Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner TR/Crypt.XPACK.Gen (https://www.trojaner-board.de/145773-trojaner-tr-crypt-xpack-gen.html)

cosinus 10.12.2013 19:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1630008 2013-11-19] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ (A0)] - cmd /c "C:\Users\Florian\Desktop\mbar-1.07.0.1008\mbar\mbar.exe" /rdv /s [1175352 2013-11-19] (Malwarebytes Corporation)
MountPoints2: {357fb6bc-7950-11de-8399-0021855ae3f6} - G:\Setup.exe
HKLM-x32\...\Run: [ZoneAlarm Installer] - "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {1FE409C3-756C-42BC-8C66-05184299AD10} URL = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {38ADF88A-00E3-4587-AE07-00F854EE9949} URL = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {40ED2662-1130-4FDD-B85A-8056D6F76B71} URL = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {46185118-DACB-4FE4-BAFE-9F9F0FBDB4B3} URL = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {705C678C-8F69-4064-A146-A7CA17ABA46C} URL = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {B7FD071C-7C7E-432E-97E2-350303FFF4C3} URL = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\searchplugins-backup
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{663D9283-C65C-473C-B108-A5B5DDF867FB}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{B18DE12B-B79B-4DAE-97F7-248D3CE7B02D}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{BF26EBBE-8E30-4C93-8897-6A9804D25FE0}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{CBA85C99-0E75-4EC1-8FCE-0AAC8FF81BA7}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{D24788BF-D27C-4640-A953-F9920975042B}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{EB1AED70-B008-40CF-9E33-2B235E904FF6}.xml
S0 rjaty; System32\drivers\imofugc.sys [x]
C:\Windows\System32\drivers\imofugc.sys
C:\Users\Flo\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
C:\Program Files (x86)\CheckPoint
C:\Users\Florian\AppData\Roaming\desktop.ini
C:\ProgramData\ezsid.dat
C:\ProgramData\nvUnsupRes.dat
C:\Users\Florian\avira_antivir_personal_de.exe
C:\Users\Florian\RomeTW-BI.exe
C:\Users\Florian\RomeTW.exe
C:\Users\Public\avira_antivir_personal_de.exe
C:\Users\Public\Firefox Setup 3.6.exe
C:\Users\Public\generals.exe
C:\Users\Public\generals2.exe
C:\Users\Flo\AppData\Local\Temp\*.*

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Sudden3 10.12.2013 20:10
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013
Ran by Flo at 2013-12-10 20:01:30 Run:1
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [  Malwarebytes Anti-Malware  ] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1630008 2013-11-19] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ (A0)] - cmd /c "C:\Users\Florian\Desktop\mbar-1.07.0.1008\mbar\mbar.exe" /rdv /s [1175352 2013-11-19] (Malwarebytes Corporation)
MountPoints2: {357fb6bc-7950-11de-8399-0021855ae3f6} - G:\Setup.exe
HKLM-x32\...\Run: [ZoneAlarm Installer] - "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {1FE409C3-756C-42BC-8C66-05184299AD10} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {38ADF88A-00E3-4587-AE07-00F854EE9949} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {40ED2662-1130-4FDD-B85A-8056D6F76B71} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {46185118-DACB-4FE4-BAFE-9F9F0FBDB4B3} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {705C678C-8F69-4064-A146-A7CA17ABA46C} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
SearchScopes: HKCU - {B7FD071C-7C7E-432E-97E2-350303FFF4C3} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=7df616a0-2b6d-485c-b5d8-f307259376b5&pid=icqt&mode=bounce
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\searchplugins-backup
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{663D9283-C65C-473C-B108-A5B5DDF867FB}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{B18DE12B-B79B-4DAE-97F7-248D3CE7B02D}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{BF26EBBE-8E30-4C93-8897-6A9804D25FE0}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{CBA85C99-0E75-4EC1-8FCE-0AAC8FF81BA7}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{D24788BF-D27C-4640-A953-F9920975042B}.xml
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{EB1AED70-B008-40CF-9E33-2B235E904FF6}.xml
S0 rjaty; System32\drivers\imofugc.sys [x]
C:\Windows\System32\drivers\imofugc.sys
C:\Users\Flo\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
C:\Program Files (x86)\CheckPoint
C:\Users\Florian\AppData\Roaming\desktop.ini
C:\ProgramData\ezsid.dat
C:\ProgramData\nvUnsupRes.dat
C:\Users\Florian\avira_antivir_personal_de.exe
C:\Users\Florian\RomeTW-BI.exe
C:\Users\Florian\RomeTW.exe
C:\Users\Public\avira_antivir_personal_de.exe
C:\Users\Public\Firefox Setup 3.6.exe
C:\Users\Public\generals.exe
C:\Users\Public\generals2.exe
C:\Users\Flo\AppData\Local\Temp\*.*
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\  Malwarebytes Anti-Malware  => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Rootkit (cleanup) => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ (A0) => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{357fb6bc-7950-11de-8399-0021855ae3f6} => Key deleted successfully.
HKCR\CLSID\{357fb6bc-7950-11de-8399-0021855ae3f6} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Installer => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FE409C3-756C-42BC-8C66-05184299AD10} => Key deleted successfully.
HKCR\CLSID\{1FE409C3-756C-42BC-8C66-05184299AD10} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38ADF88A-00E3-4587-AE07-00F854EE9949} => Key deleted successfully.
HKCR\CLSID\{38ADF88A-00E3-4587-AE07-00F854EE9949} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40ED2662-1130-4FDD-B85A-8056D6F76B71} => Key deleted successfully.
HKCR\CLSID\{40ED2662-1130-4FDD-B85A-8056D6F76B71} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46185118-DACB-4FE4-BAFE-9F9F0FBDB4B3} => Key deleted successfully.
HKCR\CLSID\{46185118-DACB-4FE4-BAFE-9F9F0FBDB4B3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{705C678C-8F69-4064-A146-A7CA17ABA46C} => Key deleted successfully.
HKCR\CLSID\{705C678C-8F69-4064-A146-A7CA17ABA46C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FD071C-7C7E-432E-97E2-350303FFF4C3} => Key deleted successfully.
HKCR\CLSID\{B7FD071C-7C7E-432E-97E2-350303FFF4C3} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{663D9283-C65C-473C-B108-A5B5DDF867FB}.xml => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{B18DE12B-B79B-4DAE-97F7-248D3CE7B02D}.xml => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{BF26EBBE-8E30-4C93-8897-6A9804D25FE0}.xml => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{CBA85C99-0E75-4EC1-8FCE-0AAC8FF81BA7}.xml => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{D24788BF-D27C-4640-A953-F9920975042B}.xml => Moved successfully.
C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\searchplugins\{EB1AED70-B008-40CF-9E33-2B235E904FF6}.xml => Moved successfully.
rjaty => Service deleted successfully.
"C:\Windows\System32\drivers\imofugc.sys" => File/Directory not found.
C:\Users\Flo\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk => Moved successfully.
"C:\Program Files (x86)\CheckPoint" => File/Directory not found.
C:\Users\Florian\AppData\Roaming\desktop.ini => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\ProgramData\nvUnsupRes.dat => Moved successfully.
C:\Users\Florian\avira_antivir_personal_de.exe => Moved successfully.
C:\Users\Florian\RomeTW-BI.exe => Moved successfully.
C:\Users\Florian\RomeTW.exe => Moved successfully.
C:\Users\Public\avira_antivir_personal_de.exe => Moved successfully.
C:\Users\Public\Firefox Setup 3.6.exe => Moved successfully.
C:\Users\Public\generals.exe => Moved successfully.
C:\Users\Public\generals2.exe => Moved successfully.

"C:\Users\Flo\AppData\Local\Temp\*.*" directory move:

Could not move "C:\Users\Flo\AppData\Local\Temp\*.*" directory. => Scheduled to move on reboot.

cosinus 10.12.2013 20:42
Well Done! :daumenhoc

Windows neustarten.
FRST neu runterladen auf den Desktop, diese neue FRST doppelklicken.
Haken reinmachen bei additions.txt
Auf Scan klicken
Neue Logs hier in CODE-Tags posten

Sudden3 11.12.2013 14:29
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013 01
Ran by Flo (administrator) on FLORIAN on 11-12-2013 14:22:25
Running from C:\Users\Florian\Desktop
Windows Vista (TM) Home Basic Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Megatech\MProtect\MPServ.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Dropbox, Inc.) C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files (x86)\SystemTuner 2010\BoostService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(mobile concepts) C:\Program Files (x86)\SystemTuner 2010\smartsvc.exe
(mobile concepts GmbH) C:\Program Files (x86)\SystemTuner 2010\STDefragService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [134160 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [260608 2009-04-11] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [NoInternetOpenWith] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gamer\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
HKU\Gamer\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Gamer\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
HKU\Gamer\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\Gamer\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
HKU\Gamer\...\Policies\system: [LogonHoursAction] 2
HKU\Gamer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gamer\...\Policies\system: [NoInternetOpenWith] 0
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [NoInternetOpenWith] 0
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk
ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk
ShortcutTarget: thunderbird - Verknüpfung.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
Startup: C:\Users\Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF9886A4EB230CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veoh.com/VeohTVPlugin - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll No File
FF Plugin-x32: @veoh.com/VeohWebPlayer - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Veoh Video Compass - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\Extensions\searchrecs@veoh.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\dxvmopox.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\FFVideoFinder

==================== Services (Whitelisted) =================

R2 AppBoosterService; C:\Program Files (x86)\SystemTuner 2010\BoostService.exe [1551736 2010-07-30] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 Megatech-Software-Protection; C:\Megatech\MProtect\MPSERV.EXE [36864 2007-12-12] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2010-12-16] ()
R2 SmartSvcWMP; C:\Program Files (x86)\SystemTuner 2010\smartsvc.exe [3889016 2010-07-30] (mobile concepts)
R2 SysTunerDSrvc; C:\Program Files (x86)\SystemTuner 2010\STDefragService.exe [3995512 2010-07-30] (mobile concepts GmbH)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49104 2012-12-13] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73168 2012-12-13] (Cisco Systems, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2009-08-13] ()
R3 GEARAspiWDM; C:\Windows\SysWow64\DRIVERS\GEARAspiWDM.sys [15664 2012-06-22] (GEAR Software Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2009-08-13] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2013-12-09] (Malwarebytes Corporation)
S3 MSI_DVD_010507; C:\Program Files (x86)\MSI\Live Update 5\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\Program Files (x86)\MSI\Live Update 5\VGASYS64_100507.sys [14960 2010-05-10] ()
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S2 PLCNDIS5; C:\Windows\SysWow64\plcndis5.sys [17280 2004-05-17] (Intellon, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-07-25] ()
R3 usbehci; C:\Windows\SysWow64\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 14:22 - 2013-12-11 14:22 - 01928212 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2013-12-11 14:01 - 2013-11-15 03:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 14:01 - 2013-11-15 02:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 14:01 - 2013-11-15 02:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 14:01 - 2013-11-15 02:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 14:01 - 2013-11-15 02:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 14:01 - 2013-11-15 02:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 14:01 - 2013-11-15 02:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 14:01 - 2013-11-15 02:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 14:01 - 2013-11-15 02:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 14:01 - 2013-11-15 02:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 14:01 - 2013-11-15 02:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 14:01 - 2013-11-15 02:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 14:01 - 2013-11-15 02:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 14:01 - 2013-11-15 02:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 14:01 - 2013-11-15 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 14:01 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 14:01 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 14:01 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 14:01 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 14:01 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 14:01 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-11 14:01 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 14:01 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 14:01 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-11 14:01 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-11 14:01 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 14:01 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 14:01 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-11 14:01 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 14:01 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 14:00 - 2013-11-15 02:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 14:00 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 12:33 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 12:33 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 12:33 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 12:33 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 12:33 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 12:33 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 12:33 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 12:33 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 12:33 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 12:33 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2013-12-11 12:33 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 12:33 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 12:29 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 12:29 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 12:29 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 23:08 - 2013-12-10 23:09 - 01928110 _____ (Farbar) C:\Users\Florian\Downloads\FRST64(1).exe
2013-12-10 15:59 - 2013-12-10 15:59 - 04733496 _____ (AVAST Software) C:\Users\Florian\Downloads\avast_free_antivirus_setup_online_fdi-a.exe
2013-12-10 13:06 - 2013-12-11 14:22 - 00000000 ____D C:\Users\Florian\Desktop\FRST-OlderVersion
2013-12-10 13:04 - 2013-12-10 13:04 - 00001897 _____ C:\Users\Florian\Desktop\JRT.txt
2013-12-10 11:57 - 2013-12-10 11:57 - 00001897 _____ C:\Users\Flo\Desktop\JRT.txt
2013-12-10 11:47 - 2013-12-10 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-12-10 11:04 - 2013-12-10 11:07 - 00000000 ____D C:\AdwCleaner
2013-12-10 11:02 - 2013-12-10 11:02 - 01034531 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2013-12-10 11:02 - 2013-12-10 11:02 - 01034531 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2013-12-10 11:02 - 2013-12-10 11:01 - 01110034 _____ C:\Users\Florian\Desktop\adwcleaner.exe
2013-12-10 11:01 - 2013-12-10 11:01 - 01110034 _____ C:\Users\Florian\Downloads\adwcleaner.exe
2013-12-09 14:14 - 2013-12-09 14:14 - 00283352 _____ C:\Windows\Minidump\Mini120913-01.dmp
2013-12-09 13:19 - 2013-12-09 15:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-09 13:19 - 2013-12-09 14:21 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-09 13:17 - 2013-12-09 13:17 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-09 13:16 - 2013-12-09 13:16 - 00000000 ____D C:\Users\Florian\Desktop\mbar-1.07.0.1008
2013-12-09 13:16 - 2013-12-09 13:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Florian\Desktop\mbar-1.07.0.1008.exe
2013-12-09 13:14 - 2013-12-09 13:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Florian\Downloads\mbar-1.07.0.1008.exe
2013-12-08 23:40 - 2013-12-08 23:40 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Malwarebytes
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 23:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-08 23:30 - 2013-12-11 14:22 - 00017282 _____ C:\Users\Florian\Desktop\FRST.txt
2013-12-08 23:30 - 2013-12-10 23:14 - 00028462 _____ C:\Users\Florian\Desktop\Addition.txt
2013-12-08 23:29 - 2013-12-08 23:30 - 00027243 _____ C:\Users\Florian\Downloads\Addition.txt
2013-12-08 23:27 - 2013-12-08 23:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Florian\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-08 23:26 - 2013-12-11 14:22 - 00000000 ____D C:\FRST
2013-12-08 23:26 - 2013-12-08 23:30 - 00042072 _____ C:\Users\Florian\Downloads\FRST.txt
2013-12-08 23:24 - 2013-12-08 23:24 - 01927998 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2013-12-08 20:51 - 2013-12-08 20:54 - 00003974 _____ C:\Users\Florian\Desktop\Ereignisse.txt
2013-12-03 17:38 - 2013-12-03 17:45 - 75479931 _____ C:\Users\Florian\Downloads\Jamboree-Toolkit_20131122.zip
2013-12-03 15:16 - 2013-12-03 15:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-29 09:17 - 2013-11-29 09:17 - 00283296 _____ C:\Windows\Minidump\Mini112913-01.dmp
2013-11-14 18:09 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:09 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:09 - 2013-10-11 03:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-14 18:09 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:09 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:09 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:09 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:09 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:09 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 17:55 - 2013-11-14 17:55 - 104278918 _____ C:\Windows\SysWOW64\軞๶Ú
2013-11-11 21:11 - 2013-11-11 21:11 - 00009224 _____ C:\Users\Florian\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2013-12-11 14:22 - 2013-12-11 14:22 - 01928212 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2013-12-11 14:22 - 2013-12-10 13:06 - 00000000 ____D C:\Users\Florian\Desktop\FRST-OlderVersion
2013-12-11 14:22 - 2013-12-08 23:30 - 00017282 _____ C:\Users\Florian\Desktop\FRST.txt
2013-12-11 14:22 - 2013-12-08 23:26 - 00000000 ____D C:\FRST
2013-12-11 14:22 - 2009-07-28 19:55 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Skype
2013-12-11 14:21 - 2011-07-06 13:38 - 00000000 ___RD C:\Users\Florian\Dropbox
2013-12-11 14:21 - 2011-07-06 13:35 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Dropbox
2013-12-11 14:20 - 2011-04-29 13:33 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2013-12-11 14:20 - 2009-07-23 11:51 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 14:18 - 2009-07-22 21:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 14:18 - 2006-11-02 16:35 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 14:18 - 2006-11-02 16:17 - 00004000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 14:18 - 2006-11-02 16:17 - 00004000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 14:18 - 2006-11-02 16:16 - 00370784 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 14:16 - 2006-11-02 16:35 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 14:15 - 2012-09-13 22:33 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-11 14:15 - 2008-01-21 02:52 - 01510069 _____ C:\Windows\WindowsUpdate.log
2013-12-11 13:59 - 2009-07-23 11:51 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 13:30 - 2012-03-30 13:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 12:31 - 2012-03-30 13:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:31 - 2012-03-30 13:43 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 12:31 - 2011-05-19 13:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 23:14 - 2013-12-08 23:30 - 00028462 _____ C:\Users\Florian\Desktop\Addition.txt
2013-12-10 23:09 - 2013-12-10 23:08 - 01928110 _____ (Farbar) C:\Users\Florian\Downloads\FRST64(1).exe
2013-12-10 20:01 - 2009-07-23 11:38 - 00000000 ____D C:\Users\Florian
2013-12-10 17:39 - 2009-08-25 17:27 - 00176640 _____ C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-10 16:43 - 2008-01-21 10:48 - 18346502 _____ C:\Windows\system32\perfh007.dat
2013-12-10 16:43 - 2008-01-21 10:48 - 05892906 _____ C:\Windows\system32\perfc007.dat
2013-12-10 16:43 - 2008-01-21 10:48 - 00006674 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 16:16 - 2012-01-28 15:56 - 00112158 _____ C:\Windows\PFRO.log
2013-12-10 16:13 - 2011-10-16 13:26 - 00000000 ____D C:\ProgramData\Avira
2013-12-10 15:59 - 2013-12-10 15:59 - 04733496 _____ (AVAST Software) C:\Users\Florian\Downloads\avast_free_antivirus_setup_online_fdi-a.exe
2013-12-10 13:57 - 2009-11-19 17:17 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-10 13:04 - 2013-12-10 13:04 - 00001897 _____ C:\Users\Florian\Desktop\JRT.txt
2013-12-10 12:55 - 2009-07-22 20:27 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Thunderbird
2013-12-10 12:55 - 2009-07-22 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-10 11:57 - 2013-12-10 11:57 - 00001897 _____ C:\Users\Flo\Desktop\JRT.txt
2013-12-10 11:47 - 2013-12-10 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-12-10 11:27 - 2010-10-15 14:05 - 00000000 ____D C:\Users\Flo\AppData\Roaming\CheckPoint
2013-12-10 11:27 - 2010-07-04 12:04 - 00000000 ____D C:\Users\Gamer\AppData\Roaming\CheckPoint
2013-12-10 11:27 - 2009-11-24 15:03 - 00000000 ____D C:\ProgramData\ICQ
2013-12-10 11:07 - 2013-12-10 11:04 - 00000000 ____D C:\AdwCleaner
2013-12-10 11:04 - 2009-07-22 17:36 - 00000000 ____D C:\Users\Flo
2013-12-10 11:02 - 2013-12-10 11:02 - 01034531 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2013-12-10 11:02 - 2013-12-10 11:02 - 01034531 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2013-12-10 11:01 - 2013-12-10 11:02 - 01110034 _____ C:\Users\Florian\Desktop\adwcleaner.exe
2013-12-10 11:01 - 2013-12-10 11:01 - 01110034 _____ C:\Users\Florian\Downloads\adwcleaner.exe
2013-12-09 15:10 - 2013-12-09 13:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-09 14:21 - 2013-12-09 13:19 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-09 14:14 - 2013-12-09 14:14 - 00283352 _____ C:\Windows\Minidump\Mini120913-01.dmp
2013-12-09 14:14 - 2009-07-22 19:23 - 00000000 ____D C:\Windows\Minidump
2013-12-09 14:14 - 2009-07-22 19:22 - 453987756 _____ C:\Windows\MEMORY.DMP
2013-12-09 14:08 - 2009-09-08 23:00 - 00000000 ____D C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2013-12-09 14:05 - 2009-11-19 19:07 - 00000000 ____D C:\Users\Public\Modern Warfare 2
2013-12-09 13:17 - 2013-12-09 13:17 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-09 13:16 - 2013-12-09 13:16 - 00000000 ____D C:\Users\Florian\Desktop\mbar-1.07.0.1008
2013-12-09 13:15 - 2013-12-09 13:16 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Florian\Desktop\mbar-1.07.0.1008.exe
2013-12-09 13:15 - 2013-12-09 13:14 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Florian\Downloads\mbar-1.07.0.1008.exe
2013-12-08 23:40 - 2013-12-08 23:40 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Malwarebytes
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 23:40 - 2013-12-08 23:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 23:30 - 2013-12-08 23:29 - 00027243 _____ C:\Users\Florian\Downloads\Addition.txt
2013-12-08 23:30 - 2013-12-08 23:26 - 00042072 _____ C:\Users\Florian\Downloads\FRST.txt
2013-12-08 23:29 - 2013-12-08 23:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Florian\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-08 23:24 - 2013-12-08 23:24 - 01927998 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2013-12-08 22:21 - 2009-07-22 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-08 20:54 - 2013-12-08 20:51 - 00003974 _____ C:\Users\Florian\Desktop\Ereignisse.txt
2013-12-06 11:54 - 2009-07-23 11:51 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 11:54 - 2009-07-23 11:51 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 13:16 - 2012-10-20 16:37 - 00002555 _____ C:\Users\Florian\Desktop\AutoCAD 2012 - Deutsch (2).lnk
2013-12-03 17:45 - 2013-12-03 17:38 - 75479931 _____ C:\Users\Florian\Downloads\Jamboree-Toolkit_20131122.zip
2013-12-03 15:16 - 2013-12-03 15:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-29 09:17 - 2013-11-29 09:17 - 00283296 _____ C:\Windows\Minidump\Mini112913-01.dmp
2013-11-27 22:48 - 2012-03-26 14:48 - 00024070 _____ C:\Windows\setupact.log
2013-11-25 15:29 - 2009-08-26 13:31 - 00000000 ____D C:\Users\Florian\AppData\Roaming\vlc
2013-11-20 17:54 - 2013-06-12 12:45 - 00000000 ____D C:\Users\Florian\AppData\Roaming\FileZilla
2013-11-19 11:27 - 2009-07-28 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-19 11:27 - 2009-07-28 19:54 - 00000000 ____D C:\ProgramData\Skype
2013-11-19 03:33 - 2009-10-03 11:15 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 17:43 - 2012-10-30 16:14 - 00000000 ____D C:\Users\Florian\Fh Energie und Gebäudetechnik
2013-11-15 17:27 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2013-11-15 16:35 - 2013-08-14 16:21 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 16:30 - 2006-11-02 13:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-15 03:09 - 2013-12-11 14:01 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 02:42 - 2013-12-11 14:00 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 02:37 - 2013-12-11 14:01 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 02:29 - 2013-12-11 14:01 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 02:29 - 2013-12-11 14:01 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 02:28 - 2013-12-11 14:01 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 02:28 - 2013-12-11 14:01 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 02:25 - 2013-12-11 14:01 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 02:22 - 2013-12-11 14:01 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 02:20 - 2013-12-11 14:01 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 02:20 - 2013-12-11 14:01 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 02:19 - 2013-12-11 14:01 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 02:19 - 2013-12-11 14:01 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 02:18 - 2013-12-11 14:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 02:18 - 2013-12-11 14:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 02:12 - 2013-12-11 14:01 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 00:13 - 2013-12-11 14:01 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 23:50 - 2013-12-11 14:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 23:50 - 2013-12-11 14:00 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 23:43 - 2013-12-11 14:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 23:42 - 2013-12-11 14:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 23:42 - 2013-12-11 14:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 23:41 - 2013-12-11 14:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 23:40 - 2013-12-11 14:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 23:38 - 2013-12-11 14:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 23:38 - 2013-12-11 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 23:38 - 2013-12-11 14:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 23:37 - 2013-12-11 14:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 23:36 - 2013-12-11 14:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 23:36 - 2013-12-11 14:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 23:35 - 2013-12-11 14:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 23:32 - 2013-12-11 14:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 17:55 - 2013-11-14 17:55 - 104278918 _____ C:\Windows\SysWOW64\軞๶Ú
2013-11-12 15:18 - 2010-12-24 22:37 - 00000000 ____D C:\Users\Florian\AppData\Roaming\ArcSoft
2013-11-11 21:30 - 2013-10-01 13:59 - 00000000 ____D C:\Users\Florian\.gimp-2.8
2013-11-11 21:11 - 2013-11-11 21:11 - 00009224 _____ C:\Users\Florian\AppData\Local\recently-used.xbel
2013-11-11 21:11 - 2013-10-01 14:03 - 00000000 ____D C:\Users\Florian\AppData\Local\gtk-2.0

Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Flo\AppData\Local\Temp\APNStub.exe
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\AutoRun.exe
C:\Users\Flo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Flo\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Flo\AppData\Local\Temp\fx-runtime.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Flo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Flo\AppData\Local\Temp\nvStInst.exe
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe
C:\Users\Flo\AppData\Local\Temp\setup.exe
C:\Users\Flo\AppData\Local\Temp\ST2010_Update11.exe
C:\Users\Flo\AppData\Local\Temp\tbZone.dll
C:\Users\Flo\AppData\Local\Temp\Uninstall.exe
C:\Users\Flo\AppData\Local\Temp\wusetup.exE
C:\Users\Flo\AppData\Local\Temp\_is1277.exe
C:\Users\Flo\AppData\Local\Temp\_is1FFE.exe
C:\Users\Flo\AppData\Local\Temp\_is2429.exe
C:\Users\Flo\AppData\Local\Temp\_is34A6.exe
C:\Users\Flo\AppData\Local\Temp\_is492.exe
C:\Users\Flo\AppData\Local\Temp\_is5D0D.exe
C:\Users\Flo\AppData\Local\Temp\_is8516.exe
C:\Users\Flo\AppData\Local\Temp\_is9701.exe
C:\Users\Flo\AppData\Local\Temp\_is9E59.exe
C:\Users\Flo\AppData\Local\Temp\_isCDD9.exe
C:\Users\Flo\AppData\Local\Temp\_isE4A4.exe
C:\Users\Flo\AppData\Local\Temp\_isEA83.exe
C:\Users\Flo\AppData\Local\Temp\_isFDDE.exe
C:\Users\Florian\AppData\Local\Temp\0.15529781920934638fdrgs.exe
C:\Users\Florian\AppData\Local\Temp\0.4155339681192698fdrgs.exe
C:\Users\Florian\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Florian\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\Florian\AppData\Local\Temp\AskSLib.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\bassmod.dll
C:\Users\Florian\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Florian\AppData\Local\Temp\DivXSetup.exe
C:\Users\Florian\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Florian\AppData\Local\Temp\E8FC7D~1.exe
C:\Users\Florian\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Florian\AppData\Local\Temp\hamachi-update-2.0.3.111.exe
C:\Users\Florian\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Florian\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Florian\AppData\Local\Temp\lgps.exe
C:\Users\Florian\AppData\Local\Temp\Nokia_Ovi_Suite_PCS_Update.exe
C:\Users\Florian\AppData\Local\Temp\Nokia_PC_Suite_7_1_30_9_ger.exe
C:\Users\Florian\AppData\Local\Temp\Nokia_PC_Suite_7_1_40_1_ger.exe
C:\Users\Florian\AppData\Local\Temp\setpointdeu.exe
C:\Users\Florian\AppData\Local\Temp\settlershok.exe
C:\Users\Florian\AppData\Local\Temp\SIntf16.dll
C:\Users\Florian\AppData\Local\Temp\SIntf32.dll
C:\Users\Florian\AppData\Local\Temp\SIntfNT.dll
C:\Users\Florian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Florian\AppData\Local\Temp\ubi418C.tmp.exe
C:\Users\Florian\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Florian\AppData\Local\Temp\_isAC83.exe
C:\Users\Gamer\AppData\Local\Temp\SIntf16.dll
C:\Users\Gamer\AppData\Local\Temp\SIntf32.dll
C:\Users\Gamer\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 14:23

==================== End Of Log ============================
--- --- ---


Additions:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2013 01
Ran by Flo at 2013-12-11 14:26:39
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader 9.5.4 - Deutsch (x32 Version: 9.5.4)
Age of Mythology (x32)
Apple Application Support (x32 Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (x32 Version: 2.1.1.116)
AutoCAD 2012 - Deutsch (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - Deutsch (Version: 18.2.51.0)
Autodesk Content Service (x32 Version: 2.0.90)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
Battlefield 1942: Secret Weapons of WWII (x32)
Battlefield 1942: The Road To Rome (x32)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.0.0)
Bonjour (Version: 2.0.5.0)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32)
CDDRV_Installer (Version: 4.24.15)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02026)
Command & Conquer Generals (x32 Version: 0.50.0000)
Command and Conquer(TM) Generäle Die Stunde Null  (x32 Version: 1.00.0000)
devolo dLAN-Konfigurationsassistent (x32 Version: 9.0.0.0)
devolo EasyClean (x32 Version: 3.0.0.0)
devolo EasyShare (x32 Version: 4.0.0.0)
devolo Informer (x32 Version: 15.0.0.0)
Die Schlacht um Mittelerde™ II (x32)
DIE SIEDLER - Das Erbe der Könige (x32 Version: 1.00.0000)
Digital Camera Driver (x32)
DivX-Setup (x32 Version: 2.0.4.2)
EE-ZDE (x32)
Empire Earth (x32)
erLT (x32 Version: 0.72.105)
Fallout 3 (x32 Version: 1.00.0000)
Far Cry 2 (x32 Version: 1.00.00)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
Forte Free 2.0 (x32)
Free Audio CD Burner version 1.4.8 (x32)
Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031)
GIMP 2.8.6 (Version: 2.8.6)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Gothic III (x32 Version: 1.00.0000)
GPL Ghostscript (x32 Version: 9.10)
Grand Theft Auto San Andreas (x32 Version: 1.00.00001)
Grand Theft Auto Vice City (x32 Version: 1.00.000)
GRID (x32 Version: 1.10.0000)
GTK+ Runtime 2.14.7 rev a (nur entfernen) (x32)
HdR Die Rückkehr des Königs tm (x32)
IrfanView (remove only) (x32 Version: 4.36)
iTunes (Version: 10.2.2.12)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.0)
KhalInstallWrapper (Version: 4.24.99)
kikin Plugin (Murb.com Edition) 1.11 (x32 Version: 1.11)
Liveupdate5 (x32)
Logitech Gaming Software 8.12 (Version: 8.12.030)
Logitech SetPoint (x32 Version: 4.24)
LogMeIn Hamachi (x32 Version: 2.2.0.109)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Go (x32 Version: 2.5.290)
Media Go Video Playback Engine 1.120.108.05010 (x32 Version: 1.120.108.05010)
MegaCAD 3D 2009  (x32)
Metro 2033 (x32)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Age of Empires II (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.2.217.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Microsoft WorldWide Telescope (x32 Version: 3.0.5)
MozBackup 1.4.10 (x32)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 15.0.1)
Mozilla Thunderbird (3.1.10) (x32 Version: 3.1.10 (de))
MSVC80_x64 (Version: 1.0.1.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86 (x32 Version: 1.0.1.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.31.0)
Nokia PC Suite (x32 Version: 7.1.40.1)
Nokia Software Updater (x32 Version: 02.06.006.44298)
NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Oblivion (x32 Version: 1.00.0000)
OpenAL (x32)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
PC Connectivity Solution (x32 Version: 10.42.0.0)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.1)
Philips Songbird (x32 Version: 5.2.1953 (1953))
Picasa 3 (x32 Version: 3.9)
PlayStation(R)Store (x32 Version: 4.16.2.15545)
PunkBuster für Battlefield 1942 (x32)
PunkBuster Services (x32 Version: 0.986)
PVSonyDll (Version: 1.00.0001)
Questpaket 4 Update 2 Deinstallation (x32 Version: 4.2.0.0)
QuickTime (x32 Version: 7.69.80.9)
RarZilla Free Unrar 2.53 (x32 Version: 2.53)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)
RocketDock 1.3.5 (x32)
Rome - Total War - Gold Edition (x32 Version: 1.6)
Scribus 1.4.3 (x32 Version: 1.4.3)
Skype Click to Call (x32 Version: 5.10.9560)
Skype™ 6.10 (x32 Version: 6.10.104)
SolidWorks 2010 x64 Edition SP02.1 (Version: 18.121.12)
SolidWorks 2010 x64 Edition SP02.1 (x32 Version: 18.2.1.12)
SolidWorks eDrawings 2010 (x32 Version: 10.2.122)
Sony Ericsson Update Engine (x32 Version: 2.13.8.201307151333)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Steam (x32 Version: 1.0.0.0)
Stellarium 0.10.6.1 (x32)
SystemTuner 2010 (x32)
The Elder Scrolls V: Skyrim (x32)
The Witcher 2 (x32 Version: 1.00.0000)
The Witcher Enhanced Edition (x32 Version: 1.00.0000)
Two Worlds (x32 Version: 1.7.0)
Uniblue RegistryBooster (x32 Version: 6.0.0.6)
Uninstall 1.0.0.1 (x32)
Unreal Tournament 3 (HKCU Version: 1.00.0000)
Unreal Tournament 3 (x32 Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VC 9.0 Runtime (x32 Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VLC media player 1.0.0 (x32 Version: 1.0.0)
Winamp (x32 Version: 5.61 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8) (Version: 05/22/2008 3.8)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1) (Version: 05/22/2008 7.00.0.1)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)

==================== Restore Points  =========================

11-12-2013 13:00:12 Windows Update

==================== Hosts content: ==========================

2006-11-02 13:34 - 2013-06-06 12:36 - 00000800 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
129.187.254.28        asa-cluster.lrz.de


==================== Scheduled Tasks (whitelisted) =============

Task: {414E5A7B-C445-4653-B3DE-CDABF095F18D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Flo => C:\Windows.old\Program Files\Windows Calendar\WinCal.exe
Task: {50ADD0D0-8594-412B-8E42-7871836A17CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {534D3440-2FBD-4B57-A75E-DE1F53F7852A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5E2BFD19-F16A-4CDF-AEE1-4807F825EAD1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {5E73BCE2-E96E-4A39-B427-CD3D84268754} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {68A8AD13-F942-4412-BF4A-30D77F3BB8BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7AA892C6-221C-48EF-AEA7-2E289FDFEB30} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {8CCAFD2C-6363-4B61-A6A9-AD0A7050F76A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-07-23] (Google Inc.)
Task: {90041FA5-8EF9-4890-AE60-182FCFFF4220} - System32\Tasks\{964A8883-8628-4E79-B51C-EC30851B3F97} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: {9219483D-1FBC-4FD6-A22D-C23EA923C427} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {D1724080-034D-4D51-8D1C-DA37D8D9E0C4} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\System32\MdRes.exe [2006-11-02] (Microsoft Corporation)
Task: {E3FDECBD-D79D-44DB-A7EB-A9196C31B0ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-07-23] (Google Inc.)
Task: {EB4A7377-E0EE-45C0-8EBF-A8983622899A} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-07-23 18:31 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2008-08-12 10:16 - 2008-08-12 10:16 - 02023424 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2008-07-29 13:01 - 2008-07-29 13:01 - 07331840 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2008-07-29 12:50 - 2008-07-29 12:50 - 00364544 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2008-07-29 13:47 - 2008-07-29 13:47 - 00135168 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2008-07-29 13:47 - 2008-07-29 13:47 - 00016384 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2008-07-29 13:11 - 2008-07-29 13:11 - 00253952 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2013-07-07 14:49 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-07-07 14:49 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-07-07 14:49 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-07-07 14:49 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2013-05-14 08:38 - 2013-05-14 08:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Florian\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-04 14:36 - 2010-05-04 14:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter #12
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #13
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #14
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #15
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 02:19:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\F\14> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\F\14> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\3\D3> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\3\D3> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\79> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\79> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\B\E9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\B\E9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\7B> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (12/11/2013 02:22:04 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (12/11/2013 02:22:04 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (12/11/2013 02:19:05 PM) (Source: Service Control Manager) (User: )
Description: PLCNDIS5 NDIS Protocol Driver%%2

Error: (12/11/2013 00:16:56 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (12/11/2013 00:13:44 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (12/11/2013 00:13:44 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (12/11/2013 00:13:15 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/11/2013 00:13:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Google Update Service (gupdate)

Error: (12/11/2013 00:12:09 PM) (Source: Service Control Manager) (User: )
Description: Windows-Dienst für Schriftartencache%%1053

Error: (12/11/2013 00:12:09 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows-Dienst für Schriftartencache


Microsoft Office Sessions:
=========================
Error: (12/11/2013 02:19:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\F\14

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\F\14

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\3\D3

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\3\D3

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\79

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\79

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\B\E9

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\B\E9

Error: (12/11/2013 02:06:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\FLORIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KAPIGARU.DEFAULT\CACHE\4\7B


CodeIntegrity Errors:
===================================
  Date: 2013-12-11 14:23:11.154
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.982
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.426
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.252
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:10.065
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:23:09.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:22:36.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-11 14:22:36.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 4094.26 MB
Available physical RAM: 1643.68 MB
Total Pagefile: 8363.77 MB
Available Pagefile: 5879.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:428.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SKYRIM_DE) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF
Drive e: () (Fixed) (Total:103.83 GB) (Free:63.53 GB) NTFS
Drive f: () (Fixed) (Total:48.84 GB) (Free:20.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 153 GB) (Disk ID: 45A945A8)
Partition 1: (Active) - (Size=104 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 5058E1E4)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 11.12.2013 16:03
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Sudden3 11.12.2013 16:49
Ich hab alle USB- Sticks angeschlossen und der Scan von Malwarebytes ergab:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.11.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLORIAN [Administrator]

11.12.2013 16:24:44
MBAM-log-2013-12-11 (16-46-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 314777
Laufzeit: 18 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Users\Flo\AppData\Local\Temp\conduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\LoadTubes_Silent.zip (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\bbf00f9d4bb6a2e678589c351ef6619c\conduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Florian\Downloads\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Florian\Downloads\winamp561_full_emusic-7plus_de-de(1).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Florian\Downloads\winamp561_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
Ich mach gleich noch nen Scan mit Eset

cosinus 11.12.2013 17:19
Nur Müll in Temp und im Download-Ordner. Den solltest du übrigens auch mal leeren, man muss da Setups nicht bis zum St. Nimmerleinstag aufbewahren.

Warten wir mal was ESET sagt

Sudden3 13.12.2013 09:41
Der Eset Scan:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=14b762f7c98e024cbae803540ac27d16
# engine=16232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-11 10:50:01
# local_time=2013-12-11 11:50:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 112079 224326261 0 0
# scanned=547172
# found=0
# cleaned=0
# scan_time=24863
der Download Ordner ist auch gelöscht.

cosinus 13.12.2013 15:29
Gut. Dann mal zum Abschluss TFC ausführen:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Sudden3 14.12.2013 12:50
TFC erfolgreich durchgelaufen.

Ich hab nochmal Malwarebytes drüber laufen lassen und das kam raus:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.11.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Florian :: FLORIAN [limited]

14.12.2013 12:30:54
MBAM-log-2013-12-14 (12-48-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198396
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Flo\AppData\Local\Temp\conduitinstaller.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\LoadTubes_Silent.zip (PUP.LoadTubes) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\npm.dll (PUP.LoadTubes) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\ytdl.exe (PUP.LoadTubes) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\loadtbs\ytdl.exe (PUP.LoadTubes) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\bbf00f9d4bb6a2e678589c351ef6619c\conduitinstaller.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)
Ist das unbedenklich?

cosinus 15.12.2013 19:30
Zitat:
C:\Users\Flo\AppData\Local\Temp\conduitinstaller.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Flo\AppData\Local\Temp\LoadTubes_Silent.zip (PUP.LoadTubes) -> No action taken.
Du hast dir schon wieder Müll runtergeladen. Anders lässt sich das nicht erklären, denn nach TFC sind alle Tempordner leer.

Zitat:
Florian :: FLORIAN [limited]
Du hattest keine Adminrechte beim Scan mit MBAM? :wtf:

Sudden3 16.12.2013 12:52
Ich hab mir nur den VLC Media player runter geladen.

Ich hab nochmal TFC und danach Malewarebaytes drüber laufen lassen. Der Ordner is trotzdem nicht leer

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.11.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLORIAN [Administrator]

16.12.2013 12:23:26
MBAM-log-2013-12-16 (12-49-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 296883
Laufzeit: 11 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Flo\AppData\Local\Temp\conduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\LoadTubes_Silent.zip (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Flo\AppData\Local\Temp\bbf00f9d4bb6a2e678589c351ef6619c\conduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)

cosinus 16.12.2013 13:00
Zitat:
Ich hab mir nur den VLC Media player runter geladen.
Aber bestimmt nicht von videolan.org

Sudden3 16.12.2013 13:10
Ne auf VLC Media Player - kostenlos in deutsch - DOWNLOAD

aber derm Temp Ordner müsste ja jetz trotzdem leer sein.

cosinus 16.12.2013 14:07
Zitat:
Zitat von Sudden3 (Beitrag 1214306)
Ne auf VLC Media Player - kostenlos in deutsch - DOWNLOAD

aber derm Temp Ordner müsste ja jetz trotzdem leer sein.
Ja, vlc.de ist bekannt dafür. Und auch nicht die Original-Projektseite, das ist videolan.org und nicht vlc.de

adwcleaner und JRT neu runterladen und wieder ausführen


edit: angeblich soll vlc.de die Setups nicht verändert haben...aber die Startseite wird umgeschwenkt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:15 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131