kein WLAN mehr, dafür AdWare
Moin,
auf meinem laptop habe ich auf einmal kein WLAN Adapter mehr. Dann ist mir aufgefallen, dass die CPU ständig auf 100% lief.
Anschließend habe ich mit Malwarebytes ein QuickScan gemacht und auch etwas gefunden: Malwarebyte LOG Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Warsow :: WARSOW-PC [Administrator]
18.02.2014 19:33:09
MBAM-log-2014-02-18 (19-44-55).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra |
HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214401
Laufzeit: 6 Minute(n), 36 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 1
C:\Users\Warsow\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungsschlüssel: 3
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows
\SysWOW64\rundll32.exe "C:\Users\Warsow\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion
durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 4
C:\Users\Warsow\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Warsow\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Keine Aktion durchgeführt.
C:\ProgramData\boost_interprocess\619F331A864ACE01 (PUP.Optional.BoostInterProcess.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 7
C:\Users\Warsow\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-82718981-2728021986-1345355776-1001\$R3P7YLW\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion
durchgeführt.
C:\Users\Warsow\AppData\Local\Temp\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Warsow\AppData\Local\Temp\is125651805\490773392_stp\Mobogenie_Setup_UN.exe (PUP.Optional.NextLive.A) -> Keine
Aktion durchgeführt.
C:\Users\Warsow\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Warsow\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Warsow\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
(Ende)
Mit dem Schlagwort PUP.Optional.InstallCore.A bin ich auf Eure Seite gestoßen.
... und habe die entsprechenden Punkte abgearbeitet: AdwCleaner[R0] Code:
# AdwCleaner v3.019 - Bericht erstellt am 18/02/2014 um 19:45:42
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Warsow - WARSOW-PC
# Gestartet von : C:\Users\Warsow\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Users\Warsow\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\Warsow\AppData\Local\genienext
Ordner Gefunden C:\Users\Warsow\AppData\Local\Mobogenie
Ordner Gefunden C:\Users\Warsow\AppData\Roaming\newnext.me
Ordner Gefunden C:\Users\Warsow\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\Warsow\Documents\Mobogenie
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\caphyon
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : [x64] HKCU\Software\caphyon
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : HKLM\Software\InstallIQ
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-
BE8A-2923E76605DA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-
4CCE-BE8A-2923E76605DA}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\Warsow\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3007 octets] - [18/02/2014 19:45:42]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3067 octets] ##########
AdwCleaner[S0] Code:
# AdwCleaner v3.019 - Bericht erstellt am 18/02/2014 um 19:49:50
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Warsow - WARSOW-PC
# Gestartet von : C:\Users\Warsow\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Warsow\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Warsow\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Warsow\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Warsow\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Warsow\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Warsow\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-
BE8A-2923E76605DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-
4CCE-BE8A-2923E76605DA}
Schlüssel Gelöscht : HKCU\Software\caphyon
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\InstallIQ
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\Warsow\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[S0].txt - [2924 octets] - [18/02/2014 19:49:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2984 octets] ##########
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Warsow on 18.02.2014 at 19:59:35,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\puretext
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.02.2014 at 20:13:03,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by w...w (administrator) on w...w-PC on 18-02-2014 20:16:28
Running from D:\Dropbox\Dokumente\LOG
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(hxxp://www.SteveMiller.net) C:\Users\w...w\AppData\Local\Temp\Rar$EXa0.970\PureText.exe
(Google Inc.) C:\Users\w...w\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Dropbox, Inc.) C:\Users\w...w\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\RAPID\SamsungRapidSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SamsungRapidApp] - C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [109280 2013-07-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\runonceex: [Flags] - 128
HKLM\...\runonceex: [Title] - RAPID uninstall cleanup using key [0001]
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-82718981-2728021986-1345355776-1001\...\Run: [Google Update] - C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-18] (Google Inc.)
HKU\S-1-5-21-82718981-2728021986-1345355776-1001\...\Run: [Google+ Auto Backup] - C:\Users\w...w\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619144 2014-02-06] (Google Inc.)
HKU\S-1-5-21-82718981-2728021986-1345355776-1001\...\Run: [FA91854233861D90EE43556E8D97E21319F25ACE._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-02] (Google Inc.)
HKU\S-1-5-21-82718981-2728021986-1345355776-1001\...\MountPoints2: {893fd500-af70-11e2-80fe-806e6f6e6963} - E:\.\start.exe /autorun
HKU\S-1-5-21-82718981-2728021986-1345355776-1001\...\MountPoints2: {fc15c60b-47d8-11e3-ab5a-64315087dbf6} - G:\autorun.exe
Startup: C:\Users\w...w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\w...w\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x871D2F587F43CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-27]
CHR Extension: (Google Drive) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-27]
CHR Extension: (YouTube) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-27]
CHR Extension: (SmoothScroll) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2013-07-10]
CHR Extension: (Adblock Plus) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-14]
CHR Extension: (Inkognito-Filter) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2013-10-07]
CHR Extension: (Google-Suche) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-27]
CHR Extension: (Speed Dial) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-04-27]
CHR Extension: (Tampermonkey) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-01-14]
CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2013-04-27]
CHR Extension: (Snip-Me - Amazon-Preisalarm) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbcajkaanddkocabpldmeomjdlgjpag [2013-04-27]
CHR Extension: (AdBlock) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-27]
CHR Extension: (Mibbit webchat) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2013-04-27]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-24]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-04-27]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2013-04-27]
CHR Extension: (Schwarz + Silber-Metall-Kohlenstoff) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2013-11-10]
CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2013-04-27]
CHR Extension: (Do It (Tomorrow)) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2013-04-27]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-04-27]
CHR Extension: (Google Wallet) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (YouTube Unblocker) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-01-26]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-04-27]
CHR Extension: (Do Share) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-01-02]
CHR Extension: (Big G Black Bar Sorter) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamgkpplhllmgmjkmpoapkidpgfhmdo [2013-04-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-04-27]
CHR Extension: (Google Mail) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-27]
CHR Extension: (IRC to Mibbit) - C:\Users\w...w\AppData\Local\Google\Chrome\User Data\Default\Extensions\pohpiiceeffdepjkcikeifcpecegppod [2013-04-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-26] (Disc Soft Ltd)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
S3 ALSysIO; \??\C:\Users\w...w\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-18 20:16 - 2014-02-18 20:16 - 00000000 ____D () C:\FRST
2014-02-18 19:59 - 2014-02-18 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 19:46 - 2014-02-18 19:46 - 00000879 _____ () C:\Users\w...w\Desktop\LOG - Verknüpfung.lnk
2014-02-18 19:45 - 2014-02-18 19:56 - 00000000 ____D () C:\AdwCleaner
2014-02-17 19:24 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 19:24 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 19:23 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 19:23 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 19:23 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 19:23 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 19:23 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 19:23 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 19:23 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 19:23 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 19:23 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 19:23 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 19:23 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 19:23 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 19:23 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-17 19:23 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 19:23 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 19:23 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 19:23 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 19:23 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-17 19:23 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-17 19:23 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-17 19:23 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 19:23 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-17 19:23 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-17 19:23 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 19:23 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-17 19:23 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-17 19:23 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-17 19:23 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-17 19:23 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-17 19:23 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 19:23 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 19:23 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-17 19:23 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-17 19:23 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-17 19:23 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 19:23 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-17 19:23 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 19:23 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-17 19:23 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-15 17:25 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 17:25 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 17:25 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 17:25 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 17:25 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 17:25 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 17:25 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 17:25 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 17:25 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 17:25 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 17:25 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 17:25 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 17:25 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 17:25 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 17:25 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 17:25 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 17:25 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 17:25 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 17:19 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 17:19 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 17:19 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 17:19 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 17:19 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-15 17:19 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-15 17:11 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-15 17:11 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 17:11 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-15 17:11 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 11:40 - 2014-02-09 11:40 - 01869082 _____ () C:\Users\w...w\Downloads\ch.neoos.doodle.1.0.3.apk
2014-02-09 11:34 - 2014-02-09 11:34 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\Mozilla
2014-02-08 11:28 - 2014-02-08 11:28 - 00025366 _____ () C:\Users\w...w\Downloads\FRITZ!Box_Anrufliste.csv
2014-02-08 11:24 - 2014-02-08 11:24 - 00500844 _____ () C:\Users\w...w\Downloads\archive08022014_112414.zip
2014-02-08 09:39 - 2014-02-08 09:39 - 00288104 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-08 09:39 - 2014-02-08 09:39 - 00284434 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-08 09:39 - 2014-02-08 09:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-07 12:38 - 2014-02-07 12:38 - 00000000 ____D () C:\Users\w...w\AppData\Local\roomeon
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-02-05 19:17 - 2014-02-05 19:17 - 00000000 ____D () C:\LGP350
2014-02-05 19:16 - 2014-02-05 19:16 - 00003138 _____ () C:\Windows\System32\Tasks\{9449C0E6-3B45-4444-A20D-88B6C47C715D}
2014-02-05 19:16 - 2014-02-05 19:16 - 00002411 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2014-02-05 19:16 - 2014-02-05 19:16 - 00000831 _____ () C:\Users\w...w\Desktop\LGMobile Support Tool.lnk
2014-02-05 19:16 - 2011-05-06 19:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2014-02-05 19:16 - 2011-05-06 19:37 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2014-02-05 19:16 - 2011-05-06 19:37 - 00224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcm90.dll
2014-02-05 19:16 - 2006-04-30 14:33 - 00053248 _____ () C:\Windows\SysWOW64\CommonDL.dll
2014-02-05 19:16 - 2005-11-20 08:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-02-05 19:16 - 2005-09-30 07:39 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-02-05 19:14 - 2014-02-05 19:23 - 00000000 ____D () C:\Users\w...w\Downloads\LGP350
2014-02-05 19:08 - 2014-02-05 19:16 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2014-02-05 19:08 - 2014-02-05 19:08 - 00261208 _____ (LG Electronics) C:\Users\w...w\Downloads\B2CAppSetup.exe
2014-02-02 13:26 - 2014-02-02 13:26 - 00035840 _____ () C:\Users\w...w\Downloads\pcon014.xls
2014-01-26 12:32 - 2014-01-26 12:32 - 00282775 _____ () C:\Users\w...w\Downloads\YouTube-Unblocker-055.crx
2014-01-24 21:29 - 2014-01-24 21:29 - 00001350 _____ () C:\Users\w...w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MD5 & SHA Checksum Utility.exe - Verknüpfung.lnk
2014-01-24 08:24 - 2014-01-24 08:24 - 00002475 _____ () C:\Users\w...w\Downloads\mailFilters.xml
2014-01-24 08:12 - 2014-01-24 08:12 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\DropboxMaster
2014-01-23 10:39 - 2014-01-23 10:39 - 00020480 _____ () C:\Users\w...w\Downloads\MinusArbeitstage.xls
==================== One Month Modified Files and Folders =======
2014-02-18 20:16 - 2014-02-18 20:16 - 00000000 ____D () C:\FRST
2014-02-18 20:16 - 2013-04-27 20:48 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\Dropbox
2014-02-18 20:15 - 2013-04-27 20:33 - 01700628 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 19:59 - 2014-02-18 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 19:58 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 19:58 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 19:57 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-18 19:57 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-18 19:57 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-18 19:56 - 2014-02-18 19:45 - 00000000 ____D () C:\AdwCleaner
2014-02-18 19:53 - 2013-04-27 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 19:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 19:53 - 2009-07-14 05:51 - 00049970 _____ () C:\Windows\setupact.log
2014-02-18 19:49 - 2013-08-18 19:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001UA.job
2014-02-18 19:49 - 2013-08-18 19:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001Core.job
2014-02-18 19:46 - 2014-02-18 19:46 - 00000879 _____ () C:\Users\w...w\Desktop\LOG - Verknüpfung.lnk
2014-02-18 19:44 - 2013-08-18 19:01 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001UA
2014-02-18 19:44 - 2013-08-18 19:01 - 00003700 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001Core
2014-02-18 19:37 - 2013-05-30 12:21 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2014-02-18 19:37 - 2013-05-26 21:27 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-02-18 19:30 - 2013-04-27 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 19:31 - 2013-08-16 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 19:29 - 2010-02-09 23:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 19:15 - 2013-05-03 08:42 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-02-09 11:40 - 2014-02-09 11:40 - 01869082 _____ () C:\Users\w...w\Downloads\ch.neoos.doodle.1.0.3.apk
2014-02-09 11:34 - 2014-02-09 11:34 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\Mozilla
2014-02-08 13:34 - 2013-05-17 18:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2014-02-08 11:28 - 2014-02-08 11:28 - 00025366 _____ () C:\Users\w...w\Downloads\FRITZ!Box_Anrufliste.csv
2014-02-08 11:24 - 2014-02-08 11:24 - 00500844 _____ () C:\Users\w...w\Downloads\archive08022014_112414.zip
2014-02-08 09:39 - 2014-02-08 09:39 - 00288104 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-02-08 09:39 - 2014-02-08 09:39 - 00284434 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-02-08 09:39 - 2014-02-08 09:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-08 00:31 - 2014-01-07 19:37 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-07 19:03 - 2013-04-27 21:30 - 00070604 _____ () C:\Windows\PFRO.log
2014-02-07 12:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-07 12:38 - 2014-02-07 12:38 - 00000000 ____D () C:\Users\w...w\AppData\Local\roomeon
2014-02-06 13:16 - 2014-02-17 19:23 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-17 19:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-17 19:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-17 19:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-17 19:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-17 19:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-17 19:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-17 19:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-17 19:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-17 19:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-17 19:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-17 19:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-17 19:23 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-17 19:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-17 19:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-17 19:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-17 19:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-17 19:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-17 19:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-17 19:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-17 19:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-17 19:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-17 19:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-17 19:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-17 19:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-17 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-17 19:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-17 19:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-17 19:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-17 19:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-17 19:23 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-17 19:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-17 19:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-17 19:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-17 19:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-17 19:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-17 19:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-17 19:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-17 19:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 19:23 - 2014-02-05 19:14 - 00000000 ____D () C:\Users\w...w\Downloads\LGP350
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-02-05 19:18 - 2013-05-26 21:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-05 19:17 - 2014-02-05 19:17 - 00000000 ____D () C:\LGP350
2014-02-05 19:16 - 2014-02-05 19:16 - 00003138 _____ () C:\Windows\System32\Tasks\{9449C0E6-3B45-4444-A20D-88B6C47C715D}
2014-02-05 19:16 - 2014-02-05 19:16 - 00002411 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2014-02-05 19:16 - 2014-02-05 19:16 - 00000831 _____ () C:\Users\w...w\Desktop\LGMobile Support Tool.lnk
2014-02-05 19:16 - 2014-02-05 19:08 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2014-02-05 19:08 - 2014-02-05 19:08 - 00261208 _____ (LG Electronics) C:\Users\w...w\Downloads\B2CAppSetup.exe
2014-02-03 19:18 - 2013-05-24 12:13 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\vlc
2014-02-02 13:26 - 2014-02-02 13:26 - 00035840 _____ () C:\Users\w...w\Downloads\pcon014.xls
2014-02-02 12:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-26 12:32 - 2014-01-26 12:32 - 00282775 _____ () C:\Users\w...w\Downloads\YouTube-Unblocker-055.crx
2014-01-24 21:29 - 2014-01-24 21:29 - 00001350 _____ () C:\Users\w...w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MD5 & SHA Checksum Utility.exe - Verknüpfung.lnk
2014-01-24 08:24 - 2014-01-24 08:24 - 00002475 _____ () C:\Users\w...w\Downloads\mailFilters.xml
2014-01-24 08:13 - 2013-04-27 20:38 - 00000000 ___RD () C:\Users\w...w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 08:12 - 2014-01-24 08:12 - 00000000 ____D () C:\Users\w...w\AppData\Roaming\DropboxMaster
2014-01-23 10:39 - 2014-01-23 10:39 - 00020480 _____ () C:\Users\w...w\Downloads\MinusArbeitstage.xls
Some content of TEMP:
====================
C:\Users\w...w\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\w...w\AppData\Local\Temp\avgnt.exe
C:\Users\w...w\AppData\Local\Temp\Checkupdate.exe
C:\Users\w...w\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxh9u8q.dll
C:\Users\w...w\AppData\Local\Temp\DTLite4481-0347.exe
C:\Users\w...w\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\w...w\AppData\Local\Temp\gcapi_dll.dll
C:\Users\w...w\AppData\Local\Temp\GLF8224.tmp.dll
C:\Users\w...w\AppData\Local\Temp\gtapi_signed.dll
C:\Users\w...w\AppData\Local\Temp\SCC.dll
C:\Users\w...w\AppData\Local\Temp\SymCCIS.dll
C:\Users\w...w\AppData\Local\Temp\tmp7B1.exe
C:\Users\w...w\AppData\Local\Temp\unrar.dll
C:\Users\w...w\AppData\Local\Temp\vlc-2.1.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 16:58
==================== End Of Log ============================
--- --- --- Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by w...w at 2014-02-18 20:17:26
Running from D:\Dropbox\Dokumente\LOG
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
AAVUpdateManager (x32 Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 11 (x32 Version: 11.0.460 - ABBYY)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AllDup 3.4.18 (x32 Version: 3.4.18 - Michael Thummerer Software Design)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
Avidemux 2.6 - 64bits (x32 Version: 2.6.5.8897 - )
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
BUDNI Fotowelt (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
calibre 64bit (Version: 0.9.34 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
ClipboardPath (Aktueller Benutzer) (HKCU Version: 1.2.4 - Stefan Bertels)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Core Temp 1.0 RC6 (Version: 1.0 - Alcpu)
CrystalDiskMark 3.0.2f (Version: 3.0.2f - Crystal Dew World)
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
DriverTools 1.0 (x32 Version: 1.0 - Huawei Technologies Co.,Ltd)
Dropbox (HKCU Version: 2.6.5 - Dropbox, Inc.)
Evernote v. 5.1.2 (x32 Version: 5.1.2.2387 - Evernote Corp.)
Everpix (HKCU Version: 1.0.12.55 - Everpix)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Foxit Reader (x32 Version: 6.0.4.719 - Foxit Corporation)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Talk Plugin (x32 Version: 5.1.4.17398 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (HKCU Version: 1.0.22.105 - Google, Inc.)
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
Hdd Speed Test Tool v. 1.0.14 (RC 1) (x32 Version: - Marko Oette (oette.info)) <==== ATTENTION
HP HotKey Support (Version: 4.0.3.1 - Hewlett-Packard Company)
iDRS(tm) OCR Software by I.R.I.S (x32 Version: 1.00.04.03 - Samsung Electronics Co., Ltd.)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (Version: 2.0 - AppWork GmbH)
Kobo (x32 Version: 3.2.2 - Kobo Inc.)
LastPass (Nur deinstallieren) (x32 Version: - LastPass)
LG United Mobile Driver (x32 Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 3.1.59 (x32 Version: 3.1.59 - ManyCam LLC)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
ownCloud (x32 Version: 1.2.5 - ownCloud, Inc)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Pixum Fotobuch (x32 Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
RAPID Mode (Version: 1.0.1.42 - Samsung Electronics Co., Ltd.) Hidden
Samsung Data Migration (x32 Version: 2.5 - Samsung)
Samsung Easy Printer Manager (x32 Version: 1.02.06.05 - Samsung Electronics Co., Ltd.)
Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics)
Samsung Printer Live Update (x32 Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (x32 Version: 1.04.30.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (x32 Version: - Samsung Electronics Co., Ltd.)
Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
SRS-Root (x32 Version: - 123Unlock GSM Service)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 (x32 Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0 (x32 Version: 6.0 - Star Finanz GmbH)
Steuer-Spar-Erklärung 2013 (x32 Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Synaptics Pointing Device Driver (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 9 (x32 Version: 9.0.25942 - TeamViewer)
TreeSize Free V2.7 (x32 Version: 2.7 - JAM Software)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
WISO Mein Geld 2014 Professional (x32 Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {024CB324-E18B-49B4-8DAF-ECE127F097C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {57AFB501-1755-45DE-919F-9B67E71DDA7E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-15] (Microsoft Corporation)
Task: {6784F09D-A64B-4CFE-B24D-9487FD975DD2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7CDCCDB8-79CE-4F5D-A1B0-8D61D5BDAA4E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {B83574F9-0DEF-4D54-9DAD-5C89D2A4BDEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001UA => C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {C6852C54-B1AE-4468-AD8B-D0B7DA03E4D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-15] (Microsoft Corporation)
Task: {E2CC3C92-2E5A-44B7-91BC-83AFC3D45E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {FD4B11A8-4184-431E-BAEC-2BB5382F547F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001Core => C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001Core.job => C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82718981-2728021986-1345355776-1001UA.job => C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-27 20:59 - 2013-04-27 20:58 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 23:27 - 2014-02-06 23:27 - 03244032 _____ () C:\Users\w...w\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2014-02-18 19:53 - 2014-02-18 19:53 - 00041984 _____ () c:\users\w...w\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxh9u8q.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\w...w\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-07 19:08 - 2011-01-13 09:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-02-05 14:14 - 2011-01-13 09:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2014-02-05 14:15 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-05 14:15 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-05 14:15 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-05 14:15 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-05 14:15 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\w...w\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: PureText => "D:\Dropbox\Software\PureText.exe"
MSCONFIG\startupreg: SMB60StarMoneyRunEntry => "C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 3836.56 MB
Available physical RAM: 1360.12 MB
Total Pagefile: 7671.3 MB
Available Pagefile: 4526.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:79.99 GB) (Free:37.8 GB) NTFS
Drive d: (Daten) (Fixed) (Total:158.38 GB) (Free:49.26 GB) NTFS
Drive e: (Warentest) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: A464783C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=158 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Ist mein System nun Sauber?
Gruß
Hier der vollständigkeitshalber der Abschluss-Scan MBAM-log-2014-02-18 (20-27-27) Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.18.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
w...w :: w...w-PC [Administrator]
18.02.2014 20:21:36
MBAM-log-2014-02-18 (20-27-27).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215395
Laufzeit: 5 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\$Recycle.Bin\S-1-5-21-82718981-2728021986-1345355776-1001\$R3P7YLW\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\w...w\AppData\Local\Temp\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\w...w\AppData\Local\Temp\is125651805\490773392_stp\Mobogenie_Setup_UN.exe (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
(Ende)
ESET läuft noch... |
