| xXFenrizXx | 13.02.2014 02:28 |
Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
Hallo liebe Helferlein ;)
Habe in letzter Zeit immer ungewöhnliche Probleme am PC. Auch lange Bootzeiten und außerdem
14 infizierte Objekte bei Malwarebytes.
Hoffe ihr könnt das mal checken und mir eventuell helfen :)
LG Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:41 on 13/02/2014 (David)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by David (administrator) on FENRIZ on 13-02-2014 01:42:59
Running from C:\Users\David\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ROCCAT GmbH) D:\Zips & Co\Roccat\KoneXTDMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() D:\Programme\RocketDock\RocketDock.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Malwarebytes Corporation) D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RoccatKoneXTD] - D:\Zips & Co\Roccat\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-20] (Microsoft Corporation)
HKU\S-1-5-21-605104910-1060420390-459433553-1000\...\Run: [RocketDock] - D:\Programme\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-605104910-1060420390-459433553-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-605104910-1060420390-459433553-1000\...\Run: [Akamai NetSession Interface] - C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-605104910-1060420390-459433553-1000\...\MountPoints2: {edecbed9-93b4-11e2-951a-0024546f488e} - F:\Startme.exe
AppInit_DLLs: c:\progra~2\browse~1\261562~1.220\{c16c1~1\browse~1.dll => C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll [2699216 2013-08-13] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5DB6A67E2E1BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP034B4B59-AF60-4C04-9692-6569935AF51F&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP034B4B59-AF60-4C04-9692-6569935AF51F&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A4D5001DE0490CD7&affID=121564&tsp=4978
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\JAVA\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\JAVA\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-07]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-13]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (Type Scout) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-02-13]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-13]
CHR Extension: (TabJump - Intelligenter Tab-Navigator) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf [2014-02-13]
CHR Extension: (Google Mail-Checker) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-13]
CHR Extension: (WGT Golf Game) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2014-02-13]
CHR Extension: (DVDVideoSoft) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-18]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-18]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-06-30] ()
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [137336 2013-02-17] (Futuremark Corporation)
R2 MBAMScheduler; D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\Antivirus\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-07] (Avira GmbH)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 01:43 - 2014-02-13 01:43 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2014-02-13 01:42 - 2014-02-13 01:43 - 00011404 _____ () C:\Users\David\Downloads\FRST.txt
2014-02-13 01:42 - 2014-02-13 01:42 - 01141248 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-02-13 01:42 - 2014-02-13 01:42 - 00000000 ____D () C:\FRST
2014-02-13 01:41 - 2014-02-13 01:41 - 00000472 _____ () C:\Users\David\Downloads\defogger_disable.log
2014-02-13 01:41 - 2014-02-13 01:41 - 00000000 _____ () C:\Users\David\defogger_reenable
2014-02-13 01:39 - 2014-02-13 01:39 - 00000854 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 01:39 - 2014-02-13 01:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-02-13 01:39 - 2014-02-13 01:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 01:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-13 01:24 - 2014-02-13 01:24 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-02-13 00:55 - 2014-02-13 00:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 00:43 - 2014-02-13 01:34 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 00:43 - 2014-02-13 00:48 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 17:55 - 2014-02-11 17:55 - 00887256 _____ () C:\Users\David\Downloads\Adobe Dreamweaver CC (Crack ONLY).zip
2014-02-11 17:49 - 2014-02-11 17:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDAppFlex
2014-02-11 02:47 - 2014-02-11 02:47 - 00001040 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-11 02:39 - 2014-02-11 02:39 - 02844536 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\CreativeCloudSet-Up.exe
2014-02-10 22:31 - 2014-02-10 22:31 - 00127080 _____ (Spotify Ltd) C:\Users\David\Downloads\spotify.exe
2014-02-08 14:54 - 2014-02-08 14:54 - 07245760 _____ () C:\Users\David\Downloads\9_Fire_brushes_by_Resource42.zip
2014-02-07 20:29 - 2014-02-07 20:29 - 00199541 _____ () C:\Users\David\Downloads\transformers_movie.zip
2014-02-07 20:28 - 2014-02-07 20:28 - 00454475 _____ () C:\Users\David\Downloads\gang_wolfik.zip
2014-02-07 20:26 - 2014-02-07 20:26 - 00273721 _____ () C:\Users\David\Downloads\abandon2.zip
2014-02-07 20:24 - 2014-02-07 20:24 - 00255870 _____ () C:\Users\David\Downloads\midnite_hour.zip
2014-02-07 15:15 - 2014-02-07 15:15 - 00044500 _____ () C:\Users\David\Downloads\techno_hideo.zip
2014-02-07 14:00 - 2014-02-07 14:19 - 658315863 _____ () C:\Users\David\Downloads\Texturen.zip
2014-02-06 20:21 - 2014-02-06 20:21 - 00001456 _____ () C:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-02-05 16:43 - 2014-02-05 16:43 - 00000000 ____D () C:\Users\David\AppData\Local\SearchProtect
2014-02-02 04:02 - 2014-02-02 04:02 - 00000000 ____D () C:\ProgramData\ROCCAT
2014-02-02 03:20 - 2014-02-02 03:20 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-02 03:17 - 2014-02-02 03:18 - 25305708 _____ () C:\Users\David\Downloads\ROCCAT_KoneXTD_DRV1.17_FW1.17.zip
2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-01-19 16:40 - 2014-01-19 16:40 - 00000000 _____ () C:\END
2014-01-19 16:36 - 2014-01-19 16:38 - 90641880 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeStudio.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\ProgramData\Sun
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-18 13:53 - 2014-01-18 13:53 - 00921000 _____ (Oracle Corporation) C:\Users\David\Downloads\chromeinstall-7u51.exe
2014-01-18 12:33 - 2014-02-13 01:27 - 00000000 ____D () C:\Users\David\Documents\Facharbeit
==================== One Month Modified Files and Folders =======
2014-02-13 01:43 - 2014-02-13 01:43 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2014-02-13 01:43 - 2014-02-13 01:42 - 00011404 _____ () C:\Users\David\Downloads\FRST.txt
2014-02-13 01:42 - 2014-02-13 01:42 - 01141248 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-02-13 01:42 - 2014-02-13 01:42 - 00000000 ____D () C:\FRST
2014-02-13 01:41 - 2014-02-13 01:41 - 00000472 _____ () C:\Users\David\Downloads\defogger_disable.log
2014-02-13 01:41 - 2014-02-13 01:41 - 00000000 _____ () C:\Users\David\defogger_reenable
2014-02-13 01:41 - 2013-03-07 13:14 - 00000000 ____D () C:\Users\David
2014-02-13 01:39 - 2014-02-13 01:39 - 00000854 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 01:39 - 2014-02-13 01:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-02-13 01:39 - 2014-02-13 01:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 01:38 - 2013-03-07 08:02 - 01513354 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 01:34 - 2014-02-13 00:43 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 01:34 - 2013-11-22 15:35 - 00210674 _____ () C:\Windows\PFRO.log
2014-02-13 01:34 - 2013-10-25 14:24 - 00005772 _____ () C:\Windows\setupact.log
2014-02-13 01:34 - 2013-04-22 12:13 - 00000264 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-13 01:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 01:27 - 2014-01-18 12:33 - 00000000 ____D () C:\Users\David\Documents\Facharbeit
2014-02-13 01:24 - 2014-02-13 01:24 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-02-13 01:20 - 2013-03-24 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 00:56 - 2014-02-13 00:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-13 00:48 - 2014-02-13 00:43 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 00:44 - 2013-03-07 13:24 - 00000000 ____D () C:\Program Files\Google
2014-02-13 00:43 - 2013-03-07 13:23 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2014-02-12 23:18 - 2013-03-07 18:21 - 00000000 ____D () C:\Users\David\AppData\Roaming\TS3Client
2014-02-12 04:50 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 04:50 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 04:41 - 2013-04-05 21:50 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-02-12 04:40 - 2009-07-14 05:33 - 03837480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 19:47 - 2013-05-30 23:08 - 00444416 ___SH () C:\Users\David\Thumbs.db
2014-02-11 17:55 - 2014-02-11 17:55 - 00887256 _____ () C:\Users\David\Downloads\Adobe Dreamweaver CC (Crack ONLY).zip
2014-02-11 17:50 - 2013-04-05 21:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-11 17:49 - 2014-02-11 17:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDAppFlex
2014-02-11 17:48 - 2013-03-08 15:52 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-02-11 17:46 - 2013-03-07 13:23 - 00115688 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 17:40 - 2013-04-05 21:33 - 00000000 ____D () C:\Program Files\Adobe
2014-02-11 13:01 - 2013-03-08 05:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-11 02:47 - 2014-02-11 02:47 - 00001040 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-11 02:39 - 2014-02-11 02:39 - 02844536 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\CreativeCloudSet-Up.exe
2014-02-10 22:31 - 2014-02-10 22:31 - 00127080 _____ (Spotify Ltd) C:\Users\David\Downloads\spotify.exe
2014-02-08 14:54 - 2014-02-08 14:54 - 07245760 _____ () C:\Users\David\Downloads\9_Fire_brushes_by_Resource42.zip
2014-02-07 20:29 - 2014-02-07 20:29 - 00199541 _____ () C:\Users\David\Downloads\transformers_movie.zip
2014-02-07 20:28 - 2014-02-07 20:28 - 00454475 _____ () C:\Users\David\Downloads\gang_wolfik.zip
2014-02-07 20:26 - 2014-02-07 20:26 - 00273721 _____ () C:\Users\David\Downloads\abandon2.zip
2014-02-07 20:24 - 2014-02-07 20:24 - 00255870 _____ () C:\Users\David\Downloads\midnite_hour.zip
2014-02-07 15:15 - 2014-02-07 15:15 - 00044500 _____ () C:\Users\David\Downloads\techno_hideo.zip
2014-02-07 14:19 - 2014-02-07 14:00 - 658315863 _____ () C:\Users\David\Downloads\Texturen.zip
2014-02-06 23:29 - 2013-03-07 14:06 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-02-06 20:21 - 2014-02-06 20:21 - 00001456 _____ () C:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-02-06 18:20 - 2013-03-08 05:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-06 18:20 - 2013-03-08 05:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 16:43 - 2014-02-05 16:43 - 00000000 ____D () C:\Users\David\AppData\Local\SearchProtect
2014-02-02 04:02 - 2014-02-02 04:02 - 00000000 ____D () C:\ProgramData\ROCCAT
2014-02-02 04:02 - 2013-03-07 13:15 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-02-02 03:20 - 2014-02-02 03:20 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-02 03:20 - 2013-03-07 15:43 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-02 03:18 - 2014-02-02 03:17 - 25305708 _____ () C:\Users\David\Downloads\ROCCAT_KoneXTD_DRV1.17_FW1.17.zip
2014-01-31 00:21 - 2013-03-07 13:17 - 01641292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-01-19 16:50 - 2013-05-20 18:06 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-01-19 16:49 - 2013-08-18 19:04 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-01-19 16:49 - 2013-06-18 19:28 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-01-19 16:40 - 2014-01-19 16:40 - 00000000 _____ () C:\END
2014-01-19 16:38 - 2014-01-19 16:36 - 90641880 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeStudio.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\ProgramData\Sun
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 13:56 - 2014-01-18 13:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-18 13:53 - 2014-01-18 13:53 - 00921000 _____ (Oracle Corporation) C:\Users\David\Downloads\chromeinstall-7u51.exe
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\David\AppData\Local\Temp\nsgB1B6.exe
C:\Users\David\AppData\Local\Temp\nst6720.exe
C:\Users\David\AppData\Local\Temp\nsz6127.exe
C:\Users\David\AppData\Local\Temp\nszCB7F.exe
C:\Users\David\AppData\Local\Temp\nszD4A4.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
C:\Users\David\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 19:06
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- --- Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by David at 2014-02-13 01:43:54
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
@icon sushi 1.21 (Version: - towofu's SOFT)
„Der Herr der Ringe Online™“ v03.08.00.8025 (Version: 03.08.00.8025 - Turbine, Inc.)
3DMark Vantage (Version: 1.1.2 - Futuremark Corporation)
Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CC (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Arma 2 (Version: - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (Version: - )
Arma 2: Operation Arrowhead (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Version: - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
BattlEye for OA Uninstall (Version: - )
CCleaner (Version: 3.28 - Piriform)
Counter-Strike: Source (Version: - Valve)
DayZ Commander (Version: 0.92.69 - Dotjosh Studios)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (Version: - Microsoft)
Easy Display Manager (Version: 3.0 - Samsung Electronics Co., Ltd.)
Free Studio version 2014 (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.11.812 (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (Version: 4.17.0 - Futuremark Corporation)
GameRanger (HKCU Version: - GameRanger Technologies)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ICQ 8.0 (build 6007, für aktuellen Benutzer) (HKCU Version: 8.0.6007.0 - Mail.Ru)
IrfanView (remove only) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KMSpico 3.1 (Version: 3.1 - )
League of Legends (Version: 1.3 - Riot Games)
Left 4 Dead (Version: - Valve)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Go (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.103.02020 (Version: 1.116.103.02020 - Sony)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayStation(R)Store (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
RaidCall (Version: 7.3.0-1.0.10926.49 - raidcall.com)
ROCCAT Kone XTD Mouse Driver (Version: - Roccat GmbH)
RocketDock 1.3.5 (Version: - Punk Software)
Skype™ 6.6 (Version: 6.6.106 - Skype Technologies S.A.)
Sony Ericsson Update Engine (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.165 (Version: 2.10.165 - Sony)
Speccy (Version: 1.21 - Piriform)
Steam (Version: 1.0.0.0 - Valve Corporation)
TIPP10 Version 2.1.0 (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TrackMania² Stadium Open Beta (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2752078) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2825630) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760257) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817309) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817640) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837643) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837649) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2837642) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2817625) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2752097) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2817631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837630) 32-Bit Edition (Version: - Microsoft)
USB Multi-Channel Audio Device (Version: - )
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-03-08 16:00 - 2013-03-08 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A36503E-74E4-4361-AACA-99DA03B951F2} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {155C10A4-810A-40E0-A5CD-BC17D8B539F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {1693DD93-EBC2-474A-AA1D-4203F92BAD57} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {1D1E6D1D-11EB-4F9C-A064-B12703CA368C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {37F7B718-9A1D-4F28-B2D5-5AF1098A57CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {39E2C80F-9E3D-472A-9293-882EB8DAAC3B} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
Task: {8CB34B92-27CE-4F12-ADCE-1C0D849A600F} - System32\Tasks\KMS Activation => D:\Zips & Co\KMSpico\KMSpico\RandomFile.exe
Task: {AC188A5C-6DB9-42D1-B915-2A6CB4B19A4E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {B208A94C-A61B-4730-932E-A5EB47C3515F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {BC5234B8-5408-4FB9-9E59-E9CD89799EED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E468E819-5B02-4278-878F-42C608B46365} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-07 13:43 - 2007-09-02 13:57 - 00069632 _____ () D:\Programme\RocketDock\RocketDock.dll
2013-05-04 13:13 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-01-31 16:45 - 2014-01-31 16:45 - 00597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2014-02-02 03:20 - 2012-06-17 11:20 - 00061440 _____ () D:\Zips & Co\Roccat\hiddriver.dll
2014-02-02 14:26 - 2014-02-02 14:26 - 32733080 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-07 13:43 - 2007-09-02 13:58 - 00495616 _____ () D:\Programme\RocketDock\RocketDock.exe
2014-02-13 00:44 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-13 00:44 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-13 00:44 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-13 00:44 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-13 00:44 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 3050 J610 series (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 3050 J610 series (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cm106Sound => RunDll32 cm106.cpl,CMICtrlWnd
MSCONFIG\startupreg: HP Deskjet 3050 J610 series (NET) => "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN0BC3C49G05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
MSCONFIG\startupreg: icq => C:\Users\David\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "D:\Programme\iTtunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Steam => "D:\Programme\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2014 01:25:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16428, Zeitstempel: 0x525b664c
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1407, Zeitstempel: 0x5116d7bd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001aa7ee
ID des fehlerhaften Prozesses: 0xfcc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (02/12/2014 07:17:06 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LoLLauncher.exe, Version: 2.4.0.263, Zeitstempel: 0x52f0841c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x8e0
Startzeit der fehlerhaften Anwendung: 0xLoLLauncher.exe0
Pfad der fehlerhaften Anwendung: LoLLauncher.exe1
Pfad des fehlerhaften Moduls: LoLLauncher.exe2
Berichtskennung: LoLLauncher.exe3
Error: (02/12/2014 04:51:06 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/11/2014 03:04:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/11/2014 02:48:42 AM) (Source: Microsoft-Windows-RestartManager) (User: Fenriz)
Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.
Error: (02/11/2014 01:09:55 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/10/2014 02:51:27 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/09/2014 05:19:05 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/09/2014 01:10:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/08/2014 03:46:37 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
System errors:
=============
Error: (02/13/2014 01:36:25 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/13/2014 01:35:45 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/13/2014 01:34:28 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/13/2014 01:34:20 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/13/2014 01:34:17 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 13.02.2014 um 01:32:27 unerwartet heruntergefahren.
Error: (02/12/2014 03:21:16 PM) (Source: DCOM) (User: )
Description: "D:\Programme\iTtunes\iTunes.exe" -Embedding2{DC0C2640-1415-4644-875C-6F4D769839BA}
Error: (02/12/2014 01:06:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/12/2014 01:05:44 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/12/2014 01:05:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (02/12/2014 01:05:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Microsoft Office Sessions:
=========================
Error: (02/13/2014 01:25:56 AM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cnvwgf2um.dll9.18.13.14075116d7bdc0000005001aa7eefcc01cf2852206a2a37C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvwgf2um.dll674a670e-9445-11e3-940b-0024546f488e
Error: (02/12/2014 07:17:06 AM) (Source: Application Error)(User: )
Description: LoLLauncher.exe2.4.0.26352f0841cntdll.dll6.1.7601.18247521ea91cc00000050003224d8e001cf27acbe46861cD:\Games\LoL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exeC:\Windows\SYSTEM32\ntdll.dll4ba5bbc7-93ad-11e3-940b-0024546f488e
Error: (02/12/2014 04:51:06 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/11/2014 03:04:42 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
Error: (02/11/2014 02:48:42 AM) (Source: Microsoft-Windows-RestartManager)(User: Fenriz)
Description: 1C:\Windows\explorer.exeWindows-Explorer0411721400
Error: (02/11/2014 01:09:55 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/10/2014 02:51:27 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/09/2014 05:19:05 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (02/09/2014 01:10:57 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
Error: (02/08/2014 03:46:37 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3070.43 MB
Available physical RAM: 1645.44 MB
Total Pagefile: 6137.09 MB
Available Pagefile: 4321.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:43.95 GB) (Free:11.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:244.05 GB) (Free:142.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 826A338E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=44 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-13 02:14:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\David\AppData\Local\Temp\pwldypob.sys
---- System - GMER 2.1 ----
SSDT 8E950BAE ZwCreateSection
SSDT 8E950BB8 ZwRequestWaitReplyPort
SSDT 8E950BB3 ZwSetContextThread
SSDT 8E950BBD ZwSetSecurityObject
SSDT 8E950BC2 ZwSystemDebugControl
SSDT 8E950B4F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C369A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C56512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C5DAB4 4 Bytes [AE, 0B, 95, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C5DE10 4 Bytes [B8, 0B, 95, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C5DE54 4 Bytes [B3, 0B, 95, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C5DED0 4 Bytes [BD, 0B, 95, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C5DF24 4 Bytes [C2, 0B, 95, 8E]
.text ...
---- Threads - GMER 2.1 ----
Thread System [4:5340] 9325EF2E
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{84054454-86F4-11E2-8222-806E6F6E6963} 1705902600
---- EOF - GMER 2.1 ----
Malwarebytes arbeitet im Moment noch
Hat aber 14 infizierte Dateien gefunden. Ich stelle den LOG gleich noch online Edit: Mittlerweile sind es schon 26 infizierte Objekte
Edit 2: Avira hat auch noch was entdeckt Code:
Exportierte Ereignisse:
13.02.2014 02:59 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RZFDA00\KMSpico\R
andomFile.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b1f8926.qua'
verschoben!
13.02.2014 02:59 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RELCO0J\KMSpico\R
andomFile.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4388a681.qua'
verschoben!
13.02.2014 02:58 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RELCO0J\RandomFil
e.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
13.02.2014 02:54 [Echtzeit-Scanner] Malware gefunden
In der Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RZFDA00\KMSpico\R
andomFile.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.02.2014 02:54 [Echtzeit-Scanner] Malware gefunden
In der Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RELCO0J\KMSpico\R
andomFile.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.02.2014 02:54 [Echtzeit-Scanner] Malware gefunden
In der Datei
'D:\$RECYCLE.BIN\S-1-5-21-605104910-1060420390-459433553-1000\$RELCO0J\RandomFil
e.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Edit 3: So hier nun auch die Logdatei von MWB
Sieht ja nicht so rosig aus :( Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.12.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
David :: FENRIZ [Administrator]
Schutz: Aktiviert
13.02.2014 01:41:41
MBAM-log-2014-02-13 (03-24-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423629
Laufzeit: 1 Stunde(n), 42 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bösartig: (c:\progra~2\browse~1\261562~1.220\{c16c1~1\browse~1.dll) Gut: () -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 3
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 28
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUAEGD1M\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUAEGD1M\spstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7Q5ZLDQ\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\nsgB1B6.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\nst6720.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\nsz6127.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\nszCB7F.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\nszD4A4.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\is-472FU.tmp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsc9ACC.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nscFFA7.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsh912C.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nshF654.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsm9762.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsr981E.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nssA21D.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsx50A3.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsx53FD.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsx91D7.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsxAE2D.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\nsxFBE0.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
D:\Programme\Adobe PS CS6\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
(Ende)
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
