| redbull08 | 19.01.2014 16:26 |
Grün unterstrichene Werbung in Firefox die xxxte. :-/
Hallo,
habe mir wohl irgendwas eingefangen.
Hier das FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 01
Ran by redbull (administrator) on REDBULL-PC on 19-01-2014 16:20:30
Running from C:\Users\redbull\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NUSB3MON] - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-03] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5EC457F316E6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\redbull\AppData\Roaming\Mozilla\Firefox\Profiles\mva3psvy.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\redbull\AppData\Roaming\Mozilla\Firefox\Profiles\mva3psvy.default\searchplugins\Search the Web.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\redbull\AppData\Roaming\Mozilla\Firefox\Profiles\mva3psvy.default\Extensions\support@websteroidsapp.com [2014-01-08]
FF Extension: Adblock Plus - C:\Users\redbull\AppData\Roaming\Mozilla\Firefox\Profiles\mva3psvy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-06]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-07] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-11-20] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-28] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2681416 2013-05-28] (Realtek Semiconductor Corporation )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-19 16:20 - 2014-01-19 16:20 - 00011367 _____ C:\Users\redbull\Downloads\FRST.txt
2014-01-19 16:20 - 2014-01-19 16:20 - 00000000 ____D C:\FRST
2014-01-19 16:19 - 2014-01-19 16:19 - 02076672 _____ (Farbar) C:\Users\redbull\Downloads\FRST64.exe
2014-01-19 16:15 - 2014-01-19 16:15 - 00022033 _____ C:\ComboFix.txt
2014-01-19 15:50 - 2014-01-19 16:16 - 00000000 ____D C:\Qoobox
2014-01-19 15:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-19 15:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-19 15:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-19 15:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-19 15:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-19 15:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-19 15:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-19 15:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-19 15:49 - 2014-01-19 16:13 - 00000000 ____D C:\Windows\erdnt
2014-01-19 15:49 - 2014-01-19 15:49 - 05167985 ____R (Swearware) C:\Users\redbull\Downloads\ComboFix.exe
2014-01-19 15:38 - 2014-01-19 15:40 - 00000000 ____D C:\AdwCleaner
2014-01-19 15:38 - 2014-01-19 15:38 - 01236282 _____ C:\Users\redbull\Downloads\adwcleaner.exe
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-19 15:37 - 2014-01-19 15:37 - 01037068 _____ (Thisisu) C:\Users\redbull\Downloads\JRT.exe
2014-01-19 15:36 - 2014-01-19 15:37 - 02347384 _____ (ESET) C:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
2014-01-19 15:31 - 2014-01-19 15:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2014-01-19 15:31 - 2013-05-28 14:41 - 02681416 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2014-01-17 13:30 - 2014-01-17 13:44 - 00000000 ____D C:\Users\redbull\Downloads\Inside.Vivian.Schmitt.German.XXX.DVDRiP.x264-TattooLovers
2014-01-16 18:37 - 2014-01-16 18:38 - 00000000 ____D C:\Users\redbull\Desktop\Programme
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\Users\redbull\AppData\Roaming\Malwarebytes
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 18:35 - 2014-01-16 18:35 - 00614784 _____ (Chip Digital GmbH) C:\Users\redbull\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\redbull\Downloads\Prince_Kay_One-Rich_Kidz-DE-2013-VOiCE
2014-01-16 18:13 - 2014-01-16 18:14 - 129598176 _____ C:\Users\redbull\Downloads\avira_free344_antivirus_de.exe
2014-01-16 17:58 - 2014-01-16 17:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\redbull\Downloads\xfc.exe
2014-01-15 18:45 - 2014-01-15 18:45 - 00000000 ____D C:\ProgramData\WEBREG
2014-01-12 18:07 - 2014-01-12 18:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-12 18:04 - 2014-01-12 18:06 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ___RD C:\MSOCache
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-12 17:45 - 2014-01-12 17:45 - 00000000 ____D C:\Users\redbull\AppData\Roaming\MOBackup
2014-01-08 20:25 - 2014-01-08 20:25 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-08 20:09 - 2014-01-08 20:25 - 00000000 ____D C:\Users\redbull\AppData\Roaming\Ashampoo
2014-01-08 20:05 - 2014-01-08 20:09 - 00000000 ____D C:\Users\redbull\AppData\Local\ashampoo
2014-01-08 20:05 - 2014-01-08 20:05 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-08 19:58 - 2014-01-08 19:58 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 19:56 - 2014-01-08 19:56 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2014-01-06 14:24 - 2014-01-15 18:45 - 00000000 ____D C:\Users\redbull\AppData\Roaming\HP
2014-01-06 14:19 - 2014-01-06 14:19 - 00000000 ____D C:\ProgramData\HP Product Assistant
2014-01-06 14:17 - 2014-01-06 14:19 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-06 14:16 - 2014-01-15 18:45 - 00186136 _____ C:\Windows\hpoins14.dat
2014-01-06 14:16 - 2014-01-15 18:45 - 00000878 _____ C:\ProgramData\hpzinstall.log
2014-01-06 14:16 - 2014-01-15 18:45 - 00000000 ____D C:\ProgramData\HP
2014-01-06 14:16 - 2009-10-08 03:00 - 00001498 ____N C:\Windows\hpomdl14.dat
2014-01-06 14:16 - 2009-07-08 11:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiax3.dll
2014-01-06 14:16 - 2009-07-08 11:51 - 00729600 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl3.dll
2014-01-06 14:16 - 2009-07-08 11:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-01-06 14:16 - 2009-07-08 11:51 - 00540672 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2014-01-06 14:16 - 2009-07-08 11:51 - 00497664 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst10.dll
2014-01-06 14:01 - 2014-01-06 14:15 - 257604504 _____ C:\Users\redbull\Downloads\DJ_AIO_NonNet_Full_Win_WW_130_140.exe
2014-01-03 19:32 - 2014-01-13 16:39 - 00000000 ____D C:\Users\redbull\Downloads\White.House.Down.2013.German.DTSHD.5.1.DUBBED
2013-12-30 21:03 - 2014-01-12 21:02 - 00000000 ____D C:\Users\redbull\Downloads\Ph0enix 1
2013-12-29 10:48 - 2013-12-29 10:48 - 00003550 _____ C:\Windows\System32\Tasks\IR5
2013-12-28 13:13 - 2013-12-28 13:14 - 00000000 ____D C:\Users\redbull\Desktop\Games
2013-12-22 19:28 - 2013-12-22 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-19 16:20 - 2014-01-19 16:20 - 00011367 _____ C:\Users\redbull\Downloads\FRST.txt
2014-01-19 16:20 - 2014-01-19 16:20 - 00000000 ____D C:\FRST
2014-01-19 16:19 - 2014-01-19 16:19 - 02076672 _____ (Farbar) C:\Users\redbull\Downloads\FRST64.exe
2014-01-19 16:16 - 2014-01-19 15:50 - 00000000 ____D C:\Qoobox
2014-01-19 16:16 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-19 16:15 - 2014-01-19 16:15 - 00022033 _____ C:\ComboFix.txt
2014-01-19 16:13 - 2014-01-19 15:49 - 00000000 ____D C:\Windows\erdnt
2014-01-19 16:13 - 2013-11-20 05:59 - 00230803 _____ C:\Windows\WindowsUpdate.log
2014-01-19 16:02 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-19 15:49 - 2014-01-19 15:49 - 05167985 ____R (Swearware) C:\Users\redbull\Downloads\ComboFix.exe
2014-01-19 15:49 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 15:49 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 15:48 - 2011-04-12 08:43 - 00702436 _____ C:\Windows\system32\perfh007.dat
2014-01-19 15:48 - 2011-04-12 08:43 - 00150044 _____ C:\Windows\system32\perfc007.dat
2014-01-19 15:48 - 2009-07-14 06:13 - 01626920 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 15:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 15:41 - 2011-09-13 20:38 - 00016389 _____ C:\Windows\setupact.log
2014-01-19 15:40 - 2014-01-19 15:38 - 00000000 ____D C:\AdwCleaner
2014-01-19 15:38 - 2014-01-19 15:38 - 01236282 _____ C:\Users\redbull\Downloads\adwcleaner.exe
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-19 15:37 - 2014-01-19 15:37 - 01037068 _____ (Thisisu) C:\Users\redbull\Downloads\JRT.exe
2014-01-19 15:37 - 2014-01-19 15:36 - 02347384 _____ (ESET) C:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
2014-01-19 15:31 - 2014-01-19 15:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2014-01-19 15:31 - 2013-11-20 17:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-19 15:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-19 15:24 - 2010-11-21 04:47 - 00163966 _____ C:\Windows\PFRO.log
2014-01-17 13:56 - 2013-12-17 17:32 - 00000000 ____D C:\Users\redbull\AppData\Roaming\uTorrent
2014-01-17 13:51 - 2013-11-21 16:00 - 00000000 ____D C:\Users\redbull\AppData\Roaming\vlc
2014-01-17 13:44 - 2014-01-17 13:30 - 00000000 ____D C:\Users\redbull\Downloads\Inside.Vivian.Schmitt.German.XXX.DVDRiP.x264-TattooLovers
2014-01-16 20:39 - 2013-11-21 20:18 - 00000000 ____D C:\Users\redbull\AppData\Local\Adobe
2014-01-16 20:33 - 2013-11-21 20:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 20:33 - 2013-11-21 20:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 18:38 - 2014-01-16 18:37 - 00000000 ____D C:\Users\redbull\Desktop\Programme
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\Users\redbull\AppData\Roaming\Malwarebytes
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:36 - 2014-01-16 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:35 - 2014-01-16 18:35 - 00614784 _____ (Chip Digital GmbH) C:\Users\redbull\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\redbull\Downloads\Prince_Kay_One-Rich_Kidz-DE-2013-VOiCE
2014-01-16 18:14 - 2014-01-16 18:13 - 129598176 _____ C:\Users\redbull\Downloads\avira_free344_antivirus_de.exe
2014-01-16 17:58 - 2014-01-16 17:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\redbull\Downloads\xfc.exe
2014-01-15 18:45 - 2014-01-15 18:45 - 00000000 ____D C:\ProgramData\WEBREG
2014-01-15 18:45 - 2014-01-06 14:24 - 00000000 ____D C:\Users\redbull\AppData\Roaming\HP
2014-01-15 18:45 - 2014-01-06 14:16 - 00186136 _____ C:\Windows\hpoins14.dat
2014-01-15 18:45 - 2014-01-06 14:16 - 00000878 _____ C:\ProgramData\hpzinstall.log
2014-01-15 18:45 - 2014-01-06 14:16 - 00000000 ____D C:\ProgramData\HP
2014-01-15 18:45 - 2009-07-14 03:34 - 00000513 _____ C:\Windows\win.ini
2014-01-13 16:39 - 2014-01-03 19:32 - 00000000 ____D C:\Users\redbull\Downloads\White.House.Down.2013.German.DTSHD.5.1.DUBBED
2014-01-13 15:51 - 2009-07-14 05:45 - 00416280 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 21:02 - 2013-12-30 21:03 - 00000000 ____D C:\Users\redbull\Downloads\Ph0enix 1
2014-01-12 18:11 - 2013-11-20 17:55 - 00109208 _____ C:\Users\redbull\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 18:09 - 2013-11-20 18:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-12 18:07 - 2014-01-12 18:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-12 18:06 - 2014-01-12 18:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-12 18:06 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-12 18:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-12 18:05 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ___RD C:\MSOCache
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-12 18:04 - 2014-01-12 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-12 18:04 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\ShellNew
2014-01-12 17:52 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-12 17:46 - 2013-11-20 18:56 - 00000000 ____D C:\Users\redbull\Documents\mobackups
2014-01-12 17:45 - 2014-01-12 17:45 - 00000000 ____D C:\Users\redbull\AppData\Roaming\MOBackup
2014-01-08 20:25 - 2014-01-08 20:25 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-08 20:25 - 2014-01-08 20:09 - 00000000 ____D C:\Users\redbull\AppData\Roaming\Ashampoo
2014-01-08 20:09 - 2014-01-08 20:05 - 00000000 ____D C:\Users\redbull\AppData\Local\ashampoo
2014-01-08 20:05 - 2014-01-08 20:05 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-08 19:58 - 2014-01-08 19:58 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 19:56 - 2014-01-08 19:56 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2014-01-08 19:56 - 2013-11-25 19:04 - 00000000 ____D C:\Users\redbull\AppData\Roaming\DVDVideoSoft
2014-01-08 19:56 - 2013-11-25 19:04 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-06 14:23 - 2013-11-20 18:29 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2014-01-06 14:19 - 2014-01-06 14:19 - 00000000 ____D C:\ProgramData\HP Product Assistant
2014-01-06 14:19 - 2014-01-06 14:17 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-06 14:15 - 2014-01-06 14:01 - 257604504 _____ C:\Users\redbull\Downloads\DJ_AIO_NonNet_Full_Win_WW_130_140.exe
2013-12-29 10:48 - 2013-12-29 10:48 - 00003550 _____ C:\Windows\System32\Tasks\IR5
2013-12-28 13:14 - 2013-12-28 13:13 - 00000000 ____D C:\Users\redbull\Desktop\Games
2013-12-22 19:28 - 2013-12-22 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 20:23 - 2013-11-20 18:36 - 00000000 ____D C:\Users\redbull\AppData\Local\Mozilla
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-31 07:49
==================== End Of Log ============================
Und hier das Addition Log: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 01
Ran by redbull at 2014-01-19 16:20:47
Running from C:\Users\redbull\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (x32 Version: 2.2.1 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31107 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1107.1129.20543 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1107.1129.20543 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81107.1147 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AMD USB 3.0 Device Detector (Version: 2.1.29.0 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 8.03 (x32 Version: 8.0.3 - ashampoo GmbH & Co. KG)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1107.1129.20543 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1107.1129.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1107.1128.20543 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1107.1129.20543 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
DAEMON Tools Lite (x32 Version: 4.40.2.0131 - DT Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
FlashFXP v4.2 (x32 Version: 4.2.4.1785 - OpenSight Software, LLC)
Free Video to iPhone Converter version 5.0.30.1029 (x32 Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (x32 Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (x32 Version: 6.0.13.1 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Software Framework (x32 Version: 4.6.13.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
K-Lite Codec Pack 10.1.5 Full (x32 Version: 10.1.5 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (x32 Version: 6.40 - Heiko Schröder)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Realtek Card Reader (x32 Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (x32 Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 16.5.3.3 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (x32 Version: 5.666 - Nullsoft, Inc)
WinRAR 5.00 (64-Bit) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft (x32 Version: - Blizzard Entertainment)
==================== Restore Points =========================
19-01-2014 14:12:58 Installiert REALTEK PCIE Wireless LAN Driver
19-01-2014 14:22:01 Removed Cisco EAP-FAST Module
19-01-2014 14:22:18 Removed Cisco LEAP Module
19-01-2014 14:22:34 Removed Cisco PEAP Module
19-01-2014 14:26:30 Installiert Realtek Ethernet Controller Driver
19-01-2014 14:30:45 Installiert REALTEK PCIE Wireless LAN Driver
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-01-19 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2AC5E188-6C5D-4C53-A2ED-177D931D15A1} - System32\Tasks\IR5 => cmd.exe /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm && net stop sppsvc && net start sppsvc
==================== Loaded Modules (whitelisted) =============
2013-11-07 11:32 - 2013-11-07 11:32 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-22 19:28 - 2013-12-22 19:28 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-16 20:33 - 2014-01-16 20:33 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2014 03:43:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:43:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:43:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:43:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:42:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2014 03:38:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:37:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/19/2014 03:28:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x71be1488
ID des fehlerhaften Prozesses: 0x1038
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (01/19/2014 03:24:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2014 03:07:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/19/2014 04:02:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/19/2014 03:57:46 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/19/2014 03:54:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/19/2014 03:49:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/19/2014 03:49:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/19/2014 03:25:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/19/2014 03:25:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/19/2014 03:25:28 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/19/2014 03:25:27 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/19/2014 02:57:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.01.2014 um 14:56:49 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/19/2014 03:43:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:43:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:43:34 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:43:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:42:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2014 03:38:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:37:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\redbull\Downloads\esetsmartinstaller_enu.exe
Error: (01/19/2014 03:28:09 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c000000571be1488103801cf1522ac95dedeC:\Windows\SysWOW64\explorer.exeunknowneb0cbeb6-8115-11e3-8567-a0481c1d157c
Error: (01/19/2014 03:24:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2014 03:07:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-01-19 15:57:46.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-19 15:57:46.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 7393.36 MB
Available physical RAM: 5300.37 MB
Total Pagefile: 14784.92 MB
Available Pagefile: 12502.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.17 GB) (Free:335.63 GB) NTFS
Drive d: () (Fixed) (Total:7.78 GB) (Free:7.58 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 710FD2B4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)
Partition 2: (Active) - (Size=8 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Combofix hab ich wie in nem anderen Thread auch mal durchlaufen lassen: Code:
ComboFix 14-01-16.03 - redbull 19.01.2014 15:52:02.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7393.5271 [GMT 1:00]
ausgeführt von:: c:\users\redbull\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-19 bis 2014-01-19 ))))))))))))))))))))))))))))))
.
.
2014-01-19 15:01 . 2014-01-19 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-19 14:38 . 2014-01-19 14:38 -------- d-----w- c:\windows\ERUNT
2014-01-19 14:38 . 2014-01-19 14:40 -------- d-----w- C:\AdwCleaner
2014-01-19 14:38 . 2014-01-19 14:38 -------- d-----w- c:\program files (x86)\ESET
2014-01-19 14:31 . 2014-01-19 14:31 -------- d-----w- c:\program files (x86)\Cisco
2014-01-19 14:31 . 2013-05-28 13:41 2681416 ----a-w- c:\windows\system32\drivers\rtwlane.sys
2014-01-16 17:36 . 2014-01-16 17:36 -------- d-----w- c:\users\redbull\AppData\Roaming\Malwarebytes
2014-01-16 17:36 . 2014-01-16 17:36 -------- d-----w- c:\programdata\Malwarebytes
2014-01-16 17:36 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 17:36 . 2014-01-16 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-15 17:45 . 2014-01-15 17:45 -------- d-----w- c:\programdata\WEBREG
2014-01-12 17:07 . 2014-01-12 17:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-01-12 17:06 . 2014-01-12 17:06 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-01-12 17:06 . 2014-01-12 17:06 -------- d-----w- c:\windows\PCHEALTH
2014-01-12 17:06 . 2014-01-12 17:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-01-12 17:04 . 2014-01-12 17:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-01-12 17:04 . 2014-01-12 17:04 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-01-12 17:04 . 2014-01-12 17:06 -------- d-----w- c:\program files\Microsoft Office
2014-01-12 17:04 . 2014-01-12 17:04 -------- d-----r- C:\MSOCache
2014-01-12 16:45 . 2014-01-12 16:45 -------- d-----w- c:\users\redbull\AppData\Roaming\MOBackup
2014-01-09 19:31 . 2014-01-09 19:31 -------- d-----w- c:\users\redbull\AppData\Local\Diagnostics
2014-01-08 19:25 . 2014-01-08 19:25 -------- d-----w- c:\program files (x86)\Ashampoo
2014-01-08 19:09 . 2014-01-08 19:25 -------- d-----w- c:\users\redbull\AppData\Roaming\Ashampoo
2014-01-08 19:05 . 2014-01-08 19:09 -------- d-----w- c:\users\redbull\AppData\Local\ashampoo
2014-01-08 19:05 . 2014-01-08 19:05 -------- d-----w- c:\programdata\Ashampoo
2014-01-08 18:58 . 2014-01-08 18:58 -------- d-----w- c:\windows\system32\appmgmt
2014-01-08 18:56 . 2014-01-08 18:56 -------- d-----w- c:\program files (x86)\DAMN NFO Viewer
2014-01-06 13:24 . 2014-01-15 17:45 -------- d-----w- c:\users\redbull\AppData\Roaming\HP
2014-01-06 13:23 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-01-06 13:19 . 2014-01-06 13:19 -------- d-----w- c:\programdata\HP Product Assistant
2014-01-06 13:17 . 2014-01-06 13:17 -------- d-----w- c:\program files (x86)\Common Files\HP
2014-01-06 13:17 . 2014-01-06 13:17 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2014-01-06 13:17 . 2014-01-06 13:19 -------- d-----w- c:\program files (x86)\HP
2014-01-06 13:16 . 2014-01-15 17:45 -------- d-----w- c:\programdata\HP
2014-01-06 13:16 . 2009-07-08 10:51 861184 ----a-w- c:\windows\system32\hpowiax3.dll
2014-01-06 13:16 . 2009-07-08 10:51 729600 ----a-w- c:\windows\system32\hpotscl3.dll
2014-01-06 13:16 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2014-01-06 13:16 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll
2014-01-06 13:16 . 2009-07-08 10:51 497664 ----a-w- c:\windows\system32\hpovst10.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 19:33 . 2013-11-21 19:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-16 19:33 . 2013-11-21 19:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 17:38 . 2013-11-20 17:38 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-11-07 17:39 . 2013-11-07 17:39 157736 ----a-w- c:\windows\system32\amdhcp64.dll
2013-11-07 17:39 . 2013-11-07 17:39 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-11-07 17:39 . 2013-11-07 17:39 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-11-07 17:39 . 2013-11-07 17:39 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-11-07 17:39 . 2013-11-07 17:39 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-11-07 17:39 . 2013-11-07 17:39 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-11-07 17:39 . 2013-11-07 17:39 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-11-07 17:39 . 2013-11-07 17:39 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-11-07 17:39 . 2013-11-07 17:39 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-11-07 17:39 . 2013-11-07 17:39 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-11-07 17:39 . 2013-11-07 17:39 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-11-07 17:39 . 2013-11-07 17:39 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-11-07 17:39 . 2013-11-07 17:39 9764088 ----a-w- c:\windows\system32\atidxx64.dll
2013-11-07 17:39 . 2013-11-07 17:39 8412680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-11-07 17:39 . 2013-11-07 17:39 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-11-07 17:39 . 2013-11-07 17:39 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-11-07 17:39 . 2013-11-07 17:39 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-11-07 17:39 . 2013-11-07 17:39 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-11-07 17:24 . 2013-11-07 17:24 13200896 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-11-07 17:11 . 2013-11-07 17:11 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-11-07 17:10 . 2013-11-07 17:10 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-11-07 17:10 . 2013-11-07 17:10 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-11-07 17:10 . 2013-11-07 17:10 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-11-07 17:10 . 2013-11-07 17:10 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-11-07 17:10 . 2013-11-07 17:10 100352 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-11-07 17:10 . 2013-11-07 17:10 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-11-07 17:10 . 2013-11-07 17:10 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-11-07 17:10 . 2013-11-07 17:10 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-11-07 17:10 . 2013-11-07 17:10 29363712 ----a-w- c:\windows\system32\amdocl64.dll
2013-11-07 17:07 . 2013-11-07 17:07 24846848 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-11-07 17:05 . 2013-11-07 17:05 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-07 17:05 . 2013-11-07 17:05 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-07 17:02 . 2013-11-07 17:02 129536 ----a-w- c:\windows\system32\coinst_13.25.18.dll
2013-11-07 16:44 . 2013-11-07 16:44 26350592 ----a-w- c:\windows\system32\atio6axx.dll
2013-11-07 16:40 . 2013-11-07 16:40 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-11-07 16:40 . 2013-11-07 16:40 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-11-07 16:40 . 2013-11-07 16:40 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-11-07 16:40 . 2013-11-07 16:40 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-11-07 16:40 . 2013-11-07 16:40 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-11-07 16:40 . 2013-11-07 16:40 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-11-07 16:37 . 2013-11-07 16:37 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-11-07 16:26 . 2013-11-07 16:26 22156288 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-11-07 16:21 . 2013-11-07 16:21 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-11-07 16:21 . 2013-11-07 16:21 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-11-07 16:20 . 2013-11-07 16:20 585216 ----a-w- c:\windows\system32\atieclxx.exe
2013-11-07 16:20 . 2013-11-07 16:20 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-11-07 16:18 . 2013-11-07 16:18 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-11-07 15:50 . 2013-11-07 15:50 1145344 ----a-w- c:\windows\system32\atiadlxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-11-07 15:50 . 2013-11-07 15:50 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-11-07 15:50 . 2013-11-07 15:50 825856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-11-07 15:50 . 2013-11-07 15:50 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-11-07 15:50 . 2013-11-07 15:50 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-11-07 15:50 . 2013-11-07 15:50 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-11-07 15:50 . 2013-11-07 15:50 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-11-07 15:50 . 2013-11-07 15:50 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-11-07 15:49 . 2013-11-07 15:49 624128 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-11-07 15:46 . 2013-11-07 15:46 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-11-07 11:21 . 2013-11-07 11:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-11-07 11:16 . 2013-11-07 11:16 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-11-05 18:47 . 2013-11-20 17:15 3707864 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-11-05 17:54 . 2013-11-20 17:15 38385664 ----a-w- c:\windows\system32\RCoRes64.dat
2013-11-04 18:26 . 2013-11-20 17:15 153304 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-11-04 10:11 . 2013-11-20 17:15 2587864 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-10-28 16:29 . 2013-11-20 17:15 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-11-07 766208]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-07-03 77088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-04 7204568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\redbull\AppData\Roaming\Mozilla\Firefox\Profiles\mva3psvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-19 16:15:40
ComboFix-quarantined-files.txt 2014-01-19 15:15
.
Vor Suchlauf: 10 Verzeichnis(se), 359.115.132.928 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 360.375.590.912 Bytes frei
.
- - End Of File - - E0DC5D549D5922E5B100EE6D8650A8CD
A36C5E4F47E84449FF07ED3517B43A31
Vielen dank für Eure Hilfe!
Gruß
redbull08 |
Aktualität von System und Software