Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BSI Scan positiv (https://www.trojaner-board.de/148524-bsi-scan-positiv.html)

Bierchen 23.01.2014 21:23
BSI Scan positiv
 
Hallo,

auch bei mir mit WIN 8.1 hat der BSI Test positiv zurückgemeldet.

- MBM hat mir gestern 2 infizierte Objekte angezeigt, die ich mit MBM einfach entfernt habe (leider kein LOG)
- FRST64 hat mir leider heute kein Addition.txt ausgeworfen, oder ich finde ihn nicht, oder etwas falsch gemacht ?


Kann jemand helfen? Danke im voraus.


FRST64.txt Log

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 01
Ran by ****** (administrator) on MHSUR on 23-01-2014 20:26:49
Running from C:\Users\******\Downloads\BSI
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKCU\...\Run: [NextLive] - C:\Users\******\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKU\ticket2870\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\ticket2870\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x574D92ED49EDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP118A605E-C547-430B-A879-9C1BD33EC4F7&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP118A605E-C547-430B-A879-9C1BD33EC4F7&q={searchTerms}&SSPV=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-25] (Bdrive Inc.)
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
U2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
U2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
U2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
U2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [378368 2013-01-16] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
U3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-13] (Intel Corporation)
U3 msu64w8; C:\Windows\system32\DRIVERS\msu64w8.sys [96472 2013-09-05] (Microsoft)
U3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1595392 2013-11-14] (Marvell Semiconductors, Inc.)
U3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
U3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [46744 2013-08-13] (Microsoft Corporation)
U3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [29752 2013-08-07] (Microsoft Corporation)
U3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [37992 2013-08-08] (Microsoft Corporation)
U3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [37944 2013-08-07] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 21:01 - 2014-01-23 21:08 - 00000000 _____ C:\Recovery.txt
2014-01-23 20:26 - 2014-01-23 20:26 - 02077696 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-01-23 00:11 - 2014-01-23 20:26 - 00000000 ____D C:\Users\******\Downloads\BSI
2014-01-22 23:32 - 2014-01-23 20:19 - 00000000 ____D C:\FRST
2014-01-22 22:56 - 2014-01-22 22:56 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 22:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-19 22:25 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-01-19 22:25 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-01-19 22:25 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-01-19 22:25 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-19 22:25 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-01-19 22:25 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-01-19 22:25 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2014-01-19 22:25 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2014-01-19 22:25 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2014-01-19 22:25 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2014-01-19 22:24 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-01-19 22:24 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-01-19 22:24 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-01-19 22:24 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-01-19 22:24 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-01-19 22:24 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys
2014-01-19 22:24 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-01-19 22:24 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-01-19 22:24 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-01-19 22:24 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-01-19 22:24 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-01-19 22:24 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-01-19 22:24 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Windows.Graphics.dll
2014-01-19 22:24 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-01-19 22:24 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Graphics.dll
2014-01-19 22:24 - 2013-11-27 05:01 - 00385614 _____ C:\windows\system32\ApnDatabase.xml
2014-01-19 22:24 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-01-19 22:24 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2014-01-19 22:24 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-01-19 22:24 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-01-19 22:24 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-01-19 22:24 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-01-19 22:24 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-01-19 22:24 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-01-19 22:24 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-01-19 22:24 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\windows\system32\ploptin.dll
2014-01-19 22:24 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-01-19 22:24 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\bi.dll
2014-01-19 22:24 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2014-01-19 22:24 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-01-19 22:24 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-01-19 22:24 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-01-19 22:24 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-01-19 22:24 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\deviceregistration.dll
2014-01-19 22:24 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-01-19 22:24 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-01-19 22:24 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-01-19 22:24 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2014-01-19 22:24 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2014-01-19 22:24 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-01-19 22:24 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-01-19 22:24 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-19 22:24 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-01-19 22:24 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-01-16 00:39 - 2014-01-16 00:39 - 00288728 _____ C:\windows\Minidump\011614-6109-01.dmp
2014-01-16 00:36 - 2014-01-16 00:36 - 00288728 _____ C:\windows\Minidump\011614-5234-01.dmp
2014-01-16 00:35 - 2014-01-16 00:35 - 00288784 _____ C:\windows\Minidump\011614-5718-01.dmp
2014-01-15 23:50 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-01-15 23:50 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\WSCollect.exe
2014-01-15 23:50 - 2013-11-27 11:34 - 00138240 _____ C:\windows\system32\OEMLicense.dll
2014-01-15 23:50 - 2013-11-27 10:54 - 00103936 _____ C:\windows\SysWOW64\OEMLicense.dll
2014-01-15 23:50 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:50 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-01-15 23:50 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:50 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-01-15 23:50 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-15 23:50 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-15 23:34 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2014-01-12 21:23 - 2014-01-12 21:52 - 00000000 ____D C:\Users\ticket2870\Documents\Elektroinstallation
2014-01-09 21:21 - 2014-01-09 22:16 - 00037888 ___SH C:\Users\ticket2870\Downloads\Thumbs.db
2014-01-05 18:14 - 2014-01-05 18:14 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple
2013-12-30 10:01 - 2013-12-30 10:01 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-25 17:29 - 2013-12-25 17:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:26 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:07 - 00001802 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 11:07 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple Computer
2013-12-25 11:07 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\windows\System32\Tasks\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Users\******\AppData\Local\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iPod
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 11:05 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files (x86)\Bonjour

==================== One Month Modified Files and Folders =======

2014-01-23 21:08 - 2014-01-23 21:01 - 00000000 _____ C:\Recovery.txt
2014-01-23 20:26 - 2014-01-23 20:26 - 02077696 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-01-23 20:26 - 2014-01-23 00:11 - 00000000 ____D C:\Users\******\Downloads\BSI
2014-01-23 20:20 - 2013-10-21 03:53 - 01763252 _____ C:\windows\WindowsUpdate.log
2014-01-23 20:19 - 2014-01-22 23:32 - 00000000 ____D C:\FRST
2014-01-23 20:14 - 2013-11-29 21:14 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1944391006-810383993-2316555493-1001
2014-01-23 20:13 - 2013-09-19 02:52 - 00765582 _____ C:\windows\system32\perfh007.dat
2014-01-23 20:13 - 2013-09-19 02:52 - 00159366 _____ C:\windows\system32\perfc007.dat
2014-01-23 20:13 - 2013-09-18 18:50 - 01776918 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-23 20:09 - 2013-12-13 21:37 - 00016543 _____ C:\ndsvc.log
2014-01-23 20:09 - 2013-12-01 07:32 - 00000000 ____D C:\Users\******\AppData\Roaming\newnext.me
2014-01-23 20:09 - 2013-11-29 21:10 - 00000000 __RDO C:\Users\******\SkyDrive
2014-01-23 20:09 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-23 19:51 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2014-01-23 19:44 - 2013-08-22 14:25 - 00524288 ___SH C:\windows\system32\config\BBI
2014-01-23 19:43 - 2013-08-22 15:46 - 00035879 _____ C:\windows\setupact.log
2014-01-23 19:31 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2014-01-23 01:03 - 2013-12-08 20:16 - 00005142 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MHSur-ticket2870 MHSur
2014-01-23 01:02 - 2013-12-03 23:38 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1944391006-810383993-2316555493-1004
2014-01-22 23:49 - 2013-12-01 07:31 - 00002294 _____ C:\windows\Sandboxie.ini
2014-01-22 23:49 - 2013-11-29 21:09 - 00000000 ___RD C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 23:49 - 2013-11-29 21:09 - 00000000 ___RD C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-22 22:56 - 2014-01-22 22:56 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 01:56 - 2013-09-19 03:02 - 00000000 ____D C:\windows\Firmware
2014-01-19 22:27 - 2013-12-03 23:33 - 00000000 ___RD C:\Users\ticket2870\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 22:27 - 2013-12-03 23:33 - 00000000 ___RD C:\Users\ticket2870\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 22:27 - 2013-08-22 15:44 - 00482168 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-19 22:26 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2014-01-19 22:26 - 2013-08-22 14:36 - 00000000 ____D C:\windows\SysWOW64\Dism
2014-01-19 22:26 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\Dism
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\MediaViewer
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\FileManager
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\Camera
2014-01-19 08:38 - 2013-11-29 21:53 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-16 06:59 - 2013-11-29 22:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 06:59 - 2013-08-22 16:36 - 00000000 ____D C:\windows\WinStore
2014-01-16 06:58 - 2013-12-03 23:33 - 00000000 ____D C:\Users\ticket2870
2014-01-16 06:58 - 2013-11-29 22:00 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-16 00:39 - 2014-01-16 00:39 - 00288728 _____ C:\windows\Minidump\011614-6109-01.dmp
2014-01-16 00:39 - 2013-12-03 21:16 - 423661328 _____ C:\windows\MEMORY.DMP
2014-01-16 00:39 - 2013-12-03 21:16 - 00000000 ____D C:\windows\Minidump
2014-01-16 00:36 - 2014-01-16 00:36 - 00288728 _____ C:\windows\Minidump\011614-5234-01.dmp
2014-01-16 00:35 - 2014-01-16 00:35 - 00288784 _____ C:\windows\Minidump\011614-5718-01.dmp
2014-01-16 00:35 - 2013-09-18 18:41 - 00031642 _____ C:\windows\PFRO.log
2014-01-14 22:57 - 2013-12-01 05:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-12 21:52 - 2014-01-12 21:23 - 00000000 ____D C:\Users\ticket2870\Documents\Elektroinstallation
2014-01-09 22:16 - 2014-01-09 21:21 - 00037888 ___SH C:\Users\ticket2870\Downloads\Thumbs.db
2014-01-06 23:31 - 2013-11-29 22:18 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-11-29 22:18 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-05 18:14 - 2014-01-05 18:14 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple
2013-12-30 10:01 - 2013-12-30 10:01 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-26 04:15 - 2013-12-01 07:32 - 00000000 ____D C:\Users\******\AppData\Local\Mobogenie
2013-12-26 04:01 - 2013-12-03 23:34 - 00014416 _____ C:\Users\ticket2870\daemonprocess.txt
2013-12-25 17:29 - 2013-12-25 17:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Apple Computer
2013-12-25 11:26 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:07 - 00001802 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 11:07 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\windows\System32\Tasks\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Users\******\AppData\Local\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iPod
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 11:06 - 2013-12-25 11:05 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files (x86)\Bonjour

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3740.dll


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\OfficeSetup.exe
C:\Users\******\AppData\Local\Temp\Setup.x64.de-DE_ProPlusRetail_WR4DF-XNTJ2-7DWV8-27J32-9P8QD_act_1_.exe
C:\Users\******\AppData\Local\Temp\Setup.x64.de-DE_VisioProRetail_KKR9B-JPN7W-K9YGC-8RCTG-C9VWB_act_1_.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-21 05:53

==================== End Of Log ============================

FRST64.txt vom 22.01.14 (nicht als Admin)
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 03
Ran by ticket2870 (ATTENTION: The logged in user is not administrator) on MHSUR on 22-01-2014 23:33:09
Running from C:\Users\ticket2870\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [458616 2013-09-07] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBC0F22D78F0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

==================== Services (Whitelisted) =================

U2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-25] (Bdrive Inc.)
U2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
U2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
U2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
U2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
U2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
U2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [378368 2013-01-16] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
U3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-13] (Intel Corporation)
U3 msu64w8; C:\Windows\system32\DRIVERS\msu64w8.sys [96472 2013-09-05] (Microsoft)
U3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1595392 2013-11-14] (Marvell Semiconductors, Inc.)
U3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
U3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [46744 2013-08-13] (Microsoft Corporation)
U3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [29752 2013-08-07] (Microsoft Corporation)
U3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [37992 2013-08-08] (Microsoft Corporation)
U3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [37944 2013-08-07] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 23:33 - 2014-01-22 23:33 - 00010380 _____ C:\Users\ticket2870\Downloads\FRST.txt
2014-01-22 23:32 - 2014-01-22 23:32 - 02077184 _____ (Farbar) C:\Users\ticket2870\Downloads\FRST64.exe
2014-01-22 23:32 - 2014-01-22 23:32 - 00000000 ____D C:\FRST
2014-01-22 23:21 - 2014-01-22 23:22 - 00000000 ____D C:\Users\ticket2870\Downloads\BSI
2014-01-22 22:56 - 2014-01-22 22:56 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 22:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-22 22:54 - 2014-01-22 22:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ticket2870\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 22:25 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-01-19 22:25 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-01-19 22:25 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-01-19 22:25 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-19 22:25 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-01-19 22:25 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-01-19 22:25 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2014-01-19 22:25 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2014-01-19 22:25 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2014-01-19 22:25 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2014-01-19 22:24 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-01-19 22:24 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-01-19 22:24 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-01-19 22:24 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-01-19 22:24 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-01-19 22:24 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys
2014-01-19 22:24 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-01-19 22:24 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-01-19 22:24 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-01-19 22:24 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-01-19 22:24 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-01-19 22:24 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-01-19 22:24 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Windows.Graphics.dll
2014-01-19 22:24 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-01-19 22:24 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Graphics.dll
2014-01-19 22:24 - 2013-11-27 05:01 - 00385614 _____ C:\windows\system32\ApnDatabase.xml
2014-01-19 22:24 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2014-01-19 22:24 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-01-19 22:24 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2014-01-19 22:24 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-01-19 22:24 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-01-19 22:24 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-01-19 22:24 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-01-19 22:24 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-01-19 22:24 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-01-19 22:24 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-01-19 22:24 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\windows\system32\ploptin.dll
2014-01-19 22:24 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-01-19 22:24 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\bi.dll
2014-01-19 22:24 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2014-01-19 22:24 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-01-19 22:24 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-01-19 22:24 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-01-19 22:24 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-01-19 22:24 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\deviceregistration.dll
2014-01-19 22:24 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-01-19 22:24 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-01-19 22:24 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-01-19 22:24 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2014-01-19 22:24 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2014-01-19 22:24 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-01-19 22:24 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-01-19 22:24 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-19 22:24 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-01-19 22:24 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-01-15 23:50 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-01-15 23:50 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\WSCollect.exe
2014-01-15 23:50 - 2013-11-27 11:34 - 00138240 _____ C:\windows\system32\OEMLicense.dll
2014-01-15 23:50 - 2013-11-27 10:54 - 00103936 _____ C:\windows\SysWOW64\OEMLicense.dll
2014-01-15 23:50 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:50 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-01-15 23:50 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:50 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-01-15 23:50 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-15 23:50 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-15 23:34 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2014-01-12 21:23 - 2014-01-12 21:52 - 00000000 ____D C:\Users\ticket2870\Documents\Elektroinstallation
2014-01-09 21:21 - 2014-01-09 22:16 - 00037888 ___SH C:\Users\ticket2870\Downloads\Thumbs.db
2014-01-05 18:14 - 2014-01-05 18:14 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple
2013-12-30 10:01 - 2013-12-30 10:01 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-25 17:29 - 2013-12-25 17:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:26 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:07 - 00001802 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 11:07 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple Computer
2013-12-25 11:07 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 11:06 - 2013-12-25 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iPod
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 11:05 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files (x86)\Bonjour

==================== One Month Modified Files and Folders =======

2014-01-22 23:33 - 2014-01-22 23:33 - 00010380 _____ C:\Users\ticket2870\Downloads\FRST.txt
2014-01-22 23:32 - 2014-01-22 23:32 - 02077184 _____ (Farbar) C:\Users\ticket2870\Downloads\FRST64.exe
2014-01-22 23:32 - 2014-01-22 23:32 - 00000000 ____D C:\FRST
2014-01-22 23:22 - 2014-01-22 23:21 - 00000000 ____D C:\Users\ticket2870\Downloads\BSI
2014-01-22 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2014-01-22 22:56 - 2014-01-22 22:56 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-22 22:56 - 2014-01-22 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 22:55 - 2014-01-22 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ticket2870\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 22:44 - 2013-10-21 03:53 - 01323092 _____ C:\windows\WindowsUpdate.log
2014-01-22 01:56 - 2013-09-19 03:02 - 00000000 ____D C:\windows\Firmware
2014-01-21 19:33 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2014-01-19 22:31 - 2013-09-19 02:52 - 00765582 _____ C:\windows\system32\perfh007.dat
2014-01-19 22:31 - 2013-09-19 02:52 - 00159366 _____ C:\windows\system32\perfc007.dat
2014-01-19 22:31 - 2013-09-18 18:50 - 01776918 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-19 22:27 - 2013-12-13 21:37 - 00012978 _____ C:\ndsvc.log
2014-01-19 22:27 - 2013-12-03 23:33 - 00000000 ___RD C:\Users\ticket2870\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 22:27 - 2013-12-03 23:33 - 00000000 ___RD C:\Users\ticket2870\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 22:27 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-19 22:27 - 2013-08-22 15:44 - 00482168 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-19 22:26 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2014-01-19 22:26 - 2013-08-22 14:36 - 00000000 ____D C:\windows\SysWOW64\Dism
2014-01-19 22:26 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\Dism
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\MediaViewer
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\FileManager
2014-01-19 22:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\Camera
2014-01-19 08:38 - 2013-11-29 21:53 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-16 06:59 - 2013-11-29 22:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 06:59 - 2013-08-22 16:36 - 00000000 ____D C:\windows\WinStore
2014-01-16 06:58 - 2013-12-03 23:33 - 00000000 ____D C:\Users\ticket2870
2014-01-16 06:58 - 2013-11-29 22:00 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-16 00:39 - 2013-12-03 21:16 - 423661328 _____ C:\windows\MEMORY.DMP
2014-01-16 00:39 - 2013-12-03 21:16 - 00000000 ____D C:\windows\Minidump
2014-01-16 00:35 - 2013-12-01 07:31 - 00002294 _____ C:\windows\Sandboxie.ini
2014-01-16 00:35 - 2013-09-18 18:41 - 00031642 _____ C:\windows\PFRO.log
2014-01-14 22:57 - 2013-12-01 05:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-12 21:52 - 2014-01-12 21:23 - 00000000 ____D C:\Users\ticket2870\Documents\Elektroinstallation
2014-01-09 22:16 - 2014-01-09 21:21 - 00037888 ___SH C:\Users\ticket2870\Downloads\Thumbs.db
2014-01-06 23:31 - 2013-11-29 22:18 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-11-29 22:18 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-05 18:14 - 2014-01-05 18:14 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple
2013-12-30 10:01 - 2013-12-30 10:01 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-30 10:01 - 2013-08-22 15:46 - 00035084 _____ C:\windows\setupact.log
2013-12-26 04:01 - 2013-12-03 23:34 - 00014416 _____ C:\Users\ticket2870\daemonprocess.txt
2013-12-25 17:33 - 2013-11-29 21:10 - 00000000 __RDO C:\Users\******\SkyDrive
2013-12-25 17:30 - 2013-12-01 07:32 - 00000000 ____D C:\Users\******\AppData\Roaming\newnext.me
2013-12-25 17:29 - 2013-12-25 17:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Apple Computer
2013-12-25 11:26 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Roaming\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:07 - 00001802 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 11:07 - 2013-12-25 11:07 - 00000000 ____D C:\Users\ticket2870\AppData\Local\Apple Computer
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 11:07 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\iPod
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 11:06 - 2013-12-25 11:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 11:06 - 2013-12-25 11:05 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 11:05 - 2013-12-25 11:05 - 00000000 ____D C:\Program Files (x86)\Bonjour

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3740.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
Addition.txt vom 22.01.14 (nicht als Admin)

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014 03
Ran by ticket2870 at 2014-01-22 23:33:42
Running from C:\Users\ticket2870\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
HP Officejet 6700 - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (x32 Version: 140.0.2.2 - Hewlett Packard)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3345 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Project Professional 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Visio Professional 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
NetDrive (x32 Version: 1.3.4.0 - Bdrive Inc.)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Opera Stable 18.0.1284.68 (HKCU Version: 18.0.1284.68 - Opera Software ASA)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.2 - pdfforge)
Sandboxie 4.06 (64-bit) (Version: 4.06 - Sandboxie Holdings, LLC)
Synology Data Replicator  3 (x32 Version: 1.0.0.0 - Synology Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Surface Pro UEFI
Description: Surface Pro UEFI
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: American Megatrends, Inc.
Service:
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

MBM von heute mit 9 Infizierungen

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.23.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
****** :: MHSUR [Administrator]

Schutz: Aktiviert

23.01.2014 20:40:19
MBAM-log-2014-01-23 (21-13-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353167
Laufzeit: 31 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\******\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\windows\SysWOW64\rundll32.exe "C:\Users\******\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\******\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\Users\******\Downloads\Sandboxie.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

(Ende)

schrauber 23.01.2014 23:12
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131