|
Log-Analyse und Auswertung: Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
23.01.2014, 12:06 | #1 |
| Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Hallo, ich hoffe ihr könnt mir schnell helfen. Habe mit Malwarebytes zunächst nur einen Quickscan durchgeführt und schon bei diesem wurden einige Funde gemacht. Anbei die Logdatei. Ich hoffe ihr könnt mir raten wie ich damit umgehen soll! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Cristina :: CRISTINA-PC [Administrator] 23.01.2014 11:46:18 MBAM-log-2014-01-23 (11-58-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207567 Laufzeit: 9 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\AppData\Local\Temp\nsr8162.tmp\AskInstaller.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\Downloads\mp3rocket.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt. C:\Users\Cristina\Downloads\SoftonicDownloader_fuer_tor.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. (Ende) Vielen Dank. Geändert von _xcristi_ (23.01.2014 um 13:05 Uhr) |
23.01.2014, 12:58 | #2 |
/// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
24.01.2014, 14:04 | #3 |
| Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. na danke ist aber ne sehr hilfreiche antwort, wenn du mir in deiner antwort schreibst wie ich logs zu posten habe....
__________________ich hab das andere thema aufgemacht weil ich die ergebnisse vom vollständigen suchlauf inzwischen habe und ich desweiteren hier gelesen hab, dass wenn ein beitrag schon ne antwort hat, andere nutzer denken, dass dem fragenden schon geholfen wurde. aber wie gesagt deine antwort war nicht wirklich allzu hilfreich |
25.01.2014, 11:55 | #4 |
/// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Wenn Du deinen Beitrag nach meiner Antwort editierst kann ich das nicht riechen. Einfach mal weniger rumstänkern und mal umschauen was hier so die paar wenigen Gepflogenheiten sind, wenn man schon 300 Euro für nen PC Laden spart. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.01.2014, 14:05 | #5 |
| Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 Ran by Cristina (administrator) on CRISTINA-PC on 27-01-2014 13:48:23 Running from C:\Users\Cristina\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Dropbox, Inc.) C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-06-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-06-07] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-06-07] (Synaptics Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-06-07] (Renesas Electronics Corporation) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Runonce: [Uninstall C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" Startup: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D5ACC8B30B8CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&q={searchTerms}&SSPV= BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP33A84A5D-5172-4366-AE09-778E2BE93701&SSPV= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23] CHR Extension: (Google Drive) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23] CHR Extension: (YouTube) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23] CHR Extension: (Google-Suche) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23] CHR Extension: (AdBlock) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-23] CHR Extension: (Proxy link for YouTube™) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp [2013-11-13] CHR Extension: (Google Wallet) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24904 2013-11-25] (Apache Software Foundation) S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [121672 2013-11-25] (VisualSVN Ltd.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-27 13:48 - 2014-01-27 13:49 - 00012937 _____ C:\Users\Cristina\Downloads\FRST.txt 2014-01-27 13:48 - 2014-01-27 13:48 - 00000000 ____D C:\FRST 2014-01-27 13:43 - 2014-01-27 13:47 - 02078208 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe 2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-23 11:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-22 18:06 - 2014-01-22 19:26 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt 2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java 2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip 2014-01-02 03:01 - 2014-01-02 03:02 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip 2013-12-31 02:23 - 2013-12-31 02:26 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4 2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe 2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS 2013-12-31 02:22 - 2013-12-31 02:23 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe 2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG 2013-12-31 02:06 - 2013-12-31 12:44 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP 2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo! 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m 2013-12-31 01:59 - 2009-06-02 00:36 - 01418240 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop5.dll 2013-12-31 01:59 - 2009-06-02 00:36 - 00979456 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax6.dll 2013-12-31 01:59 - 2009-06-02 00:36 - 00503296 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll 2013-12-31 01:59 - 2009-06-02 00:35 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll 2013-12-31 01:59 - 2009-05-18 22:35 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll 2013-12-31 01:58 - 2013-12-31 02:03 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-31 01:58 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll 2013-12-31 01:54 - 2013-12-31 02:06 - 00239333 _____ C:\Windows\hpwins26.dat 2013-12-31 01:54 - 2013-12-31 02:06 - 00000777 _____ C:\ProgramData\hpzinstall.log 2013-12-31 01:54 - 2013-12-31 02:06 - 00000000 ____D C:\ProgramData\HP 2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef 2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef 2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef 2013-12-30 21:59 - 2013-12-30 22:00 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD 2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar ==================== One Month Modified Files and Folders ======= 2014-01-27 13:49 - 2014-01-27 13:48 - 00012937 _____ C:\Users\Cristina\Downloads\FRST.txt 2014-01-27 13:48 - 2014-01-27 13:48 - 00000000 ____D C:\FRST 2014-01-27 13:48 - 2013-09-26 08:15 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Dropbox 2014-01-27 13:48 - 2013-09-22 20:54 - 01907305 _____ C:\Windows\WindowsUpdate.log 2014-01-27 13:47 - 2014-01-27 13:43 - 02078208 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe 2014-01-27 13:43 - 2013-09-26 08:17 - 00000000 ___RD C:\Users\Cristina\Dropbox 2014-01-27 13:40 - 2013-09-23 08:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-27 13:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-27 13:40 - 2009-07-14 05:51 - 00038777 _____ C:\Windows\setupact.log 2014-01-24 21:39 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-24 21:39 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-24 16:40 - 2013-09-23 08:44 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-22 19:26 - 2014-01-22 18:06 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt 2014-01-17 15:15 - 2013-09-23 08:47 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-16 17:59 - 2009-07-14 05:45 - 04918632 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 23:49 - 2013-09-26 08:17 - 00001033 _____ C:\Users\Cristina\Desktop\Dropbox.lnk 2014-01-15 23:49 - 2013-09-26 08:16 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 23:49 - 2013-09-22 21:34 - 00000000 ___RD C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 22:40 - 2013-12-10 19:54 - 00000000 ____D C:\Users\Cristina\AppData\Local\Eclipse 2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java 2014-01-03 15:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip 2014-01-02 03:02 - 2014-01-02 03:01 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-12-31 12:44 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP 2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip 2013-12-31 12:31 - 2013-09-23 08:43 - 00064408 _____ C:\Users\Cristina\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-31 02:26 - 2013-12-31 02:23 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4 2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe 2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS 2013-12-31 02:23 - 2013-12-31 02:22 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe 2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG 2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP 2013-12-31 02:06 - 2013-12-31 01:54 - 00239333 _____ C:\Windows\hpwins26.dat 2013-12-31 02:06 - 2013-12-31 01:54 - 00000777 _____ C:\ProgramData\hpzinstall.log 2013-12-31 02:06 - 2013-12-31 01:54 - 00000000 ____D C:\ProgramData\HP 2013-12-31 02:06 - 2009-07-14 03:34 - 00000438 _____ C:\Windows\win.ini 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo! 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-12-31 02:03 - 2013-12-31 01:58 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m 2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef 2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef 2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef 2013-12-30 22:28 - 2013-11-12 14:00 - 00000000 ___RD C:\Users\Cristina\SkyDrive 2013-12-30 22:00 - 2013-12-30 21:59 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD 2013-12-30 19:08 - 2013-09-23 20:33 - 00000000 ____D C:\Program Files\Adobe 2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar Some content of TEMP: ==================== C:\Users\Cristina\AppData\Local\Temp\avgnt.exe C:\Users\Cristina\AppData\Local\Temp\BackupSetup.exe C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe C:\Users\Cristina\AppData\Local\Temp\jpv1vzd8.dll C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe C:\Users\Cristina\AppData\Local\Temp\utt17C5.tmp.exe C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe C:\Users\Cristina\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-13 00:57 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 Ran by Cristina at 2014-01-27 13:49:56 Running from C:\Users\Cristina\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39 - Atheros Communications Inc.) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.) Bonjour (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden Doc Convertor 1.0 (Beta) (x32 Version: - OverZone Software) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (Version: 13.0 - HP) HP Document Manager 2.0 (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (Version: 13.0 - HP) HP Officejet 4500 G510g-m (Version: 13.0 - HP) HP Smart Web Printing 4.5 (Version: 4.5 - HP) HP Solution Center 13.0 (Version: 13.0 - HP) HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (x32 Version: 8.15.10.2372 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation) iTunes (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400 - Oracle) Java(TM) 6 Update 25 (64-bit) (Version: 6.0.250 - Oracle) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MP3 Rocket (x32 Version: 6.4.1 - MP3 TechSupport Inc) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP) OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (x32 Version: 6.0.1.6334 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10010 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Steam (x32 Version: - Valve Corporation) Synaptics Pointing Device Driver (Version: 15.1.12.0 - Synaptics Incorporated) The Stanley Parable (x32 Version: - Galactic Cafe) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) VisualSVN Server 2.7.3 (x32 Version: 2.7.3.0 - VisualSVN Ltd.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WordToPDF 2.9 (x32 Version: 2.9 - Mario Noack) Yahoo! Toolbar (x32 Version: - ) ==================== Restore Points ========================= 26-12-2013 17:55:38 Windows Update 31-12-2013 11:38:33 Windows Update 31-12-2013 11:53:00 Windows Update 02-01-2014 02:00:17 Windows Update 07-01-2014 14:04:39 Windows Update 12-01-2014 22:39:55 Windows Update 16-01-2014 00:01:31 Windows Update 22-01-2014 16:14:35 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {84ABB391-6D18-4B55-BD2D-4726EE9B45A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.) Task: {EBF2D344-597D-492C-8421-9031963362B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-23 23:03 - 2011-06-07 02:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-23 09:00 - 2013-09-23 08:58 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Cristina\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-17 15:15 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll 2014-01-17 15:15 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll 2014-01-17 15:15 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll 2014-01-17 15:15 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll 2014-01-17 15:15 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll 2013-11-18 15:13 - 2013-11-18 15:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll 2013-09-23 23:01 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2014 01:41:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2014 09:31:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2014 01:35:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3860369 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3860369 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/22/2014 05:07:04 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/24/2014 09:31:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/24/2014 09:31:39 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/24/2014 09:31:39 PM) (Source: DCOM) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/21/2014 11:18:33 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/21/2014 11:18:33 AM) (Source: DCOM) (User: ) Description: 1053HPSLPSVC{10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (01/21/2014 11:18:32 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Network Devices Support erreicht. Error: (01/09/2014 11:10:45 AM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/09/2014 11:10:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/09/2014 11:10:44 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/07/2014 08:12:41 PM) (Source: DCOM) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (01/27/2014 01:41:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2014 09:31:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2014 01:35:38 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3860369 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3860369 Error: (01/23/2014 09:21:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (01/23/2014 04:13:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/22/2014 05:07:04 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-01-23 23:02:40.085 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 23:02:39.983 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 23:02:39.877 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 23:02:39.708 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 23:02:39.607 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 23:02:39.502 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 22:46:49.400 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 22:46:49.297 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 22:46:49.183 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-23 22:46:48.569 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 4003 MB Available physical RAM: 1662.27 MB Total Pagefile: 8004.19 MB Available Pagefile: 5142.52 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:421.44 GB) NTFS Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:14.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=658 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
28.01.2014, 11:05 | #6 |
/// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Nix dramatisches, bissl PUP und Adware. MBAM nochmal scannen lassen, Funde auch löschen lassen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. |
28.01.2014, 21:59 | #7 |
| Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. Vielen Dank! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 28/01/2014 um 01:03:50 # Aktualisiert 12/01/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Cristina - CRISTINA-PC # Gestartet von : C:\Users\Cristina\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Cristina\AppData\Local\Temp\OCS Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage Datei Gelöscht : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Google Chrome v32.0.1700.76 [ Datei : C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage ************************* AdwCleaner[R0].txt - [12141 octets] - [28/01/2014 01:00:42] AdwCleaner[S0].txt - [11448 octets] - [28/01/2014 01:03:50] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11509 octets] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Home Premium x64 Ran by Cristina on 28.01.2014 at 21:40:09,96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.01.2014 at 21:46:40,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02 Ran by Cristina (administrator) on CRISTINA-PC on 28-01-2014 21:55:53 Running from C:\Users\Cristina\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Dropbox, Inc.) C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-06-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-06-07] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-06-07] (Synaptics Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-06-07] (Renesas Electronics Corporation) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Runonce: [Uninstall C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cristina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" Startup: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D5ACC8B30B8CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23] CHR Extension: (Google Drive) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23] CHR Extension: (YouTube) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23] CHR Extension: (Google-Suche) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23] CHR Extension: (AdBlock) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-23] CHR Extension: (Proxy link for YouTube™) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp [2013-11-13] CHR Extension: (Google Wallet) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24904 2013-11-25] (Apache Software Foundation) S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [121672 2013-11-25] (VisualSVN Ltd.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-28 21:55 - 2014-01-28 21:55 - 00000000 ____D C:\Users\Cristina\Downloads\FRST-OlderVersion 2014-01-28 21:46 - 2014-01-28 21:46 - 00000628 _____ C:\Users\Cristina\Desktop\JRT.txt 2014-01-28 21:40 - 2014-01-28 21:40 - 00000000 ____D C:\Windows\ERUNT 2014-01-28 21:33 - 2014-01-28 21:34 - 01037068 _____ (Thisisu) C:\Users\Cristina\Downloads\JRT.exe 2014-01-28 01:00 - 2014-01-28 01:04 - 00000000 ____D C:\AdwCleaner 2014-01-28 00:59 - 2014-01-28 01:00 - 01236282 _____ C:\Users\Cristina\Downloads\adwcleaner.exe 2014-01-27 13:49 - 2014-01-27 13:50 - 00023345 _____ C:\Users\Cristina\Downloads\Addition.txt 2014-01-27 13:48 - 2014-01-28 21:55 - 00011416 _____ C:\Users\Cristina\Downloads\FRST.txt 2014-01-27 13:48 - 2014-01-28 21:55 - 00000000 ____D C:\FRST 2014-01-27 13:43 - 2014-01-28 21:55 - 02079232 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe 2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-23 11:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-22 18:06 - 2014-01-22 19:26 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt 2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java 2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip 2014-01-02 03:01 - 2014-01-02 03:02 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip 2013-12-31 02:23 - 2013-12-31 02:26 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4 2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe 2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS 2013-12-31 02:22 - 2013-12-31 02:23 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe 2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG 2013-12-31 02:06 - 2013-12-31 12:44 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP 2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo! 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m 2013-12-31 01:59 - 2009-06-02 00:36 - 01418240 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop5.dll 2013-12-31 01:59 - 2009-06-02 00:36 - 00979456 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax6.dll 2013-12-31 01:59 - 2009-06-02 00:36 - 00503296 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwvst01.dll 2013-12-31 01:59 - 2009-06-02 00:35 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll 2013-12-31 01:59 - 2009-05-18 22:35 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll 2013-12-31 01:58 - 2013-12-31 02:03 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-31 01:58 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll 2013-12-31 01:54 - 2013-12-31 02:06 - 00239333 _____ C:\Windows\hpwins26.dat 2013-12-31 01:54 - 2013-12-31 02:06 - 00000777 _____ C:\ProgramData\hpzinstall.log 2013-12-31 01:54 - 2013-12-31 02:06 - 00000000 ____D C:\ProgramData\HP 2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef 2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef 2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef 2013-12-30 21:59 - 2013-12-30 22:00 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD 2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar ==================== One Month Modified Files and Folders ======= 2014-01-28 21:56 - 2014-01-27 13:48 - 00011416 _____ C:\Users\Cristina\Downloads\FRST.txt 2014-01-28 21:55 - 2014-01-28 21:55 - 00000000 ____D C:\Users\Cristina\Downloads\FRST-OlderVersion 2014-01-28 21:55 - 2014-01-27 13:48 - 00000000 ____D C:\FRST 2014-01-28 21:55 - 2014-01-27 13:43 - 02079232 _____ (Farbar) C:\Users\Cristina\Downloads\FRST64.exe 2014-01-28 21:52 - 2013-09-26 08:15 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Dropbox 2014-01-28 21:46 - 2014-01-28 21:46 - 00000628 _____ C:\Users\Cristina\Desktop\JRT.txt 2014-01-28 21:40 - 2014-01-28 21:40 - 00000000 ____D C:\Windows\ERUNT 2014-01-28 21:34 - 2014-01-28 21:33 - 01037068 _____ (Thisisu) C:\Users\Cristina\Downloads\JRT.exe 2014-01-28 21:00 - 2013-09-23 08:44 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-28 19:30 - 2013-09-23 08:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-28 19:19 - 2013-09-23 08:47 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-28 16:59 - 2013-09-22 20:54 - 01989324 _____ C:\Windows\WindowsUpdate.log 2014-01-28 12:23 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-28 12:23 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-28 12:18 - 2013-09-26 08:17 - 00000000 ___RD C:\Users\Cristina\Dropbox 2014-01-28 12:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 12:15 - 2009-07-14 05:51 - 00038889 _____ C:\Windows\setupact.log 2014-01-28 01:04 - 2014-01-28 01:00 - 00000000 ____D C:\AdwCleaner 2014-01-28 01:00 - 2014-01-28 00:59 - 01236282 _____ C:\Users\Cristina\Downloads\adwcleaner.exe 2014-01-27 13:50 - 2014-01-27 13:49 - 00023345 _____ C:\Users\Cristina\Downloads\Addition.txt 2014-01-23 11:45 - 2014-01-23 11:45 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-23 11:45 - 2014-01-23 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-23 11:32 - 2014-01-23 11:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Cristina\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-22 19:26 - 2014-01-22 18:06 - 00009162 _____ C:\Users\Cristina\Desktop\Unbenannt 1.odt 2014-01-16 17:59 - 2009-07-14 05:45 - 04918632 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 23:49 - 2013-09-26 08:17 - 00001033 _____ C:\Users\Cristina\Desktop\Dropbox.lnk 2014-01-15 23:49 - 2013-09-26 08:16 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 23:49 - 2013-09-22 21:34 - 00000000 ___RD C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 22:40 - 2013-12-10 19:54 - 00000000 ____D C:\Users\Cristina\AppData\Local\Eclipse 2014-01-03 23:32 - 2014-01-03 23:32 - 00004318 _____ C:\Users\Cristina\Downloads\BackgroundPanel.java 2014-01-03 15:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-02 17:18 - 2014-01-02 17:18 - 11908104 _____ C:\Users\Cristina\Downloads\02.zip 2014-01-02 03:02 - 2014-01-02 03:01 - 00287030 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00289238 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-12-31 12:53 - 2013-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-12-31 12:44 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\HP 2013-12-31 12:32 - 2013-12-31 12:32 - 03571111 _____ C:\Users\Cristina\Downloads\Weiterfoerderung.zip 2013-12-31 12:31 - 2013-09-23 08:43 - 00064408 _____ C:\Users\Cristina\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-31 02:26 - 2013-12-31 02:23 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4 2013-12-31 02:23 - 2013-12-31 02:23 - 00087704 _____ C:\Windows\cadkasdeinst01.exe 2013-12-31 02:23 - 2013-12-31 02:23 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\CAD-KAS 2013-12-31 02:23 - 2013-12-31 02:22 - 06965784 _____ C:\Users\Cristina\Downloads\pdfeditor40.exe 2013-12-31 02:07 - 2013-12-31 02:07 - 00000000 ____D C:\ProgramData\WEBREG 2013-12-31 02:06 - 2013-12-31 02:06 - 00000000 ____D C:\Users\Cristina\AppData\Local\HP 2013-12-31 02:06 - 2013-12-31 01:54 - 00239333 _____ C:\Windows\hpwins26.dat 2013-12-31 02:06 - 2013-12-31 01:54 - 00000777 _____ C:\ProgramData\hpzinstall.log 2013-12-31 02:06 - 2013-12-31 01:54 - 00000000 ____D C:\ProgramData\HP 2013-12-31 02:06 - 2009-07-14 03:34 - 00000438 _____ C:\Windows\win.ini 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Users\Cristina\AppData\Roaming\Yahoo! 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\ProgramData\Yahoo! Companion 2013-12-31 02:04 - 2013-12-31 02:04 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-12-31 02:03 - 2013-12-31 01:58 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-31 02:02 - 2013-12-31 02:02 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-31 02:02 - 2013-12-31 02:02 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-31 01:59 - 2013-12-31 01:59 - 00000000 ____D C:\Windows\hpoj4500g510g-m 2013-12-31 01:41 - 2013-12-31 01:41 - 00008581 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt3.dgef 2013-12-31 01:33 - 2013-12-31 01:33 - 00003333 _____ C:\Users\Cristina\Downloads\bafoeg_Anlage1FB1.dgef 2013-12-31 01:29 - 2013-12-31 01:29 - 00008037 _____ C:\Users\Cristina\Downloads\bafoeg_Formblatt1.dgef 2013-12-30 22:28 - 2013-11-12 14:00 - 00000000 ___RD C:\Users\Cristina\SkyDrive 2013-12-30 22:00 - 2013-12-30 21:59 - 62124294 _____ C:\Users\Cristina\Downloads\BACKGROUND3.PSD 2013-12-30 19:08 - 2013-09-23 20:33 - 00000000 ____D C:\Program Files\Adobe 2013-12-30 19:02 - 2013-12-30 19:02 - 00851417 _____ C:\Users\Cristina\Downloads\painted-brushes.rar Some content of TEMP: ==================== C:\Users\Cristina\AppData\Local\Temp\avgnt.exe C:\Users\Cristina\AppData\Local\Temp\BackupSetup.exe C:\Users\Cristina\AppData\Local\Temp\IminentSetup_20130624.exe C:\Users\Cristina\AppData\Local\Temp\jpv1vzd8.dll C:\Users\Cristina\AppData\Local\Temp\nsb6727.exe C:\Users\Cristina\AppData\Local\Temp\nsd91D7.exe C:\Users\Cristina\AppData\Local\Temp\nsdB274.exe C:\Users\Cristina\AppData\Local\Temp\nsi94C5.exe C:\Users\Cristina\AppData\Local\Temp\nsiAFD4.exe C:\Users\Cristina\AppData\Local\Temp\Quarantine.exe C:\Users\Cristina\AppData\Local\Temp\utt17C5.tmp.exe C:\Users\Cristina\AppData\Local\Temp\utt6DB2.tmp.exe C:\Users\Cristina\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-27 15:05 ==================== End Of Log ============================ |
29.01.2014, 12:30 | #8 |
/// the machine /// TB-Ausbilder | Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll. |
dateien, durchgeführt, funde, gefunde, hoffe, infizierte datei, infizierte dateien, malwarebytes, nicht sicher, pup.optional.conduit.a, pup.optional.iminent.a, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.spigot.a, schnell, umgehen, verdächtige, zunächst |