wuehler56 | 08.02.2015 20:37 | MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.02.2015
Suchlauf-Zeit: 20:02:54
Logdatei: MBMAuswertung.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.08.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: holgerWin7
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332698
Verstrichene Zeit: 3 Min, 58 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 2
PUP.Optional.HealthAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KlxeUCxSK, In Quarantäne, [a560d3495634c17523c23ebdb34e6b95],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [3fc6de3e4842ff375d22087ffd0638c8],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 3
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
Dateien: 52
PUP.Optional.HealthAlert.A, C:\ProgramData\lmfwqlfa\KlxeUCxSK.exe, In Quarantäne, [a560d3495634c17523c23ebdb34e6b95],
PUP.Optional.HealthAlert.A, C:\ProgramData\lmfwqlfa\dat\IDcKIkIT.exe, In Quarantäne, [c2434bd1e9a11620c4214bb008f9a858],
PUP.Optional.HealthAlert.A, C:\ProgramData\lmfwqlfa\dat\IOJOteZzzv.exe, In Quarantäne, [21e4918b1f6bbd797273b14a3ac7bf41],
PUP.Optional.CelebrityAlert.A, C:\ProgramData\lmfwqlfa\dat\jjFhNn.dll, In Quarantäne, [e02539e33258023457a91c8e11f40af6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\uninstall.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\amazon.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\argos.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\ask.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\bestbuy.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\ebay.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\etsy.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\facebook.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\favicon.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\google.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\homedepot.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\ikea.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\imdb.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\lowes.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\mercado.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\mysearchweb.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\myshopping.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\searchresult.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\sears.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\setting.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\settings.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\shopping.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\target.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\tesco.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\tripadvisor.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\twitter.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\wajam.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\walmart.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\wiki.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\yahoo.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\Logos\zalando.ico, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\1a79481564ec9035d56c0626bb372ba2, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\1af2a17a1d8b2a7a596f70d2e821bf62, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\b5ee3c46972a98083c47fb2bd1f489f1, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\bc0e8acf5e9055ff0ea289d49ed16c07, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\dba5d5eaa194a5422a01e670dd73b448, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\e5cca93dc1ab51b874334bd320aadf4b, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\InternetEnhancer.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\InternetEnhancerService.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\makecert.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\setup.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\wie, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WajIntEnhance\WajIntEnhance Internet Enhancer\WJManifest, In Quarantäne, [17eed7454c3e7eb87ca8325441c2fb05],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by holgerWin7 on 08.02.2015 at 20:17:20,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\holgerWin7\AppData\Roaming\mozilla\firefox\profiles\4j1395ww.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 20:21:03,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix: Code:
ComboFix 15-02-08.01 - holgerWin7 08.02.2015 20:23:12.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.7106.5843 [GMT 1:00]
ausgeführt von:: C:\Users\holgerWin7\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((( Dateien erstellt von 2015-01-08 bis 2015-02-08 ))))))))))))))))))))))))))))))
2015-02-08 19:26:49 . 2015-02-08 19:26:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-02-08 18:57:17 . 2015-02-08 19:14:39 -------- d-----w- C:\AdwCleaner
2015-02-08 18:56:06 . 2015-02-08 19:09:06 129752 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-08 18:55:53 . 2015-02-08 18:55:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 18:55:53 . 2015-02-08 18:55:53 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-08 18:55:53 . 2014-11-21 05:14:22 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2015-02-08 18:55:53 . 2014-11-21 05:14:12 93400 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-08 18:55:53 . 2014-11-21 05:14:08 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2015-02-08 15:15:48 . 2015-02-08 15:15:48 -------- d-----w- C:\ProgramData\Canneverbe Limited
2015-02-08 15:15:34 . 2015-02-08 16:04:09 -------- d-----w- C:\Program Files (x86)\CDBurnerXP
2015-02-05 16:50:29 . 2015-02-05 16:50:29 -------- d-----w- C:\Windows\Migration
2015-02-05 16:37:33 . 2015-02-05 16:37:33 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2015-02-05 16:36:44 . 2015-02-05 16:40:11 -------- d-----w- C:\e34e485e807241ce3c9397a5
2015-02-05 16:25:29 . 2015-02-05 16:25:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-02-05 16:14:59 . 2015-02-05 16:15:02 -------- d-----w- C:\Program Files (x86)\MyPhoneExplorer
2015-02-05 15:30:27 . 2015-02-05 15:32:42 -------- d-----w- C:\Program Files\CCleaner
2015-02-05 14:49:16 . 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\system32\scavengeui.dll
2015-02-05 13:49:28 . 2015-02-05 13:49:32 -------- d-----w- C:\Windows\rescache
2015-02-03 18:36:28 . 2015-02-03 18:37:19 -------- d-----w- C:\FRST
2015-02-03 00:10:22 . 2015-02-03 00:10:22 -------- d-----w- C:\Program Files\7-Zip
2015-02-02 22:31:07 . 2015-02-08 19:07:17 -------- d-----w- C:\ProgramData\lmfwqlfa
2015-01-31 17:23:19 . 2015-01-31 17:23:19 -------- d-----w- C:\Program Files (x86)\Browny02
2015-01-31 17:23:18 . 2015-01-31 17:23:19 -------- d-----w- C:\Program Files (x86)\Brother
2015-01-31 17:23:18 . 2012-08-20 04:19:18 1560576 ----a-w- C:\Windows\system32\BrWi209c.dll
2015-01-31 17:23:18 . 2010-03-08 12:50:22 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2015-01-31 17:23:18 . 2010-02-09 16:11:34 217088 ------w- C:\Windows\SysWow64\NSSearch.dll
2015-01-31 17:23:18 . 2010-01-22 07:52:41 61440 ----a-w- C:\Windows\SysWow64\brprtink.dll
2015-01-31 17:23:18 . 2009-08-18 10:36:54 50688 ----a-w- C:\Windows\system32\BrUsi09c.dll
2015-01-31 17:23:18 . 2007-12-13 21:16:24 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2015-01-31 17:23:18 . 2007-12-13 21:16:18 5632 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2015-01-31 17:23:17 . 2010-02-05 10:42:34 180224 ------w- C:\Windows\SysWow64\BroSNMP.dll
2015-01-31 17:22:36 . 2015-01-31 17:22:36 -------- d-----w- C:\ProgramData\Brother
2015-01-30 18:58:19 . 2014-11-22 02:26:31 968704 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-30 18:58:14 . 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-01-30 18:58:14 . 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2015-01-30 18:58:13 . 2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2015-01-30 18:58:13 . 2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\system32\d2d1.dll
2015-01-29 23:25:42 . 2015-01-29 23:25:42 -------- d-----w- C:\ProgramData\ATI
2015-01-29 23:08:24 . 2015-01-29 23:08:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-01-29 23:08:24 . 2015-01-29 23:08:24 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-01-29 23:08:23 . 2015-01-29 23:08:23 -------- d-----w- C:\Program Files\AMD
2015-01-29 23:08:23 . 2015-01-29 23:08:23 -------- d-----w- C:\Program Files (x86)\AMD
2015-01-29 23:07:50 . 2015-01-29 23:08:01 -------- d-----w- C:\Program Files\ATI Technologies
2015-01-29 23:04:13 . 2013-11-06 10:40:46 83176 ----a-w- C:\Windows\system32\drivers\amd_sata.sys
2015-01-29 23:04:13 . 2013-11-06 10:40:46 43240 ----a-w- C:\Windows\system32\drivers\amd_xata.sys
2015-01-29 23:03:40 . 2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\system32\WindowsCodecs.dll
2015-01-29 23:03:40 . 2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-29 23:03:20 . 2015-01-29 23:03:20 -------- d-----w- C:\ProgramData\ASRock
2015-01-29 23:01:48 . 2014-05-08 18:25:58 939224 ----a-w- C:\Windows\system32\drivers\Rt64win7.sys
2015-01-29 23:01:48 . 2014-05-08 18:25:58 73800 ----a-w- C:\Windows\system32\RtNicProp64.dll
2015-01-29 22:41:14 . 2015-01-29 22:41:14 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2015-01-29 22:41:13 . 2015-01-29 22:41:13 -------- d-----w- C:\Windows\system32\wbem\en-US
2015-01-29 21:59:05 . 2013-10-14 17:00:00 28368 ----a-w- C:\Windows\system32\IEUDINIT.EXE
2015-01-29 21:49:55 . 2015-01-29 21:49:55 878080 ----a-w- C:\Windows\system32\advapi32.dll
2015-01-29 21:49:55 . 2015-01-29 21:49:55 859648 ----a-w- C:\Windows\system32\tdh.dll
2015-01-29 21:49:55 . 2015-01-29 21:49:55 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-01-29 21:49:55 . 2015-01-29 21:49:55 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-01-29 21:49:55 . 2015-01-29 21:49:55 1732032 ----a-w- C:\Windows\system32\ntdll.dll
2015-01-29 21:49:55 . 2015-01-29 21:49:55 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-01-29 21:48:59 . 2015-01-29 21:48:59 327168 ----a-w- C:\Windows\system32\mswsock.dll
2015-01-29 21:48:59 . 2015-01-29 21:48:59 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2015-01-29 21:42:02 . 2015-01-29 21:42:02 1887232 ----a-w- C:\Windows\system32\d3d11.dll
2015-01-29 21:42:02 . 2015-01-29 21:42:02 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2015-01-29 21:02:22 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2015-01-29 21:02:22 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2015-01-29 21:02:22 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2015-01-29 20:55:38 . 2015-01-29 20:57:57 -------- d-----w- C:\Windows\system32\MRT
2015-01-29 20:54:40 . 2014-03-09 21:48:52 171160 ----a-w- C:\Windows\system32\infocardapi.dll
2015-01-29 20:54:40 . 2014-03-09 21:48:51 1389208 ----a-w- C:\Windows\system32\icardagt.exe
2015-01-29 20:54:40 . 2014-03-09 21:47:43 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-01-29 20:54:40 . 2014-03-09 21:47:42 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-01-29 20:54:39 . 2014-06-30 22:24:50 8856 ----a-w- C:\Windows\system32\icardres.dll
2015-01-29 20:54:39 . 2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-01-29 20:54:35 . 2014-06-06 06:16:07 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-01-29 20:54:35 . 2014-06-06 06:12:57 35480 ----a-w- C:\Windows\system32\TsWpfWrp.exe
2015-01-29 20:52:59 . 2014-03-04 09:44:20 39936 ----a-w- C:\Windows\system32\wincredprovider.dll
2015-01-29 20:51:49 . 2014-12-19 03:06:55 210432 ----a-w- C:\Windows\system32\profsvc.dll
2015-01-29 20:50:59 . 2014-12-11 17:47:12 52736 ----a-w- C:\Windows\system32\TSWbPrxy.exe
2015-01-29 20:41:53 . 2012-06-06 06:05:51 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2015-01-29 20:32:19 . 2015-01-29 20:32:20 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
2015-01-29 20:28:54 . 2015-01-29 20:28:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-29 20:28:54 . 2015-01-29 20:28:54 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-29 20:28:53 . 2015-01-29 20:28:53 -------- d-----w- C:\Windows\SysWow64\Macromed
2015-01-29 20:28:52 . 2015-01-29 20:28:52 -------- d-----w- C:\Windows\system32\Macromed
2015-01-29 20:25:18 . 2015-01-29 22:52:17 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 20:21:42 . 2015-01-29 20:21:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2015-01-29 19:14:01 . 2015-01-29 19:14:01 177752 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-01-29 19:14:01 . 2015-01-29 19:14:01 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2015-01-29 19:13:53 . 2015-01-29 19:13:53 22280 ----a-w- C:\Windows\SysWow64\drivers\AsrDrv101.sys
2015-01-29 19:13:40 . 2015-01-30 19:22:58 -------- d-----w- C:\Windows\system32\drivers\NISx64
2015-01-29 19:13:39 . 2015-01-29 19:16:46 -------- d-----w- C:\ProgramData\Norton
2015-01-29 19:13:39 . 2015-01-29 19:13:40 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2015-01-29 19:13:09 . 2015-01-29 19:13:10 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2015-01-29 19:12:13 . 2014-05-14 16:23:47 44512 ----a-w- C:\Windows\system32\wups2.dll
2015-01-29 19:12:13 . 2014-05-14 16:23:46 58336 ----a-w- C:\Windows\system32\wuauclt.exe
2015-01-29 19:12:13 . 2014-05-14 16:23:46 2477536 ----a-w- C:\Windows\system32\wuaueng.dll
2015-01-29 19:12:13 . 2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\system32\wucltux.dll
2015-01-29 19:12:05 . 2014-05-14 16:23:52 38880 ----a-w- C:\Windows\system32\wups.dll
2015-01-29 19:12:05 . 2014-05-14 16:23:42 36320 ----a-w- C:\Windows\SysWow64\wups.dll
2015-01-29 19:12:05 . 2014-05-14 16:23:38 700384 ----a-w- C:\Windows\system32\wuapi.dll
2015-01-29 19:12:05 . 2014-05-14 16:23:38 581600 ----a-w- C:\Windows\SysWow64\wuapi.dll
2015-01-29 19:12:05 . 2014-05-14 16:20:45 97792 ----a-w- C:\Windows\system32\wudriver.dll
2015-01-29 19:12:05 . 2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-01-29 19:11:59 . 2014-05-14 08:23:04 198600 ----a-w- C:\Windows\system32\wuwebv.dll
2015-01-29 19:11:59 . 2014-05-14 08:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-01-29 19:11:59 . 2014-05-14 08:20:46 36864 ----a-w- C:\Windows\system32\wuapp.exe
2015-01-29 19:11:59 . 2014-05-14 08:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-01-29 19:11:49 . 2015-01-29 19:11:52 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2015-01-29 19:10:59 . 2015-01-29 19:10:59 -------- d-----w- C:\Program Files\ASRock
2015-01-29 19:10:59 . 2013-05-31 15:23:40 1814880 ----a-w- C:\Windows\system32\drivers\cfosspeed6.sys
2015-01-29 19:10:58 . 2015-01-29 19:10:58 -------- d-----w- C:\ProgramData\cFos
2015-01-29 19:10:51 . 2013-07-25 14:04:54 613640 ----a-w- C:\Windows\system32\USBKeyCredentialProvider.dll
2015-01-29 19:10:49 . 2013-05-09 15:50:48 40200 ----a-w- C:\Windows\system32\drivers\AsrRamDisk.sys
2015-01-29 19:10:46 . 2015-01-29 19:10:46 -------- d-----w- C:\Windows\ASRock
2015-01-29 19:10:38 . 2015-02-08 15:46:19 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2015-01-29 19:10:28 . 2015-01-29 19:10:30 -------- d-----w- C:\Program Files (x86)\Google
2015-01-29 19:10:11 . 2011-11-07 09:13:06 17192 ----a-w- C:\Windows\system32\drivers\AsrAppCharger.sys
2015-01-29 19:10:10 . 2015-01-29 19:10:49 -------- d-----w- C:\Program Files\ASRock Utility
2015-01-29 19:09:25 . 2014-05-08 18:25:58 107552 ----a-w- C:\Windows\system32\RTNUninst64.dll
2015-01-29 19:07:44 . 2015-01-29 19:07:44 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-01-29 19:04:17 . 2015-01-29 23:08:25 -------- d-----w- C:\ProgramData\AMD
2015-01-29 19:04:13 . 2013-05-27 19:09:38 227648 ----a-w- C:\Windows\system32\drivers\amdxhc.sys
2015-01-29 19:04:13 . 2013-05-27 19:09:38 106816 ----a-w- C:\Windows\system32\drivers\amdhub30.sys
2015-01-29 19:04:11 . 2015-01-29 19:04:11 -------- d-----w- C:\Program Files\ATI
2015-01-29 19:04:08 . 2015-01-29 23:07:42 -------- d-----w- C:\Program Files (x86)\ATI Technologies
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-11-01 10:34:48 389120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-02 04:01:24 767200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 ASRockIOMon;ASRock IO Monitor Service;C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe;C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [x]
R3 AsrDrv101;AsrDrv101;C:\Windows\SysWOW64\Drivers\AsrDrv101.sys;C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [x]
R3 AsrSetupDrv;AsrSetupDrv;C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys;C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [x]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe;C:\Program Files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 AsrRamDisk;AsrRamDisk;C:\Windows\system32\DRIVERS\AsrRamDisk.sys;C:\Windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys;C:\Windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys;C:\Windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys;C:\Windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S3 ccSet_NIS;NIS Settings Manager;C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;C:\Windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150206.001\IDSvia64.sys;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150206.001\IDSvia64.sys [x]
S3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys;C:\Windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;C:\Windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;C:\Windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;C:\Windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;C:\Windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-29 19:10:30 1642448 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\Installer\chrmstp.exe
Inhalt des "geplante Tasks" Ordners
2015-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 19:10:28 . 2015-01-29 19:10:27]
2015-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 19:10:28 . 2015-01-29 19:10:27]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16:42 164760 ----a-w- C:\Users\holgerWin7\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 09:41:04 97280]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 02:57:28 13513288]
"XFast LAN"="C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe" [2013-05-31 15:23:34 2009952]
------- Zusätzlicher Suchlauf -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.111.1
FF - ProfilePath - C:\Users\holgerWin7\AppData\Roaming\Mozilla\Firefox\Profiles\4j1395ww.default\
FF - prefs.js: browser.startup.homepage - about:blank |