Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 7 64 Zahnrad taucht öfter in Taskleiste auf

Windows 7 64 Zahnrad taucht öfter in Taskleiste auf


Plagegeister aller Art und deren Bekämpfung: Windows 7 64 Zahnrad taucht öfter in Taskleiste auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.12.2014, 14:26   #1
DanteHasta
 
Windows 7 64 Zahnrad taucht öfter in Taskleiste auf - Standard

Windows 7 64 Zahnrad taucht öfter in Taskleiste auf


Hallo Trojaner Board Support,

seid heute bemerke ich, dass ein Zahnrad immer wieder in meiner Taskleiste
auftaucht, was dort nicht hingehört.
Es taucht kurz auf und verschwindet, bevor ich es überhaupt mal anwählen kann.
Ich kann leider überhaupt nicht sagen, welche Software/Schadsoftware dahinter
steckt. Hier sind schon mal ein paar aktuelle Logfiles dazu.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.12.2014
Suchlauf-Zeit: 09:59:31
Logdatei: Hilfe.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.22.03
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mathiaswolfgang

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362319
Verstrichene Zeit: 23 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.Optional.DownloadAdmin, C:\Users\mathiaswolfgang\Downloads\chatbot-setup.exe, In Quarantäne, [d449e77cbac2bd79216e2e2a09f7b44c], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
ATTFilter
360 Internet Security Scan log

Virus Database version: 2014-12-22 08:43
Date & time: 2014-12-22 13:58:08
Time elapsed: 00:04:08
Type: Quick Scan
Files scanned: 12408
Threats: 0
Threats cleared: 0

Current scan settings
----------------------
Scanned all files: No
Scanned Zip files: No
Resolution: User to decide on resolution
Scanned disk Boot Sector: Yes
Scanned for Rootkit: No
Used Cloud Engine: Yes
QVM Engine: Yes
Automatically repair: Yes
AV Engine settings: BitDefender 

Scan content
----------------------
C:\Windows
C:\Windows\system
C:\Windows\system32
C:\Windows\fonts
C:\Windows\system32\drivers
C:\Windows\system32\dllcache
C:\Windows\temp
C:\Windows\tasks
C:\Windows\inf
C:\Program Files\Common Files
C:\Program Files\Common Files\System
C:\Program Files\Common Files\Microsoft Shared\DAO


Whitelist
----------------------
C:\SPIELE\Sword\MCIPlay.exe


Scan results
======================
No threats detected

Suspicious file upload results
----------------------
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
	Upload failed
Code:
ATTFilter
OTL logfile created on: 22.12.2014 13:51:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mathiaswolfgang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 30,89% Memory free
4,00 Gb Paging File | 1,89 Gb Available in Paging File | 47,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 118,51 Gb Free Space | 79,51% Space Free | Partition Type: NTFS
Drive D: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 223,56 Gb Total Space | 223,47 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: DANTE_HASTA_PC | User Name: mathiaswolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mathiaswolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe ()
PRC - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Programme\360\360 Internet Security\safemon\360Tray.exe (Qihu 360 Software Co., Ltd.)
PRC - C:\Programme\360\360 Internet Security\deepscan\QHActiveDefense.exe (Qihu 360 Software Co., Ltd.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\QtGui4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\QtCore4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NDISAPI.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\PluginContainer.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
MOD - C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\core.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\QtXml4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\USSDUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Proxy.DLL ()
MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\sdk.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL ()
MOD - C:\Program Files (x86)\Mobile Partner\AtCodec.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Common.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\XCodec.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Trace.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\OSDialup.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\OSNDIS.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Win7Support.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\OSAdapt.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\OSCall.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\mingwm10.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (backupsvc5) -- C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe (Digital Dynamic)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (ZhuDongFangYu) -- C:\Programme\360\360 Internet Security\deepscan\QHActiveDefense.exe (Qihu 360 Software Co., Ltd.)
SRV - (360rp) -- C:\Programme\360\360 Internet Security\360rps.exe (Qihu 360 Software Co., Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\360\360 Internet Security\scan.dll (S.C. BitDefender S.R.L)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (360fsflt) -- C:\Windows\SysNative\drivers\360FsFlt.sys (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (360Box64) -- C:\Windows\SysNative\drivers\360Box64.sys (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (360Camera) -- C:\Windows\SysNative\drivers\360Camera64.sys (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (360AvFlt) -- C:\Windows\SysNative\drivers\360AvFlt.sys (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (360AntiHacker) -- C:\Windows\SysNative\drivers\360AntiHacker64.sys (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (BAPIDRV) -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS (Qihu 360 Software Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 45 51 D6 D6 66 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = F:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.10.3_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb\1.0.24_0\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Programme\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [360sd] C:\Program Files\360\360 Internet Security\360sdrun.exe (Qihu 360 Software Co., Ltd.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: NameServer = 193.189.244.206 193.189.244.225
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d6118ff-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{4d6118ff-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d611902-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{4d611902-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d611962-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{4d611962-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d611965-6d56-11e4-89d7-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{4d611965-6d56-11e4-89d7-001966aa7536}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{5d3367e2-d2c9-11e3-8b1b-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{5d3367e2-d2c9-11e3-8b1b-001966aa7536}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6aa04554-e2f5-11e3-bf51-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa04554-e2f5-11e3-bf51-001e101fb681}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6b4f9a42-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{6b4f9a42-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6b4f9a82-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{6b4f9a82-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6b4f9a88-3c02-11e4-b851-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{6b4f9a88-3c02-11e4-b851-001966aa7536}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b2aed7e2-072a-11e4-9f5e-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2aed7e2-072a-11e4-9f5e-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ef4ae850-f0b7-11e3-8d17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef4ae850-f0b7-11e3-8d17-806e6f6e6963}\Shell\AutoRun\command - "" = D:\run.exe
O33 - MountPoints2\{f119d995-83b4-11e4-b98e-001966aa7536}\Shell - "" = AutoRun
O33 - MountPoints2\{f119d995-83b4-11e4-b98e-001966aa7536}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{f8bb63f8-d2c5-11e3-b105-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8bb63f8-d2c5-11e3-b105-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\cbs.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.12.22 13:52:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014.12.22 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\voxelands-1412.00-win32
[2014.12.21 20:59:06 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Alice
[2014.12.21 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Meine Pascal Programme
[2014.12.21 11:26:42 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\lhelp
[2014.12.21 08:18:22 | 000,000,000 | ---D | C] -- C:\OnlineUpdate
[2014.12.21 08:18:22 | 000,000,000 | ---D | C] -- C:\log
[2014.12.21 07:12:30 | 000,000,000 | ---D | C] -- C:\lazarus
[2014.12.21 07:10:24 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\lazarus
[2014.12.21 07:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
[2014.12.20 15:04:36 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\voxelands-1411.03-win32
[2014.12.20 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\Roblox
[2014.12.18 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Savegame
[2014.12.15 21:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.12.14 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Neinmal Klug
[2014.12.12 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Processing
[2014.12.12 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\Processing
[2014.12.12 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\processing-2.2.1
[2014.12.12 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Noocraft Server EN
[2014.12.12 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Noocraft EN
[2014.12.12 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\Zauberkraft
[2014.12.10 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2014.12.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Temp
[2014.12.10 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
[2014.12.10 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014.12.10 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\DbgLogs
[2014.12.07 01:29:43 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\gnomescroll21
[2014.12.06 19:44:29 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\minetest-0.4.10-win64
[2014.12.06 19:32:16 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Eternal Lands
[2014.12.06 14:02:50 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Documents\Blockland
[2014.12.05 19:22:55 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\My
[2014.12.05 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
[2014.12.05 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\TerasologyLauncher
[2014.12.04 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\ManicDigger2014-08-05Binary
[2014.12.04 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Local\CastleMinerZ
[2014.12.01 11:15:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mathiaswolfgang\Desktop\OTL.exe
[2014.12.01 11:11:03 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.12.01 11:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.12.01 11:10:33 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.12.01 11:10:22 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.12.01 11:10:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.12.01 11:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.12.01 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.27 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\AppData\Roaming\java
[2014.11.27 00:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014.11.23 19:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2014.11.23 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\mathiaswolfgang\Desktop\LiquidCubed-1.0.4c
[2014.11.22 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.11.22 22:00:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.12.22 13:41:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.12.22 11:41:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.12.22 10:32:55 | 000,033,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.22 10:32:55 | 000,033,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.22 10:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.22 10:24:58 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.22 09:59:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.12.20 14:42:02 | 239,921,322 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.12.18 13:45:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.12.14 18:53:48 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.12.14 18:53:48 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.12.14 18:53:48 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.12.14 18:53:48 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.12.14 18:53:48 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.12.07 09:46:27 | 000,308,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.12.01 11:16:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mathiaswolfgang\Desktop\OTL.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.12.22 13:55:34 | 003,826,628 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014.12.20 14:42:02 | 239,921,322 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.12.01 11:10:38 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.09.24 07:23:15 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL
[2014.09.24 07:23:15 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL
[2014.09.04 13:26:05 | 000,000,219 | ---- | C] () -- C:\Windows\spearhead.ini
[2014.09.03 17:42:03 | 000,026,624 | ---- | C] () -- C:\Windows\SwordUn.EXE
[2014.09.03 16:22:59 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2014.09.03 15:19:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2014.09.03 15:16:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\PATCHW32.DLL
[2014.09.03 15:16:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\PATCHW.DLL
[2014.08.30 15:43:07 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\fgkey.exe
[2014.06.04 20:11:39 | 000,007,609 | ---- | C] () -- C:\Users\mathiaswolfgang\AppData\Local\Resmon.ResmonCfg
[2014.05.04 10:06:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.12.19 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\.minecraft
[2014.05.30 00:05:00 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\.mono
[2014.12.22 00:11:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\360safe
[2014.05.05 00:38:24 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\360SD
[2014.07.22 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\3909 LLC
[2014.10.04 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Das Fussball Studio
[2014.12.10 19:57:08 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\DJJava
[2014.07.13 08:50:24 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Foxit Software
[2014.11.27 01:00:02 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\java
[2014.11.11 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\mana
[2014.05.12 23:18:23 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Online Games Downloader
[2014.05.28 08:50:05 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\OpenOffice
[2014.05.20 17:30:03 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software
[2014.12.12 20:42:18 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Processing
[2014.12.05 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\TerasologyLauncher
[2014.05.30 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Unity
[2014.09.15 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\Vodafone
[2014.12.22 13:44:43 | 000,000,000 | ---D | M] -- C:\Users\mathiaswolfgang\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
Ich hoffe, Ihr könnt mir helfen.

Mit freundlichen Grüßen,
Dante Hasta

Update: mehrere Versuche einen Screenshot anzufertigen scheiterten.
Dafür poppt das Zahnrad einfach zu kurz auf. So kann ich auch nicht feststellen,
welches Programm dahinter steckt.

 

Themen zu Windows 7 64 Zahnrad taucht öfter in Taskleiste auf
adobe, autorun, bho, browser, defender, explorer, firefox, format, internet, logfiles, malwarebytes, microsoft, nvidia, opera, pdf, programme, registry, scan, schutz, security, taskleiste, trojaner, trojaner board, windows, winlogon


« Kingsoft und andere chinesische Software | Laptop gehackt? »


Ähnliche Themen: Windows 7 64 Zahnrad taucht öfter in Taskleiste auf


  1. Windows 7: weißer Bildschirm taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (25)
  2. Windows 8.1: Infektion dbXX.exe taucht immer wieder auf (aktuell: db101.exe)
    Log-Analyse und Auswertung - 25.02.2015 (7)
  3. Pc hängt öfter
    Plagegeister aller Art und deren Bekämpfung - 06.11.2014 (135)
  4. Windows 7: In Browsern taucht ständig Werbung auf
    Log-Analyse und Auswertung - 28.10.2014 (15)
  5. Windows 7 - "srptm funktioniert nicht mehr"-Fenster taucht ständig auf
    Log-Analyse und Auswertung - 27.10.2014 (7)
  6. Windows 7 - "srptm funktioniert nicht mehr"-Fenster taucht ständig auf
    Alles rund um Windows - 07.10.2014 (4)
  7. PC 'friert' nach Start öfter ein und Windows Update lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (13)
  8. Windows 7 Pro: Unerwünschte Programme in der Taskleiste
    Log-Analyse und Auswertung - 08.08.2014 (5)
  9. Windows explorer funktioniert erst nicht, dann taucht überall Werbung auf.
    Log-Analyse und Auswertung - 19.05.2014 (3)
  10. windows 7: Sehiba Seite taucht plötzlich auf
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (19)
  11. Zahnrad(?)symbol in der Taskleiste
    Alles rund um Windows - 20.11.2013 (1)
  12. Zahnrad(?)symbol in der Taskleiste
    Alles rund um Windows - 12.11.2013 (0)
  13. Windows 7: OfferMosquito taucht immer wieder auf.
    Log-Analyse und Auswertung - 02.11.2013 (9)
  14. "Win32/Small.ca Virus sollte entfernt werden" taucht in der taskleiste auf, Bluescreen bei GMER
    Log-Analyse und Auswertung - 01.08.2013 (11)
  15. Windows 7: Öfter Systemabsturz, Quelle: EventLog ID: 6008
    Alles rund um Windows - 13.12.2012 (30)
  16. Windows 7 - Taskleiste friert ein
    Alles rund um Windows - 26.09.2011 (9)
  17. Rechner öfter mit 100% CPU-Last
    Log-Analyse und Auswertung - 05.03.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 64 Zahnrad taucht öfter in Taskleiste auf - Hallo Trojaner Board Support, seid heute bemerke ich, dass ein Zahnrad immer wieder in meiner Taskleiste auftaucht, was dort nicht hingehört. Es taucht kurz auf und verschwindet, bevor ich es - Windows 7 64 Zahnrad taucht öfter in Taskleiste auf...
Archiv
Du betrachtest: Windows 7 64 Zahnrad taucht öfter in Taskleiste auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27