunden werden" |
| antivirus, avg antivirus, bonjour, branding, canon, desktop, device driver, flash player, homepage, installation, launch, mobogenie, mobogenie entfernen, mozilla, nextlive, pup.optional.mediaview.a, pup.optional.nextlive.a, pup.optional.softwareupdater, pup.software.updater, registry, secure search, software, system, trojaner, trojaner board, warnung, werden", windows |
Linear-Darstellung
