Fund von Adw-Cleaner
Hallo,
AdwCleaner hat etwas gefunden.(Siehe Log)
Als Log auch Frst und Malwarebytes.
Sind weitere Maßnahmen erforderlich?
LGG
PS: Meine eMail Adressen sind lt.Überprüfung clean! Code:
# AdwCleaner v3.017 - Bericht erstellt am 22/01/2014 um 18:45:56
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Claus - CLAUS-PC
# Gestartet von : C:\Users\Claus\Desktop\AdwCleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Claus\AppData\Roaming\Mozilla\Firefox\Profiles\vtz5bua3.default-1388416262325\prefs.js ]
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [958 octets] - [16/12/2013 11:49:20]
AdwCleaner[R10].txt - [1615 octets] - [05/01/2014 18:28:19]
AdwCleaner[R11].txt - [1676 octets] - [11/01/2014 17:55:14]
AdwCleaner[R12].txt - [1737 octets] - [14/01/2014 18:33:27]
AdwCleaner[R13].txt - [1187 octets] - [22/01/2014 18:45:56]
AdwCleaner[R1].txt - [982 octets] - [16/12/2013 11:51:30]
AdwCleaner[R2].txt - [1053 octets] - [17/12/2013 08:17:49]
AdwCleaner[R3].txt - [1114 octets] - [20/12/2013 14:17:12]
AdwCleaner[R4].txt - [1437 octets] - [24/12/2013 14:37:19]
AdwCleaner[R5].txt - [1300 octets] - [25/12/2013 09:43:37]
AdwCleaner[R6].txt - [1360 octets] - [28/12/2013 09:46:01]
AdwCleaner[R7].txt - [1434 octets] - [30/12/2013 19:36:42]
AdwCleaner[R8].txt - [1494 octets] - [01/01/2014 18:21:55]
AdwCleaner[R9].txt - [1554 octets] - [02/01/2014 10:42:18]
AdwCleaner[S0].txt - [1498 octets] - [24/12/2013 14:38:36]
########## EOF - C:\AdwCleaner\AdwCleaner[R13].txt - [1847 octets] ##########
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01
Ran by Claus (administrator) on CLAUS-PC on 22-01-2014 18:59:55
Running from C:\Users\Claus\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-10] (BillP Studios)
HKU\UpdatusUser\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
Startup: C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeueDatenbank.kdbx ()
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: AutorunsDisabled\grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: AutorunsDisabled\ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: AutorunsDisabled\viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - No File
Handler: AutorunsDisabled\wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Filter: AutorunsDisabled - No CLSID Value - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 09 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 22 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Claus\AppData\Roaming\Mozilla\Firefox\F:\Firefox Acronis
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Claus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-06-25]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2013-09-18]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-09-18]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-09-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-17]
Chrome:
=======
CHR DefaultSearchURL: https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_1\npcoplgn.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Extension: (AdBlock) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-05]
CHR Extension: (RSS Live Links) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph [2013-10-05]
CHR Extension: (Drucken) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2013-10-05]
CHR Extension: (Gradient) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipehkhefmnpkdbcpgbononhiohcabocp [2013-10-05]
CHR Extension: (Cookies) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2013-10-05]
CHR Extension: (Save as PDF) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2013-10-05]
CHR Extension: (Bookmarked tabs to the front) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmllilpdpplbmjdjhlkagmimpgdflphb [2013-10-06]
CHR Extension: (Google Wallet) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (ScriptSafe) - C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2013-10-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-03-03] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S3 FGICNHGYUO; C:\Users\Claus\AppData\Local\Temp\FGICNHGYUO.exe [383872 2014-01-18] (Sysinternals - www.sysinternals.com)
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
S3 KWHGZNP; C:\Users\Claus\AppData\Local\Temp\KWHGZNP.exe [576384 2014-01-18] (Sysinternals - www.sysinternals.com)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
==================== Drivers (Whitelisted) ====================
S3 ampa; C:\Windows\system32\ampa.sys [12728 2011-12-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2013-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-31] (AVG Technologies)
R3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-01-22] (Malwarebytes Corporation)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-11-06] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-11-06] (RapidSolution Software AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [60544 2012-10-22] (Silicon Laboratories)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-20] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2012-11-06] (RapidSolution Software AG)
S3 catchme; \??\C:\Users\Claus\AppData\Local\Temp\catchme.sys [x]
U3 DfSdkS;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 18:55 - 2014-01-22 19:00 - 00015209 _____ C:\Users\Claus\Desktop\FRST.txt
2014-01-22 18:55 - 2014-01-22 18:55 - 01221632 _____ (Farbar) C:\Users\Claus\Desktop\FRST.exe
2014-01-22 18:48 - 2014-01-22 18:48 - 00001928 _____ C:\Users\Claus\Desktop\AdwCleaner[R13].txt
2014-01-22 18:46 - 2014-01-22 18:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-22 18:45 - 2014-01-22 18:45 - 01236282 _____ C:\Users\Claus\Desktop\AdwCleaner.exe
2014-01-17 16:51 - 2014-01-17 16:52 - 00000000 _____ C:\Users\Claus\query
2014-01-17 16:35 - 2014-01-17 16:36 - 00000000 ____D C:\Users\Claus\AppData\Roaming\tor
2014-01-17 16:33 - 2014-01-17 16:38 - 00000000 _____ C:\Users\Claus\sc
2014-01-17 14:02 - 2014-01-17 14:02 - 00000000 ____D C:\Windows\Minidump
2014-01-15 18:14 - 2014-01-15 18:14 - 00005384 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 18:14 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-15 18:14 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-15 18:14 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-15 18:14 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-15 08:32 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:32 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:32 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:32 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:39 - 2014-01-22 18:50 - 00001176 _____ C:\Windows\setupact.log
2014-01-14 18:39 - 2014-01-14 18:39 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 18:10 - 2013-12-23 18:10 - 00000000 ____D C:\Program Files\WugFresh Development
==================== One Month Modified Files and Folders =======
2014-01-22 19:00 - 2014-01-22 18:55 - 00015209 _____ C:\Users\Claus\Desktop\FRST.txt
2014-01-22 18:59 - 2012-12-31 16:17 - 00000000 ____D C:\Users\Claus\AppData\Roaming\FRITZ!
2014-01-22 18:57 - 2012-10-19 17:11 - 00000000 ___RD C:\Users\Claus\Briefe aktuell
2014-01-22 18:55 - 2014-01-22 18:55 - 01221632 _____ (Farbar) C:\Users\Claus\Desktop\FRST.exe
2014-01-22 18:55 - 2013-05-01 10:47 - 01903735 _____ C:\Windows\WindowsUpdate.log
2014-01-22 18:55 - 2009-07-14 05:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 18:55 - 2009-07-14 05:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 18:52 - 2013-05-04 06:51 - 00046548 _____ C:\Users\Claus\DesktopStCenter.txt
2014-01-22 18:50 - 2014-01-14 18:39 - 00001176 _____ C:\Windows\setupact.log
2014-01-22 18:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 18:49 - 2013-12-16 11:49 - 00000000 ____D C:\AdwCleaner
2014-01-22 18:48 - 2014-01-22 18:48 - 00001928 _____ C:\Users\Claus\Desktop\AdwCleaner[R13].txt
2014-01-22 18:46 - 2014-01-22 18:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-22 18:45 - 2014-01-22 18:45 - 01236282 _____ C:\Users\Claus\Desktop\AdwCleaner.exe
2014-01-22 18:44 - 2013-04-26 16:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 21:16 - 2013-08-27 11:36 - 00000000 ___RD C:\Users\Claus\SkyDrive
2014-01-21 21:16 - 2012-10-19 17:35 - 00000000 ____D C:\Users\Claus\AppData\Roaming\KeePass
2014-01-21 21:02 - 2012-10-19 17:08 - 00000000 ___RD C:\Users\Claus\Ferienwohnung
2014-01-21 17:29 - 2012-10-19 17:13 - 00000000 ___RD C:\Users\Claus\Elli
2014-01-21 16:31 - 2013-10-14 18:11 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-21 14:53 - 2013-01-30 17:07 - 00000000 ____D C:\Users\Claus\AppData\Roaming\TeamDrive3
2014-01-18 09:24 - 2012-10-20 13:11 - 00000000 ____D C:\Users\Claus\AppData\Roaming\Canon
2014-01-18 07:56 - 2013-10-06 13:32 - 01979022 _____ C:\Windows\PFRO.log
2014-01-17 17:35 - 2012-12-26 16:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-17 17:35 - 2012-12-26 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 17:28 - 2012-10-20 15:15 - 00000000 ___RD C:\Users\Claus\Desktop\PiPaPo
2014-01-17 16:52 - 2014-01-17 16:51 - 00000000 _____ C:\Users\Claus\query
2014-01-17 16:51 - 2008-07-10 14:01 - 00000000 ____D C:\Users\Claus
2014-01-17 16:38 - 2014-01-17 16:33 - 00000000 _____ C:\Users\Claus\sc
2014-01-17 16:36 - 2014-01-17 16:35 - 00000000 ____D C:\Users\Claus\AppData\Roaming\tor
2014-01-17 14:05 - 2013-12-21 11:15 - 00000000 ____D C:\Program Files\CyberGhost 5
2014-01-17 14:02 - 2014-01-17 14:02 - 00000000 ____D C:\Windows\Minidump
2014-01-17 14:02 - 2012-10-18 12:25 - 00163415 ____N C:\Windows\Minidump\011714-13546-01.dmp
2014-01-17 11:47 - 2012-11-23 12:36 - 00000000 ____D C:\Windows\pss
2014-01-15 18:14 - 2014-01-15 18:14 - 00005384 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 18:14 - 2013-07-03 10:34 - 00000000 ____D C:\Program Files\Java
2014-01-15 08:41 - 2009-07-14 05:33 - 00460568 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 08:38 - 2012-10-19 17:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 08:37 - 2013-08-14 15:14 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 08:33 - 2012-10-18 13:53 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 18:39 - 2014-01-14 18:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 15:06 - 2012-11-19 11:19 - 00000000 ____D C:\Program Files\AOMEI Partition Assistant Home Edition 5.1
2014-01-06 08:42 - 2012-10-19 17:12 - 00000000 ___RD C:\Users\Claus\Computer
2014-01-05 10:50 - 2012-10-20 19:13 - 00000000 ____D C:\Users\Claus\AppData\Roaming\Foxit Software
2014-01-05 09:58 - 2013-12-16 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-05 09:43 - 2013-12-16 19:13 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 10:06 - 2012-10-19 17:14 - 00000000 ___RD C:\Users\Claus\Haus
2013-12-25 15:29 - 2013-12-07 18:29 - 00000000 ____D C:\Users\Claus\AppData\Roaming\MyPhoneExplorer
2013-12-23 18:10 - 2013-12-23 18:10 - 00000000 ____D C:\Program Files\WugFresh Development
2013-12-23 18:10 - 2013-12-04 16:42 - 00000000 ____D C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-12-23 14:29 - 2013-08-14 17:39 - 71302940 _____ C:\Users\Claus\backup.ab
2013-12-23 11:13 - 2010-11-20 22:01 - 01628944 _____ C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Claus\AppData\Local\temp\2036_alwa_driver.dll
C:\Users\Claus\AppData\Local\temp\cardreader_jni3605208859392896928.dll
C:\Users\Claus\AppData\Local\temp\cardreader_jni589590259141297352.dll
C:\Users\Claus\AppData\Local\temp\cardreader_jni6204626336715906044.dll
C:\Users\Claus\AppData\Local\temp\cardreader_jni8549095560865365289.dll
C:\Users\Claus\AppData\Local\temp\cardreader_jni8728369650282095879.dll
C:\Users\Claus\AppData\Local\temp\Checkupdate.exe
C:\Users\Claus\AppData\Local\temp\FGICNHGYUO.exe
C:\Users\Claus\AppData\Local\temp\Foxit Reader Updater.exe
C:\Users\Claus\AppData\Local\temp\gcapi_dll.dll
C:\Users\Claus\AppData\Local\temp\gtapi_signed.dll
C:\Users\Claus\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Claus\AppData\Local\temp\KWHGZNP.exe
C:\Users\Claus\AppData\Local\temp\Quarantine.exe
C:\Users\Claus\AppData\Local\temp\ZTK.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 11:19
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-01-2014 01
Ran by Claus at 2014-01-22 19:00:29
Running from C:\Users\Claus\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (Version: - )
Acronis*True*Image*Home 2011 (Version: 14.0.6942 - Acronis)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Allgäu Walser Card 2013 (Version: - OberAllgäu Tourismus Service GmbH)
Android SDK Tools (Version: 1.16 - Google Inc.)
AOMEI Partition Assistant Home Edition 5.1 (Version: - Aomei Technology Co., Ltd.)
Audials (Version: 10.0.46604.300 - Audials AG)
Auerswald ETS-4308 I 2.5 (Version: 2.5 - Auerswald GmbH & Co.KG)
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
AVM FRITZ!DSL (Version: 2.04.03 - AVM Berlin)
Biet-O-Matic v2.14.8 (Version: 2.14.8 - BOM Development Team)
Canon iP4700 series Printer Driver (Version: - Canon Inc.)
CanoScan Toolbox Ver4.1 (Version: - )
CDBurnerXP (Version: 4.5.2.4214 - CDBurnerXP)
C-Media Card Reader Driver USB2.0 (Version: - )
CrystalDiskInfo 5.0.5 Shizuku Edition (Version: 5.0.5 - Crystal Dew World)
CyberGhost 5 (Version: - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (Version: 2.16 - Piriform)
Deutsche Post E-Porto (Version: 2.3.0 - Deutsche Post AG)
Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (Version: - Lars Hederer)
ESET Online Scanner v3 (Version: - )
Foxit Reader (Version: 6.1.1.1031 - Foxit Corporation)
Free Mp3 Wma Converter V 2.2 (Version: 2.2.0.0 - Koyote Soft)
Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth (Version: 7.0.2.8415 - Google)
Google Earth (Version: 7.1.2.2019 - Google)
IrfanView (remove only) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KeePass Password Safe 2.23 (Version: - Dominik Reichl)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyPhoneExplorer (Version: 1.8.5 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Display Control Panel (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation)
Opera 12.16 (Version: 12.16.1860 - Opera Software ASA)
partypoker (Version: - PartyGaming)
PC Connectivity Solution (Version: 12.0.27.0 - Nokia)
PDF24 Creator 5.4.0 (Version: - PDF24.org)
PDFMate Free PDF Merger 1.0.4 (Version: - pdfmate.com)
pdfsam (Version: 2.2.1 - )
PDF-Viewer (Version: 2.5.210.0 - Tracker Software Products Ltd)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.800.0 - SAMSUNG Electronics CO., LTD.)
Sarbyx TrayClock v1.1 (Version: 1.1 - SarbyxLabs)
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011 - Secunia)
Secure Banking Version 1.5.2 (Version: 1.5.2 - Hopfgartner Niklas)
SIW 2011 Home Edition (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.6 (Version: 6.6.106 - Skype Technologies S.A.)
SmartTools Publishing • Word Adressfenster-Assistent (Version: v3.00 - SmartTools Publishing)
SmartTools Publishing • Word AutoBackup (Version: v2.01 - SmartTools Publishing)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (Version: v6.50 - SmartTools Publishing)
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0 - SRWare)
Sweet Home 3D version 4.1 (Version: - eTeks)
TAP-Windows 9.9.2 (Version: 9.9.2 - )
TeamDrive 3 (Version: 3.1.2.538 - TeamDrive Systems GmbH)
TeamViewer 8 (Version: 8.0.19045 - TeamViewer)
TomTom HOME (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TreeSize Professional V5.5.5 (Version: 5.5.5 - JAM Software)
TrueCrypt (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPatrol (Version: 29.2.2013 - BillP Studios)
Zoner Photo Studio 13 (Version: 13.0.1.7 - ZONER software)
==================== Restore Points =========================
14-01-2014 16:47:09 Geplanter Prüfpunkt
15-01-2014 07:32:50 Windows Update
15-01-2014 17:13:32 Installed Java 7 Update 51
22-01-2014 17:34:50 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:04 - 2013-12-12 14:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1B6C04C3-9F8C-47E9-AE30-A0E3FA25D392} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4FE62EC3-3BAD-4D0B-B29E-EB0EBA66D3E0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AC18A63A-C338-4A89-AA48-2C3612F88D4E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-22] (AVAST Software)
Task: {AFC899FC-06FE-4863-BDB1-0CCC8BC561C3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BCC79ACA-79BA-4B39-B866-D5E9ABA71900} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D92191D4-28EC-4D49-BBEA-1F9161E87C08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-12-17 16:12 - 2013-12-17 16:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-14 11:21 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-10-11 15:24 - 2013-12-11 08:43 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-10-11 15:24 - 2013-12-11 08:43 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-11 15:24 - 2013-12-11 08:43 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-10-09 17:39 - 2013-12-12 16:40 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2014 02:38:11 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.7011 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dc4
Startzeit: 01cf15e4c74c30f6
Endzeit: 0
Anwendungspfad: C:\Program Files\Secunia\PSI\psi.exe
Berichts-ID: 17cee6ff-81d8-11e3-a368-001d92803be2
System errors:
=============
Error: (01/22/2014 06:52:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Diagnosediensthost" wurde nicht richtig gestartet.
Error: (01/18/2014 04:58:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FGICNHGYUO" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/18/2014 04:58:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "EXBFKWUOUD" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/18/2014 04:58:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZTK" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/18/2014 04:58:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "KWHGZNP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/18/2014 04:58:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst KWHGZNP erreicht.
Error: (01/18/2014 04:57:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "KWHGZNP" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (12/11/2013 00:27:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6520 seconds with 1020 seconds of active time. This session ended with a crash.
Error: (04/28/2013 00:44:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/28/2013 00:42:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/28/2013 00:39:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/28/2013 00:38:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/04/2013 10:47:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/21/2012 05:43:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/21/2012 05:42:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82 seconds with 60 seconds of active time. This session ended with a crash.
Error: (12/11/2012 02:25:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 486 seconds with 360 seconds of active time. This session ended with a crash.
Error: (12/11/2012 02:17:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-12-17 09:28:13.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 09:28:13.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 09:28:13.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 09:03:05.933
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 09:03:05.933
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 09:03:05.933
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 18:34:14.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 17:23:35.312
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 17:06:58.013
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 16:35:40.923
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 60%
Total physical RAM: 2047.37 MB
Available physical RAM: 818.88 MB
Total Pagefile: 6547.37 MB
Available Pagefile: 5145.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:177.57 GB) NTFS
Drive f: (INTENSO) (Fixed) (Total:931.51 GB) (Free:450.71 GB) NTFS
Drive l: (USB 7,5 GB) (Removable) (Total:7.46 GB) (Free:2.98 GB) NTFS
Drive m: (USB 1,9 GB) (Removable) (Total:1.87 GB) (Free:1.76 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 65E74B2B)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 6CB64341)
Partition 1: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 519B0ECF)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (Size: 2 GB) (Disk ID: 7E9A7B95)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.22.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Claus :: CLAUS-PC [Administrator]
22.01.2014 19:02:16
mbam-log-2014-01-22 (19-02-16).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256426
Laufzeit: 8 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
|
