| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ms13-052 Virus nach öffnen von .rtf DateiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2014, 18:22
| #1 |
 |  ms13-052 Virus nach öffnen von .rtf Datei Hallo, ich habe leider so wie bereits einige Vorgänger den Fehler gemacht nen Anhang von ner Mail zu öffnen die mir anfänglich vertraulich vorkam und als ichs als Spam erkannte zu spät war. Threat von einem Vorgänger zB. http://www.trojaner-board.de/144941-...e-net-4-a.html Ich bin über die Suchfunktion jedenfalls gleich mehrmals auf eure Seite gekommen daher wärs super wenn ihr mir helfen könntet. Habe jedenfalls die selbe Grafik, habe einen FRST Scan durchgeführt, die Textdatei ist direkt unten. Vielen Dank im Voraus. Liebe Grüße, Jonas FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by jonas (administrator) on MOLBIOTECH26 on 05-06-2014 19:12:00
Running from C:\Users\jonas\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Invitrogen Corp) C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Vector NTI 10.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-16] (APN)
HKU\S-1-5-21-1952926635-466019637-909878624-1001\...\Run: [0CGPckmnqwz] => C:\ProgramData\0CGPckmnqwz.exe [367864 2014-06-05] (drfedcfvgy)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x700C488C186CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Ncbi.dll (Informax Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{DA415218-9C9E-4A05-99FA-758128D43D1F}: [NameServer]128.131.4.3,128.130.4.3
FireFox:
========
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-03-26]
FF Extension: Adblock Plus - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-23]
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (YouTube) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-09] (Avira GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 19:03 - 2014-06-05 19:12 - 00016169 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-05 19:02 - 2014-06-05 19:12 - 00000000 ____D () C:\FRST
2014-06-05 15:20 - 2014-06-05 15:20 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-05 15:18 - 2014-06-05 15:19 - 02068992 _____ (Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
2014-06-05 14:13 - 2014-06-05 14:13 - 00367864 ____H (drfedcfvgy) C:\ProgramData\0CGPckmnqwz.exe
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-15 15:10 - 2014-05-15 15:11 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-14 17:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:55 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 17:55 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 17:55 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:55 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 17:55 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 17:55 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 14:14 - 2014-05-12 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-05 19:12 - 2014-06-05 19:03 - 00016169 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-05 19:12 - 2014-06-05 19:02 - 00000000 ____D () C:\FRST
2014-06-05 19:12 - 2013-04-02 11:10 - 00000000 ____D () C:\Users\jonas\AppData\Local\Temp
2014-06-05 19:03 - 2012-11-23 17:22 - 01059627 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 18:52 - 2012-11-27 10:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 18:26 - 2012-11-26 17:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 15:20 - 2014-06-05 15:20 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-05 15:19 - 2014-06-05 15:18 - 02068992 _____ (Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
2014-06-05 15:15 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:15 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:06 - 2013-04-02 11:18 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Dropbox
2014-06-05 15:05 - 2014-05-03 12:26 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\DropboxMaster
2014-06-05 15:05 - 2013-04-08 11:40 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\stickies
2014-06-05 15:05 - 2013-04-02 11:24 - 00000000 ___RD () C:\Users\jonas\Dropbox
2014-06-05 15:05 - 2012-11-27 10:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 15:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 15:04 - 2009-07-14 06:51 - 00083010 _____ () C:\Windows\setupact.log
2014-06-05 14:13 - 2014-06-05 14:13 - 00367864 ____H (drfedcfvgy) C:\ProgramData\0CGPckmnqwz.exe
2014-06-05 12:16 - 2013-12-04 15:49 - 00000000 ____D () C:\Program Files (x86)\NTI Database
2014-06-05 11:19 - 2013-04-02 11:11 - 00000000 ____D () C:\Users\jonas\AppData\Local\Adobe
2014-06-04 15:25 - 2014-01-16 16:11 - 00000000 ____D () C:\Users\jonas\Desktop\Lab Book Jonas *** 2014 -
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-06-04 15:04 - 2013-05-18 13:26 - 00000000 ____D () C:\Users\jonas\AppData\Local\CutePDF Writer
2014-06-04 13:24 - 2013-04-02 11:16 - 00000000 ____D () C:\Users\jonas\Desktop\Papers PDF
2014-06-03 17:17 - 2014-02-05 10:47 - 00093051 _____ () C:\Users\jonas\Desktop\Scale Protocol.xlsx
2014-06-02 14:31 - 2013-05-14 17:19 - 00045557 _____ () C:\Users\jonas\Desktop\Primers_Jonas 2013 -.xlsx
2014-05-28 13:49 - 2013-11-25 11:43 - 00000000 ____D () C:\Users\jonas\Desktop\Projekte
2014-05-28 13:48 - 2013-12-05 10:25 - 00000000 ____D () C:\Users\jonas\Desktop\Listen
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-23 15:21 - 2010-11-21 08:22 - 00698726 _____ () C:\Windows\system32\perfh007.dat
2014-05-23 15:21 - 2010-11-21 08:22 - 00148782 _____ () C:\Windows\system32\perfc007.dat
2014-05-23 15:21 - 2009-07-14 07:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 15:20 - 2014-01-20 12:20 - 00022304 _____ () C:\Users\jonas\Desktop\FillIn Excel.xlsx
2014-05-23 08:47 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 08:46 - 2013-04-02 11:20 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 16:36 - 2014-01-16 17:49 - 00524800 _____ () C:\Users\jonas\Desktop\TUWIEN_Jonas***.xls
2014-05-20 17:35 - 2013-04-08 11:36 - 00000000 ____D () C:\Users\jonas\AppData\Local\Paint.NET
2014-05-15 15:11 - 2014-05-15 15:10 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-15 14:39 - 2013-04-02 11:17 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Skype
2014-05-15 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 10:36 - 2013-04-30 17:00 - 00000000 ___RD () C:\Users\jonas\Virtual Machines
2014-05-15 10:36 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 10:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 17:59 - 2012-11-26 11:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 17:52 - 2013-08-30 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:50 - 2012-11-26 17:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 11:26 - 2012-11-26 17:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:26 - 2012-11-26 17:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:26 - 2012-11-26 17:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 09:10 - 2012-11-26 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 14:14 - 2014-05-12 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:47 - 2012-11-27 10:45 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 08:47 - 2012-11-27 10:45 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-14 17:55 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-14 17:55 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-14 17:55 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
Files to move or delete:
====================
C:\ProgramData\0CGPckmnqwz.exe
Some content of TEMP:
====================
C:\Users\jonas\AppData\Local\Temp\APNSetup.exe
C:\Users\jonas\AppData\Local\Temp\AskSLib.dll
C:\Users\jonas\AppData\Local\Temp\converter.exe
C:\Users\jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptt7vfi.dll
C:\Users\jonas\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\jonas\AppData\Local\Temp\Foxit Updater.exe
C:\Users\jonas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\jonas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\jonas\AppData\Local\Temp\MSN34B9.exe
C:\Users\jonas\AppData\Local\Temp\ose00000.exe
C:\Users\jonas\AppData\Local\Temp\ose00001.exe
C:\Users\Silvia\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Silvia\AppData\Local\Temp\Risweb32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 12:11
==================== End Of Log ============================
Geändert von cosinus (16.01.2017 um 20:03 Uhr) Grund: Name unkenntlich gemacht |
|
05.06.2014, 19:09
| #2 |
| /// the machine /// TB-Ausbilder    | ms13-052 Virus nach öffnen von .rtf Datei Hi,
__________________Addition.txt fehlt noch 
__________________ |
|
06.06.2014, 09:15
| #3 |
| | ms13-052 Virus nach öffnen von .rtf Datei Hallo, hier bin ich wieder,
__________________also, hatte gestern noch über nacht den avira scan gestartet und jetzt eben noch die addition unten im code und nochmal den frst text falls sich der durch den avira scan verändert hat, den code vom avira scan geb ich auch mal rein falls du damit was anfangen kannst. Vielen Dank im Voraus LG Jonas frst: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by jonas (administrator) on MOLBIOTECH26 on 06-06-2014 10:11:06
Running from C:\Users\jonas\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-16] (APN)
HKU\S-1-5-21-1952926635-466019637-909878624-1001\...\Run: [0CGPckmnqwz] => C:\ProgramData\0CGPckmnqwz.exe [367864 2014-06-05] (drfedcfvgy)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x700C488C186CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Ncbi.dll (Informax Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{DA415218-9C9E-4A05-99FA-758128D43D1F}: [NameServer]128.131.4.3,128.130.4.3
FireFox:
========
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-03-26]
FF Extension: Adblock Plus - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-23]
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (YouTube) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-09] (Avira GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 10:08 - 2014-06-06 10:11 - 00016434 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-05 19:02 - 2014-06-06 10:11 - 00000000 ____D () C:\FRST
2014-06-05 15:20 - 2014-06-06 09:59 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-05 15:18 - 2014-06-05 15:19 - 02068992 _____ (Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
2014-06-05 14:13 - 2014-06-05 14:13 - 00367864 ____H (drfedcfvgy) C:\ProgramData\0CGPckmnqwz.exe
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-15 15:10 - 2014-05-15 15:11 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-14 17:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:55 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 17:55 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 17:55 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:55 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 17:55 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 17:55 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 14:14 - 2014-05-12 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-06 10:11 - 2014-06-06 10:08 - 00016434 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-06 10:11 - 2014-06-05 19:02 - 00000000 ____D () C:\FRST
2014-06-06 10:11 - 2013-04-02 11:10 - 00000000 ____D () C:\Users\jonas\AppData\Local\Temp
2014-06-06 10:11 - 2012-11-23 17:22 - 01066522 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 10:10 - 2012-11-27 10:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 09:59 - 2014-06-05 15:20 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-06 09:59 - 2013-04-02 11:11 - 00000000 ____D () C:\Users\jonas\AppData\Local\Adobe
2014-06-06 09:59 - 2012-11-27 10:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 09:58 - 2013-04-02 11:18 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Dropbox
2014-06-06 09:58 - 2012-11-26 17:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 20:12 - 2013-12-04 15:49 - 00000000 ____D () C:\Program Files (x86)\NTI Database
2014-06-05 15:19 - 2014-06-05 15:18 - 02068992 _____ (Farbar) C:\Users\jonas\Desktop\FRST64(1).exe
2014-06-05 15:15 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:15 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:05 - 2014-05-03 12:26 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\DropboxMaster
2014-06-05 15:05 - 2013-04-08 11:40 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\stickies
2014-06-05 15:05 - 2013-04-02 11:24 - 00000000 ___RD () C:\Users\jonas\Dropbox
2014-06-05 15:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 15:04 - 2009-07-14 06:51 - 00083010 _____ () C:\Windows\setupact.log
2014-06-05 14:13 - 2014-06-05 14:13 - 00367864 ____H (drfedcfvgy) C:\ProgramData\0CGPckmnqwz.exe
2014-06-04 15:25 - 2014-01-16 16:11 - 00000000 ____D () C:\Users\jonas\Desktop\Lab Book Jonas *** 2014 -
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-06-04 15:04 - 2013-05-18 13:26 - 00000000 ____D () C:\Users\jonas\AppData\Local\CutePDF Writer
2014-06-04 13:24 - 2013-04-02 11:16 - 00000000 ____D () C:\Users\jonas\Desktop\Papers PDF
2014-06-03 17:17 - 2014-02-05 10:47 - 00093051 _____ () C:\Users\jonas\Desktop\Scale Protocol.xlsx
2014-06-02 14:31 - 2013-05-14 17:19 - 00045557 _____ () C:\Users\jonas\Desktop\Primers_Jonas 2013 -.xlsx
2014-05-28 13:49 - 2013-11-25 11:43 - 00000000 ____D () C:\Users\jonas\Desktop\Projekte
2014-05-28 13:48 - 2013-12-05 10:25 - 00000000 ____D () C:\Users\jonas\Desktop\Listen
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-23 15:21 - 2010-11-21 08:22 - 00698726 _____ () C:\Windows\system32\perfh007.dat
2014-05-23 15:21 - 2010-11-21 08:22 - 00148782 _____ () C:\Windows\system32\perfc007.dat
2014-05-23 15:21 - 2009-07-14 07:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 15:20 - 2014-01-20 12:20 - 00022304 _____ () C:\Users\jonas\Desktop\FillIn Excel.xlsx
2014-05-23 08:47 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 08:46 - 2013-04-02 11:20 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 16:36 - 2014-01-16 17:49 - 00524800 _____ () C:\Users\jonas\Desktop\TUWIEN_***.xls
2014-05-20 17:35 - 2013-04-08 11:36 - 00000000 ____D () C:\Users\jonas\AppData\Local\Paint.NET
2014-05-15 15:11 - 2014-05-15 15:10 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-15 14:39 - 2013-04-02 11:17 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Skype
2014-05-15 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 10:36 - 2013-04-30 17:00 - 00000000 ___RD () C:\Users\jonas\Virtual Machines
2014-05-15 10:36 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 10:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 17:59 - 2012-11-26 11:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 17:52 - 2013-08-30 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:50 - 2012-11-26 17:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 11:26 - 2012-11-26 17:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:26 - 2012-11-26 17:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:26 - 2012-11-26 17:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 09:10 - 2012-11-26 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 14:14 - 2014-05-12 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:47 - 2012-11-27 10:45 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 08:47 - 2012-11-27 10:45 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\ProgramData\0CGPckmnqwz.exe
Some content of TEMP:
====================
C:\Users\jonas\AppData\Local\Temp\APNSetup.exe
C:\Users\jonas\AppData\Local\Temp\AskSLib.dll
C:\Users\jonas\AppData\Local\Temp\converter.exe
C:\Users\jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptt7vfi.dll
C:\Users\jonas\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\jonas\AppData\Local\Temp\Foxit Updater.exe
C:\Users\jonas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\jonas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\jonas\AppData\Local\Temp\MSN34B9.exe
C:\Users\jonas\AppData\Local\Temp\ose00000.exe
C:\Users\jonas\AppData\Local\Temp\ose00001.exe
C:\Users\Silvia\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Silvia\AppData\Local\Temp\Risweb32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 12:11
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- addition [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by jonas at 2014-06-06 10:11:43
Running from C:\Users\jonas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1580 - Avira)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
ClustalX2 (HKLM-x32\...\{2F574EDF-22DD-4546-8DDC-D73B04455137}) (Version: 2.0.11 - University College Dublin)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation)
Gene Runner (HKLM-x32\...\{910AD659-D14B-451D-8670-4ECDA5FC47B3}) (Version: 4.0.9.63 - Gene Runner)
GeneDoc (HKLM-x32\...\GeneDoc) (Version: - )
GENtle (HKLM-x32\...\GENtle) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GraphPad Prism 5 (HKLM-x32\...\{35B73650-6899-11DA-6784-00232A9018BE}) (Version: 5.01 - GraphPad Software)
Harzing's Publish or Perish 4.6.3.5156 (HKLM\...\{5676F50B-9B69-415A-ACB5-E591BF48D282}) (Version: 4.6.3.5156 - Tarma Software Research Pty Ltd)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version: - NIH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MEGA 4 (HKLM-x32\...\{B185CA27-2F59-49C0-A043-42A98E723C8E}) (Version: 4.0.0002 - Sudhir Kumar et al.)
MEGA5 (HKLM-x32\...\{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1) (Version: - Arizona State University)
Mendeley Desktop 1.8.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.4 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
V11CC (x32 Version: 11.0.0000 - Invitrogen Corporation) Hidden
V11CNT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11COM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11DT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11NQ (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11PFAM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
Vector NTI 11 (HKLM-x32\...\{9876E8C6-F8D7-4F43-84D3-B97D177F9466}) (Version: 11.0.0000 - Invitrogen Corporation)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
==================== Restore Points =========================
12-05-2014 07:53:24 Geplanter Prüfpunkt
14-05-2014 15:45:50 Windows Update
22-05-2014 08:30:07 Geplanter Prüfpunkt
29-05-2014 10:18:03 Geplanter Prüfpunkt
05-06-2014 15:51:42 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1416622D-2113-4FD7-AE26-21A275B39979} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-jonas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {50DC5F78-6E26-4EAB-AA7D-052F6DCC42B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {5D8AA142-F4CB-4CA5-8C43-71263013C671} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-Silvia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {5F643954-E916-4328-81BF-BE604BCDA4FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {D38D95CC-5B7F-47C7-9CEC-D2BA7704C415} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-18 13:24 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-23 18:02 - 2012-05-09 12:38 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-06-05 15:05 - 2014-06-05 15:05 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptt7vfi.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\jonas\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-08 11:40 - 2013-04-08 11:40 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-05-12 14:14 - 2014-05-12 14:14 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00101888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet 400 color M451nw
Description: HP LaserJet 400 color M451nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CP1515n
Description: HP Color LaserJet CP1515n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 09:58:47 AM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von MOLBIOTECH26 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.
Error: (06/05/2014 10:15:00 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von MOLBIOTECH26 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.
Error: (06/05/2014 09:15:01 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von MOLBIOTECH26 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.
Error: (06/05/2014 08:15:08 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von MOLBIOTECH26 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.
Error: (06/05/2014 06:53:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64(1).exe, Version 2.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f9c
Startzeit: 01cf80ddad4d1700
Endzeit: 0
Anwendungspfad: C:\Users\jonas\Desktop\FRST64(1).exe
Berichts-ID:
Error: (06/05/2014 06:43:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64(1).exe, Version 2.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c4
Startzeit: 01cf80c0c3a8e640
Endzeit: 94
Anwendungspfad: C:\Users\jonas\Desktop\FRST64(1).exe
Berichts-ID:
Error: (06/05/2014 03:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 02:55:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 2.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 71c
Startzeit: 01cf80bd0e5bdf70
Endzeit: 0
Anwendungspfad: C:\Users\jonas\Downloads\FRST64.exe
Berichts-ID:
Error: (06/05/2014 02:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 11:10:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/05/2014 06:41:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Error: (06/05/2014 03:10:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (06/05/2014 03:06:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/05/2014 03:05:39 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/05/2014 03:05:39 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/05/2014 03:05:38 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 11
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/05/2014 02:19:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/05/2014 11:10:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/05/2014 11:09:40 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/05/2014 11:09:40 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Microsoft Office Sessions:
=========================
Error: (06/06/2014 09:58:47 AM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: MOLBIOTECH26 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (06/05/2014 10:15:00 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: MOLBIOTECH26 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (06/05/2014 09:15:01 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: MOLBIOTECH26 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (06/05/2014 08:15:08 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: MOLBIOTECH26 (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (06/05/2014 06:53:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64(1).exe2.6.2014.0f9c01cf80ddad4d17000C:\Users\jonas\Desktop\FRST64(1).exe
Error: (06/05/2014 06:43:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64(1).exe2.6.2014.0c401cf80c0c3a8e64094C:\Users\jonas\Desktop\FRST64(1).exe
Error: (06/05/2014 03:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 02:55:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.6.2014.071c01cf80bd0e5bdf700C:\Users\jonas\Downloads\FRST64.exe
Error: (06/05/2014 02:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 11:10:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 75%
Total physical RAM: 1919.24 MB
Available physical RAM: 464.5 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 1733.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:104.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BD55C8ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
avira scan Code:
ATTFilter
Avira Professional Security
Erstellungsdatum der Reportdatei: Donnerstag, 05. Juni 2014 18:45
Es wird nach 6891057 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : TU Wien Technische Universität
Seriennummer : 2216902224-ADJIM-0000800
Plattform : Windows 7 Enterprise
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MOLBIOTECH26
Versionsinformationen:
BUILD.DAT : 12.1.9.1580 46763 Bytes 22.11.2012 08:52:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 23.11.2012 17:03:42
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 10:39:05
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 10:38:53
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 10:38:48
AVREG.DLL : 12.3.0.17 232200 Bytes 23.11.2012 17:03:47
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 12:34:01
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:06:39
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:04:23
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:33:27
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 12:14:20
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 11:47:32
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 11:28:00
VBASE007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:08:18
VBASE008.VDF : 7.11.152.101 2048 Bytes 02.06.2014 11:08:18
VBASE009.VDF : 7.11.152.102 2048 Bytes 02.06.2014 11:08:18
VBASE010.VDF : 7.11.152.103 2048 Bytes 02.06.2014 11:08:18
VBASE011.VDF : 7.11.152.104 2048 Bytes 02.06.2014 11:08:18
VBASE012.VDF : 7.11.152.105 2048 Bytes 02.06.2014 11:08:18
VBASE013.VDF : 7.11.152.227 225280 Bytes 04.06.2014 10:50:59
VBASE014.VDF : 7.11.152.228 2048 Bytes 04.06.2014 10:50:59
VBASE015.VDF : 7.11.152.229 2048 Bytes 04.06.2014 10:50:59
VBASE016.VDF : 7.11.152.230 2048 Bytes 04.06.2014 10:50:59
VBASE017.VDF : 7.11.152.231 2048 Bytes 04.06.2014 10:50:59
VBASE018.VDF : 7.11.152.232 2048 Bytes 04.06.2014 10:50:59
VBASE019.VDF : 7.11.152.233 2048 Bytes 04.06.2014 10:50:59
VBASE020.VDF : 7.11.152.234 2048 Bytes 04.06.2014 10:50:59
VBASE021.VDF : 7.11.152.235 2048 Bytes 04.06.2014 10:50:59
VBASE022.VDF : 7.11.152.236 2048 Bytes 04.06.2014 10:50:59
VBASE023.VDF : 7.11.152.237 2048 Bytes 04.06.2014 10:50:59
VBASE024.VDF : 7.11.152.238 2048 Bytes 04.06.2014 10:50:59
VBASE025.VDF : 7.11.152.239 2048 Bytes 04.06.2014 10:50:59
VBASE026.VDF : 7.11.152.240 2048 Bytes 04.06.2014 10:50:59
VBASE027.VDF : 7.11.152.241 2048 Bytes 04.06.2014 10:50:59
VBASE028.VDF : 7.11.152.242 2048 Bytes 04.06.2014 10:50:59
VBASE029.VDF : 7.11.152.243 2048 Bytes 04.06.2014 10:50:59
VBASE030.VDF : 7.11.152.244 2048 Bytes 04.06.2014 10:50:59
VBASE031.VDF : 7.11.153.56 310784 Bytes 05.06.2014 09:14:56
Engineversion : 8.3.20.4
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 15:14:43
AESCRIPT.DLL : 8.1.4.206 528584 Bytes 28.05.2014 14:20:53
AESCN.DLL : 8.3.1.2 135360 Bytes 28.05.2014 14:20:52
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 13:53:18
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 13:55:44
AEPACK.DLL : 8.4.0.24 778440 Bytes 13.05.2014 13:16:01
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 17.04.2014 14:12:42
AEHEUR.DLL : 8.1.4.1092 6762696 Bytes 28.05.2014 14:20:52
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 14:20:46
AEGEN.DLL : 8.1.7.26 450752 Bytes 17.04.2014 14:12:42
AEEXP.DLL : 8.4.2.2 237760 Bytes 04.06.2014 12:51:01
AEEMU.DLL : 8.1.3.2 393587 Bytes 23.11.2012 17:03:29
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 12:51:01
AECORE.DLL : 8.3.1.0 241864 Bytes 28.05.2014 14:20:46
AEBB.DLL : 8.1.1.4 53619 Bytes 23.11.2012 17:03:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 10:38:48
AVPREF.DLL : 12.3.0.32 50720 Bytes 23.11.2012 17:03:41
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 10:38:48
AVARKT.DLL : 12.3.0.33 209696 Bytes 23.11.2012 17:03:36
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 10:38:46
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 10:38:55
AVSMTP.DLL : 12.3.0.32 63992 Bytes 23.11.2012 17:03:42
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 10:38:53
RCIMAGE.DLL : 12.3.0.31 4713720 Bytes 23.11.2012 17:02:57
RCTEXT.DLL : 12.3.0.32 98848 Bytes 23.11.2012 17:02:57
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 05. Juni 2014 18:45
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'OUTLOOK.EXE' - '210' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Vector NTI 10.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess '0CGPckmnqwz.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'stickies.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3689' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Vector NTI Advance 11.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-07-01 193831\Backup files 1.zip
[0] Archivtyp: ZIP
--> C/Users/Kathi/AppData/Roaming/wpbt0.dll
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-07-01 193831\Backup files 2.zip
[0] Archivtyp: ZIP
--> C/Users/Kathi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/30/1a2c19de-26b5e4d4
[1] Archivtyp: ZIP
--> q_a/q_a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> q_a/q_c.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.196
--> q_a/q_b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2013-02-01 193206\Backup files 16.zip
[0] Archivtyp: ZIP
--> C/Users/Kathi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/64542ac6-363cf689
[1] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-5076
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-5076.D
C:\Users\jonas\Downloads\alt\FoxitReader611.1025_L10N_Setup.exe
[0] Archivtyp: Inno Setup
--> {tmp}\Foxit_Elex_v9.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen2
Beginne mit der Desinfektion:
C:\Users\jonas\Downloads\alt\FoxitReader611.1025_L10N_Setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c24d527.qua' verschoben!
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2013-02-01 193206\Backup files 16.zip
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-5076.D
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '434efaf2.qua' verschoben!
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-07-01 193831\Backup files 2.zip
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1111a074.qua' verschoben!
C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-07-01 193831\Backup files 1.zip
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7726ef73.qua' verschoben!
Ende des Suchlaufs: Freitag, 06. Juni 2014 10:01
Benötigte Zeit: 2:14:58 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35424 Verzeichnisse wurden überprüft
1068443 Dateien wurden geprüft
7 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
1068435 Dateien ohne Befall
15938 Archive wurden durchsucht
1 Warnungen
4 Hinweise
727728 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Geändert von cosinus (16.01.2017 um 20:05 Uhr) Grund: Name unkenntlich |
|
07.06.2014, 05:49
| #4 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf Datei Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2014, 09:53
| #5 |
| | ms13-052 Virus nach öffnen von .rtf Datei klasse danke für die schnelle hilfe habs hinbekommen, hab gerade ebenne kleine spende überwiesen und werd euch weiterempfehlen! lg jonas |
|
10.06.2014, 18:40
| #6 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf Datei ehm, wir sind noch nit fertig
__________________ --> ms13-052 Virus nach öffnen von .rtf Datei |
|
10.06.2014, 21:55
| #7 |
| | ms13-052 Virus nach öffnen von .rtf Datei was echt, verdammt ich hab mir dem problem schon abgeschlossen gehabt okay ich hab jetz mal das ATTENTION Programm (AskToolbar) deinstalliert (und auch können, daher hab ich den weiteren scan nicht durchgeführt). Was benötigst du noch? den combofix text? falls ja: dachte der ist nicht mehr nötig weil "Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:"LG Jonas |
|
11.06.2014, 20:10
| #8 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf Datei jetzt Combofix, ja
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2014, 12:45
| #9 |
| | ms13-052 Virus nach öffnen von .rtf Datei okay, gemacht. LG jonas Code:
ATTFilter ComboFix 14-06-12.01 - jonas 12.06.2014 13:13:23.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1031.18.1919.526 [GMT 2:00]
ausgeführt von:: c:\users\jonas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-12 bis 2014-06-12 ))))))))))))))))))))))))))))))
.
.
2014-06-12 11:19 . 2014-06-12 11:19 -------- d-----w- c:\users\Silvia\AppData\Local\temp
2014-06-12 11:19 . 2014-06-12 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-10 07:01 . 2014-06-10 07:05 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-05 17:02 . 2014-06-06 08:12 -------- d-----w- C:\FRST
2014-05-14 15:57 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 15:55 . 2014-05-06 00:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 15:55 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 15:55 . 2014-05-06 00:46 17847808 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 15:55 . 2014-05-06 00:21 96768 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 15:53 . 2014-04-12 02:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-05-14 15:53 . 2014-03-04 09:44 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-14 15:53 . 2014-03-04 09:17 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-14 15:53 . 2014-04-12 02:19 31232 ----a-w- c:\windows\system32\lsass.exe
2014-05-14 15:53 . 2014-03-04 09:44 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-14 15:53 . 2014-03-04 09:17 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-14 15:53 . 2014-03-04 09:44 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-14 15:53 . 2014-03-04 09:43 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-05-14 15:53 . 2014-03-04 09:17 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-14 15:53 . 2014-03-04 09:17 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 15:50 . 2012-11-26 15:31 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 09:26 . 2012-11-26 15:11 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 09:26 . 2012-11-26 15:11 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 18:13 . 2014-04-29 08:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-23 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2013-4-8 1134592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 07:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:26]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 08:45]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 08:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{DA415218-9C9E-4A05-99FA-758128D43D1F}: NameServer = 128.131.4.3,128.130.4.3
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - c:\program files (x86)\Invitrogen\Vector NTI Advance 11\Ncbi.dll
FF - ProfilePath - c:\users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-12 13:27:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-06-12 11:27
.
Vor Suchlauf: 9 Verzeichnis(se), 111.904.649.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 117.744.312.320 Bytes frei
.
- - End Of File - - 66E6275B15F4A4B14AB5029085AC3C50
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.06.2014, 11:57
| #10 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf Datei Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2014, 13:53
| #11 |
| | ms13-052 Virus nach öffnen von .rtf DateiCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 13.06.2014 13:37:58, SYSTEM, MOLBIOTECH26, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1, Update, 13.06.2014 13:38:00, SYSTEM, MOLBIOTECH26, Manual, Malware Database, 2014.3.4.9, 2014.6.13.4, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 13.06.2014 13:37:58, SYSTEM, MOLBIOTECH26, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1, Update, 13.06.2014 13:38:00, SYSTEM, MOLBIOTECH26, Manual, Malware Database, 2014.3.4.9, 2014.6.13.4, (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 13/06/2014 um 14:28:46
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzername : jonas - MOLBIOTECH26
# Gestartet von : C:\Users\jonas\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Datei Gelöscht : C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\searchplugins\ask-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\PIP
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16555
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\prefs.js ]
[ Datei : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\3ul0jv1a.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[ Datei : C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [2806 octets] - [13/06/2014 14:13:59]
AdwCleaner[S0].txt - [2631 octets] - [13/06/2014 14:28:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2691 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by jonas on 13.06.2014 at 14:37:25,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Emptied folder: C:\Users\jonas\AppData\Roaming\mozilla\firefox\profiles\uzkc8yxs.default\minidumps [58 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2014 at 14:44:00,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by jonas (administrator) on MOLBIOTECH26 on 13-06-2014 14:47:56
Running from C:\Users\jonas\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dropbox, Inc.) C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Thisisu) C:\Users\jonas\Downloads\JRT(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x700C488C186CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Ncbi.dll (Informax Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{DA415218-9C9E-4A05-99FA-758128D43D1F}: [NameServer]128.131.4.3,128.130.4.3
FireFox:
========
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-23]
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (YouTube) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-09] (Avira GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-13 14:45 - 2014-06-13 14:45 - 02081792 _____ (Farbar) C:\Users\jonas\Desktop\FRST64.exe
2014-06-13 14:45 - 2014-06-13 14:45 - 00000000 ____D () C:\Users\jonas\Desktop\FRST-OlderVersion
2014-06-13 14:44 - 2014-06-13 14:44 - 00000810 _____ () C:\Users\jonas\Desktop\JRT.txt
2014-06-13 14:37 - 2014-06-13 14:37 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT(1).exe
2014-06-13 14:37 - 2014-06-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 14:36 - 2014-06-13 14:36 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT.exe
2014-06-13 14:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 14:11 - 2014-06-13 14:29 - 00000000 ____D () C:\AdwCleaner
2014-06-13 14:10 - 2014-06-13 14:10 - 01333465 _____ () C:\Users\jonas\Downloads\adwcleaner_3.212.exe
2014-06-13 14:06 - 2014-06-13 14:45 - 00000000 ____D () C:\Users\jonas\Desktop\Antivir
2014-06-13 13:35 - 2014-06-13 14:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 13:35 - 2014-06-13 13:35 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 13:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 13:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 13:34 - 2014-06-13 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 16:51 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 16:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:51 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 16:48 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:48 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:48 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:48 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:48 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:48 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:48 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:48 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:48 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 16:48 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 16:48 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:48 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:48 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:48 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:48 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:48 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:48 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:48 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-12 16:48 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:48 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:48 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-12 16:48 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-12 16:48 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:30 - 2014-06-12 13:31 - 00000000 ____D () C:\Users\jonas\Desktop\LogFile combofix
2014-06-12 13:27 - 2014-06-12 13:27 - 00018011 _____ () C:\ComboFix.txt
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Silvia\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 13:09 - 2014-06-12 13:27 - 00000000 ____D () C:\Qoobox
2014-06-12 13:09 - 2014-06-12 13:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 13:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 13:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 13:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-12 12:58 - 2014-06-12 12:59 - 05205897 ____R (Swearware) C:\Users\jonas\Desktop\ComboFix.exe
2014-06-10 10:50 - 2014-06-10 10:50 - 00003270 _____ () C:\Windows\System32\Tasks\{E1E70516-F0E7-40FD-9CE1-4642860005BC}
2014-06-10 09:01 - 2014-06-10 09:05 - 00001264 _____ () C:\Users\jonas\Desktop\Revo Uninstaller.lnk
2014-06-10 09:01 - 2014-06-10 09:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 09:00 - 2014-06-10 09:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonas\Downloads\revosetup95.exe
2014-06-06 10:08 - 2014-06-13 14:47 - 00015518 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-05 19:02 - 2014-06-13 14:48 - 00000000 ____D () C:\FRST
2014-06-05 15:20 - 2014-06-06 09:59 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-15 15:10 - 2014-05-15 15:11 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-14 17:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
==================== One Month Modified Files and Folders =======
2014-06-13 14:48 - 2014-06-06 10:08 - 00015518 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-13 14:48 - 2014-06-05 19:02 - 00000000 ____D () C:\FRST
2014-06-13 14:48 - 2013-04-02 11:10 - 00000000 ____D () C:\Users\jonas\AppData\Local\Temp
2014-06-13 14:45 - 2014-06-13 14:45 - 02081792 _____ (Farbar) C:\Users\jonas\Desktop\FRST64.exe
2014-06-13 14:45 - 2014-06-13 14:45 - 00000000 ____D () C:\Users\jonas\Desktop\FRST-OlderVersion
2014-06-13 14:45 - 2014-06-13 14:06 - 00000000 ____D () C:\Users\jonas\Desktop\Antivir
2014-06-13 14:44 - 2014-06-13 14:44 - 00000810 _____ () C:\Users\jonas\Desktop\JRT.txt
2014-06-13 14:43 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 14:43 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 14:37 - 2014-06-13 14:37 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT(1).exe
2014-06-13 14:37 - 2014-06-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 14:36 - 2014-06-13 14:36 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT.exe
2014-06-13 14:34 - 2013-04-02 11:18 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Dropbox
2014-06-13 14:33 - 2014-05-03 12:26 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\DropboxMaster
2014-06-13 14:33 - 2013-04-02 11:24 - 00000000 ___RD () C:\Users\jonas\Dropbox
2014-06-13 14:33 - 2012-11-27 10:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 14:30 - 2010-11-21 05:47 - 00160156 _____ () C:\Windows\PFRO.log
2014-06-13 14:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 14:30 - 2009-07-14 06:51 - 00083514 _____ () C:\Windows\setupact.log
2014-06-13 14:29 - 2014-06-13 14:11 - 00000000 ____D () C:\AdwCleaner
2014-06-13 14:29 - 2012-11-23 17:22 - 01369087 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 14:26 - 2012-11-26 17:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 14:10 - 2014-06-13 14:10 - 01333465 _____ () C:\Users\jonas\Downloads\adwcleaner_3.212.exe
2014-06-13 14:04 - 2014-06-13 13:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 13:59 - 2013-04-08 11:40 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\stickies
2014-06-13 13:52 - 2012-11-27 10:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 13:37 - 2013-12-04 15:49 - 00000000 ____D () C:\Program Files (x86)\NTI Database
2014-06-13 13:36 - 2014-01-16 16:11 - 00000000 ____D () C:\Users\jonas\Desktop\Lab Book Jonas *** 2014 -
2014-06-13 13:35 - 2014-06-13 13:35 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-02-05 10:47 - 00097382 _____ () C:\Users\jonas\Desktop\Scale Protocol.xlsx
2014-06-13 13:34 - 2014-06-13 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-13 10:54 - 2014-01-20 12:20 - 00023286 _____ () C:\Users\jonas\Desktop\FillIn Excel.xlsx
2014-06-13 10:35 - 2013-12-05 10:25 - 00000000 ____D () C:\Users\jonas\Desktop\Listen
2014-06-13 09:23 - 2013-04-02 11:11 - 00000000 ____D () C:\Users\jonas\AppData\Local\Adobe
2014-06-12 16:52 - 2013-08-30 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 16:52 - 2012-11-26 17:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:51 - 2012-11-26 11:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 13:31 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\jonas\Desktop\LogFile combofix
2014-06-12 13:27 - 2014-06-12 13:27 - 00018011 _____ () C:\ComboFix.txt
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Silvia\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:09 - 00000000 ____D () C:\Qoobox
2014-06-12 13:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-12 13:24 - 2014-06-12 13:09 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 13:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 12:59 - 2014-06-12 12:58 - 05205897 ____R (Swearware) C:\Users\jonas\Desktop\ComboFix.exe
2014-06-10 17:27 - 2013-11-25 11:43 - 00000000 ____D () C:\Users\jonas\Desktop\Projekte
2014-06-10 11:30 - 2013-04-22 19:11 - 00000000 ____D () C:\Users\jonas\Desktop\Präsentationen
2014-06-10 10:50 - 2014-06-10 10:50 - 00003270 _____ () C:\Windows\System32\Tasks\{E1E70516-F0E7-40FD-9CE1-4642860005BC}
2014-06-10 09:05 - 2014-06-10 09:01 - 00001264 _____ () C:\Users\jonas\Desktop\Revo Uninstaller.lnk
2014-06-10 09:05 - 2014-06-10 09:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 09:00 - 2014-06-10 09:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonas\Downloads\revosetup95.exe
2014-06-06 15:10 - 2013-04-02 11:17 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Skype
2014-06-06 13:20 - 2013-04-08 13:43 - 00000000 ____D () C:\Users\jonas\Desktop\Arbeitsprotokolle
2014-06-06 12:36 - 2013-04-08 11:36 - 00000000 ____D () C:\Users\jonas\AppData\Local\Paint.NET
2014-06-06 09:59 - 2014-06-05 15:20 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-06-04 15:04 - 2013-05-18 13:26 - 00000000 ____D () C:\Users\jonas\AppData\Local\CutePDF Writer
2014-06-04 13:24 - 2013-04-02 11:16 - 00000000 ____D () C:\Users\jonas\Desktop\Papers PDF
2014-06-02 14:31 - 2013-05-14 17:19 - 00045557 _____ () C:\Users\jonas\Desktop\Primers_Jonas 2013 -.xlsx
2014-05-28 20:53 - 2014-06-12 16:48 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 20:37 - 2014-06-12 16:48 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 20:35 - 2014-06-12 16:48 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 20:31 - 2014-06-12 16:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 20:31 - 2014-06-12 16:48 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 20:30 - 2014-06-12 16:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 20:30 - 2014-06-12 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 20:29 - 2014-06-12 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 20:28 - 2014-06-12 16:48 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 20:28 - 2014-06-12 16:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 20:27 - 2014-06-12 16:48 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 18:48 - 2014-06-12 16:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 18:39 - 2014-06-12 16:48 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 18:38 - 2014-06-12 16:48 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 18:33 - 2014-06-12 16:48 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 18:32 - 2014-06-12 16:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 16:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 18:31 - 2014-06-12 16:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 18:31 - 2014-06-12 16:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 16:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 18:29 - 2014-06-12 16:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 16:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-23 15:21 - 2010-11-21 08:22 - 00698726 _____ () C:\Windows\system32\perfh007.dat
2014-05-23 15:21 - 2010-11-21 08:22 - 00148782 _____ () C:\Windows\system32\perfc007.dat
2014-05-23 15:21 - 2009-07-14 07:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 08:47 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 08:46 - 2013-04-02 11:20 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 16:36 - 2014-01-16 17:49 - 00524800 _____ () C:\Users\jonas\Desktop\TUWIEN_***.xls
2014-05-15 15:11 - 2014-05-15 15:10 - 00524800 _____ () C:\Users\jonas\Desktop\tuwien_***_2014 05 15.xls
2014-05-15 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 10:36 - 2013-04-30 17:00 - 00000000 ___RD () C:\Users\jonas\Virtual Machines
2014-05-15 10:36 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 10:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 11:26 - 2012-11-26 17:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:26 - 2012-11-26 17:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:26 - 2012-11-26 17:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8j95rp.dll
C:\Users\jonas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 10:05
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by jonas at 2014-06-13 14:50:18
Running from C:\Users\jonas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1580 - Avira)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
ClustalX2 (HKLM-x32\...\{2F574EDF-22DD-4546-8DDC-D73B04455137}) (Version: 2.0.11 - University College Dublin)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation)
Gene Runner (HKLM-x32\...\{910AD659-D14B-451D-8670-4ECDA5FC47B3}) (Version: 4.0.9.63 - Gene Runner)
GeneDoc (HKLM-x32\...\GeneDoc) (Version: - )
GENtle (HKLM-x32\...\GENtle) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GraphPad Prism 5 (HKLM-x32\...\{35B73650-6899-11DA-6784-00232A9018BE}) (Version: 5.01 - GraphPad Software)
Harzing's Publish or Perish 4.6.3.5156 (HKLM\...\{5676F50B-9B69-415A-ACB5-E591BF48D282}) (Version: 4.6.3.5156 - Tarma Software Research Pty Ltd)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version: - NIH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MEGA 4 (HKLM-x32\...\{B185CA27-2F59-49C0-A043-42A98E723C8E}) (Version: 4.0.0002 - Sudhir Kumar et al.)
MEGA5 (HKLM-x32\...\{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1) (Version: - Arizona State University)
Mendeley Desktop 1.8.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.4 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
V11CC (x32 Version: 11.0.0000 - Invitrogen Corporation) Hidden
V11CNT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11COM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11DT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11NQ (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11PFAM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
Vector NTI 11 (HKLM-x32\...\{9876E8C6-F8D7-4F43-84D3-B97D177F9466}) (Version: 11.0.0000 - Invitrogen Corporation)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
==================== Restore Points =========================
22-05-2014 08:30:07 Geplanter Prüfpunkt
29-05-2014 10:18:03 Geplanter Prüfpunkt
05-06-2014 15:51:42 Geplanter Prüfpunkt
10-06-2014 07:28:18 Revo Uninstaller's restore point - Ask Toolbar
12-06-2014 11:09:57 ComboFix created restore point
12-06-2014 14:47:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1416622D-2113-4FD7-AE26-21A275B39979} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-jonas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {50DC5F78-6E26-4EAB-AA7D-052F6DCC42B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {5D8AA142-F4CB-4CA5-8C43-71263013C671} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-Silvia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {5F643954-E916-4328-81BF-BE604BCDA4FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {D38D95CC-5B7F-47C7-9CEC-D2BA7704C415} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-18 13:24 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-23 18:02 - 2012-05-09 12:38 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-06-13 14:33 - 2014-06-13 14:33 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8j95rp.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\jonas\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-08 11:40 - 2013-04-08 11:40 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Users^jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet 400 color M451nw
Description: HP LaserJet 400 color M451nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CP1515n
Description: HP Color LaserJet CP1515n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 1919.24 MB
Available physical RAM: 970.44 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2720.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:106.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BD55C8ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Eine Frage dazu, kann ich die selben programme auch mal auf einem anderen computer von mir durchlaufen lassen (nur falls die auch irgendwelche schadsoftware drauf haben) oder ist das nicht zu empfehlen? Geändert von cosinus (16.01.2017 um 20:06 Uhr) Grund: Name unkenntlich |
|
14.06.2014, 15:01
| #12 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf DateiESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2014, 16:42
| #13 |
| | ms13-052 Virus nach öffnen von .rtf Datei eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ca7b5a2d0733ea4586fa29eec09cca5c
# engine=18756
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-06-17 02:16:47
# local_time=2014-06-17 04:16:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1802 16775165 100 98 14423 173682312 3624 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27310165 154644457 0 0
# scanned=165716
# found=11
# cleaned=0
# scan_time=7055
sh=5D0B1F434584586253198C54BA8A256B47036B99 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-04-19 221431\Backup files 1.zip"
sh=99B6FB7D27FC6309289F522CE168D2E284F715FF ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\jonas\Desktop\festplatte bei gelegenheit umkpieren\KATHI-PC\Backup Set 2012-04-19 221431\Backup Files 2012-07-01 193831\Backup files 3.zip"
sh=C710844DC6E53FB14BB01B9AA416185FCFF74425 ft=1 fh=52f1437ca4aa1b50 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jonas\Downloads\alt\cdex_151 - CHIP-Downloader.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\jonas\Downloads\alt\CuteWriter-2.8.0.8.exe"
sh=B9DFDDD0DD350D380F1BA6D97667B5671F387EBC ft=1 fh=2702b615f7b8f074 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\jonas\Downloads\alt\FoxitReader545.0114_enu_Setup.exe"
sh=E2CC04CB64AD7D296CA7410DF60309BD58A90D6C ft=1 fh=bc5c8b0dfcf1ffde vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jonas\Downloads\alt\PDF XChange Viewer - CHIP-Downloader.exe"
sh=2C022B9E3880B0424380231D3D2F0C9EE5F40DB8 ft=1 fh=1345dfc739bdb64d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Silvia\Desktop\Silvia Download\Anwendungen\SoftonicDownloader55251.exe"
sh=18789F2408215A6338C9C6A958FE510EC4B2A9FA ft=1 fh=97fb81a87a2d89c3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Silvia\Desktop\Silvia Download\CCleaner 3.22.1800.exe"
sh=F49B2A606EE5AB072701D62C6D45D22ED1ABE21E ft=1 fh=754b241b5b9444d7 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Silvia\Desktop\Silvia Download\SoftonicDownloader_fuer_jdownloader.exe"
sh=7F658F4107C1C9EA1FCD8E942B73345BD9B04669 ft=1 fh=c4d44502a1fdad63 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Silvia\Desktop\Silvia Download\SoftonicDownloader_fuer_windows-live-messenger.exe"
sh=778DF6AFCA81CFBC1361171063F907284F535243 ft=1 fh=9ad6d679dbc6b679 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Silvia\Desktop\Silvia Download\wordview_de-de(1).exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
frst FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by jonas (administrator) on MOLBIOTECH26 on 17-06-2014 17:41:16
Running from C:\Users\jonas\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\jonas\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x700C488C186CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 11\Ncbi.dll (Informax Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{DA415218-9C9E-4A05-99FA-758128D43D1F}: [NameServer]128.131.4.3,128.130.4.3
FireFox:
========
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uzkc8yxs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-23]
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (YouTube) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-09] (Avira GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-17 17:38 - 2014-06-17 17:41 - 00016257 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-17 16:57 - 2014-06-17 16:57 - 00854367 _____ () C:\Users\jonas\Desktop\SecurityCheck.exe
2014-06-17 14:12 - 2014-06-17 14:12 - 02347384 _____ (ESET) C:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
2014-06-13 14:45 - 2014-06-17 17:38 - 02081280 _____ (Farbar) C:\Users\jonas\Desktop\FRST64.exe
2014-06-13 14:45 - 2014-06-17 17:38 - 00000000 ____D () C:\Users\jonas\Desktop\FRST-OlderVersion
2014-06-13 14:44 - 2014-06-13 14:44 - 00000810 _____ () C:\Users\jonas\Desktop\JRT.txt
2014-06-13 14:37 - 2014-06-13 14:37 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT(1).exe
2014-06-13 14:37 - 2014-06-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 14:36 - 2014-06-13 14:36 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT.exe
2014-06-13 14:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 14:11 - 2014-06-13 14:29 - 00000000 ____D () C:\AdwCleaner
2014-06-13 14:10 - 2014-06-13 14:10 - 01333465 _____ () C:\Users\jonas\Downloads\adwcleaner_3.212.exe
2014-06-13 14:06 - 2014-06-13 14:50 - 00000000 ____D () C:\Users\jonas\Desktop\Antivir
2014-06-13 13:35 - 2014-06-13 14:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 13:35 - 2014-06-13 13:35 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 13:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 13:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 13:34 - 2014-06-13 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 16:51 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 16:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:51 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 16:48 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:48 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:48 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:48 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:48 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:48 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:48 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:48 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:48 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:48 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 16:48 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 16:48 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 16:48 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:48 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:48 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:48 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:48 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:48 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:48 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:48 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-12 16:48 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:48 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:48 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:48 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:48 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-12 16:48 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-12 16:48 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:30 - 2014-06-12 13:31 - 00000000 ____D () C:\Users\jonas\Desktop\LogFile combofix
2014-06-12 13:27 - 2014-06-12 13:27 - 00018011 _____ () C:\ComboFix.txt
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Silvia\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 13:09 - 2014-06-12 13:27 - 00000000 ____D () C:\Qoobox
2014-06-12 13:09 - 2014-06-12 13:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 13:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 13:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 13:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 13:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-12 12:58 - 2014-06-12 12:59 - 05205897 ____R (Swearware) C:\Users\jonas\Desktop\ComboFix.exe
2014-06-10 10:50 - 2014-06-10 10:50 - 00003270 _____ () C:\Windows\System32\Tasks\{E1E70516-F0E7-40FD-9CE1-4642860005BC}
2014-06-10 09:01 - 2014-06-10 09:05 - 00001264 _____ () C:\Users\jonas\Desktop\Revo Uninstaller.lnk
2014-06-10 09:01 - 2014-06-10 09:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 09:00 - 2014-06-10 09:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonas\Downloads\revosetup95.exe
2014-06-05 19:02 - 2014-06-17 17:41 - 00000000 ____D () C:\FRST
2014-06-05 15:20 - 2014-06-06 09:59 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
==================== One Month Modified Files and Folders =======
2014-06-17 17:41 - 2014-06-17 17:38 - 00016257 _____ () C:\Users\jonas\Desktop\FRST.txt
2014-06-17 17:41 - 2014-06-05 19:02 - 00000000 ____D () C:\FRST
2014-06-17 17:41 - 2013-04-02 11:10 - 00000000 ____D () C:\Users\jonas\AppData\Local\Temp
2014-06-17 17:39 - 2014-01-16 16:11 - 00000000 ____D () C:\Users\jonas\Desktop\Lab Book Jonas *** 2014 -
2014-06-17 17:38 - 2014-06-13 14:45 - 02081280 _____ (Farbar) C:\Users\jonas\Desktop\FRST64.exe
2014-06-17 17:38 - 2014-06-13 14:45 - 00000000 ____D () C:\Users\jonas\Desktop\FRST-OlderVersion
2014-06-17 17:26 - 2013-04-02 11:18 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Dropbox
2014-06-17 17:26 - 2012-11-26 17:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 16:57 - 2014-06-17 16:57 - 00854367 _____ () C:\Users\jonas\Desktop\SecurityCheck.exe
2014-06-17 16:52 - 2012-11-27 10:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 14:12 - 2014-06-17 14:12 - 02347384 _____ (ESET) C:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
2014-06-17 10:37 - 2012-11-23 17:22 - 01391126 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 09:24 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 09:24 - 2009-07-14 06:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 09:21 - 2013-04-02 11:11 - 00000000 ____D () C:\Users\jonas\AppData\Local\Adobe
2014-06-17 09:11 - 2014-05-03 12:26 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\DropboxMaster
2014-06-17 09:11 - 2013-04-08 11:40 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\stickies
2014-06-17 09:11 - 2013-04-02 11:24 - 00000000 ___RD () C:\Users\jonas\Dropbox
2014-06-17 09:11 - 2012-11-27 10:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 09:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 09:11 - 2009-07-14 06:51 - 00083626 _____ () C:\Windows\setupact.log
2014-06-16 18:04 - 2013-04-02 11:17 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Skype
2014-06-16 10:46 - 2013-11-25 11:43 - 00000000 ____D () C:\Users\jonas\Desktop\Projekte
2014-06-13 16:00 - 2012-11-29 16:49 - 01645318 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-13 16:00 - 2010-11-21 08:22 - 00702274 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 16:00 - 2010-11-21 08:22 - 00149830 _____ () C:\Windows\system32\perfc007.dat
2014-06-13 14:51 - 2014-06-13 13:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 14:50 - 2014-06-13 14:06 - 00000000 ____D () C:\Users\jonas\Desktop\Antivir
2014-06-13 14:44 - 2014-06-13 14:44 - 00000810 _____ () C:\Users\jonas\Desktop\JRT.txt
2014-06-13 14:37 - 2014-06-13 14:37 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT(1).exe
2014-06-13 14:37 - 2014-06-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 14:36 - 2014-06-13 14:36 - 01016261 _____ (Thisisu) C:\Users\jonas\Downloads\JRT.exe
2014-06-13 14:30 - 2010-11-21 05:47 - 00160156 _____ () C:\Windows\PFRO.log
2014-06-13 14:29 - 2014-06-13 14:11 - 00000000 ____D () C:\AdwCleaner
2014-06-13 14:10 - 2014-06-13 14:10 - 01333465 _____ () C:\Users\jonas\Downloads\adwcleaner_3.212.exe
2014-06-13 13:37 - 2013-12-04 15:49 - 00000000 ____D () C:\Program Files (x86)\NTI Database
2014-06-13 13:35 - 2014-06-13 13:35 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-13 13:35 - 2014-02-05 10:47 - 00097382 _____ () C:\Users\jonas\Desktop\Scale Protocol.xlsx
2014-06-13 13:34 - 2014-06-13 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jonas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-13 10:54 - 2014-01-20 12:20 - 00023286 _____ () C:\Users\jonas\Desktop\FillIn Excel.xlsx
2014-06-13 10:35 - 2013-12-05 10:25 - 00000000 ____D () C:\Users\jonas\Desktop\Listen
2014-06-12 16:53 - 2013-08-30 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 16:52 - 2012-11-26 17:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:51 - 2012-11-26 11:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 13:31 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\jonas\Desktop\LogFile combofix
2014-06-12 13:27 - 2014-06-12 13:27 - 00018011 _____ () C:\ComboFix.txt
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Silvia\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 13:27 - 2014-06-12 13:09 - 00000000 ____D () C:\Qoobox
2014-06-12 13:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-12 13:24 - 2014-06-12 13:09 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 13:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 12:59 - 2014-06-12 12:58 - 05205897 ____R (Swearware) C:\Users\jonas\Desktop\ComboFix.exe
2014-06-10 11:30 - 2013-04-22 19:11 - 00000000 ____D () C:\Users\jonas\Desktop\Präsentationen
2014-06-10 10:50 - 2014-06-10 10:50 - 00003270 _____ () C:\Windows\System32\Tasks\{E1E70516-F0E7-40FD-9CE1-4642860005BC}
2014-06-10 09:05 - 2014-06-10 09:01 - 00001264 _____ () C:\Users\jonas\Desktop\Revo Uninstaller.lnk
2014-06-10 09:05 - 2014-06-10 09:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 09:00 - 2014-06-10 09:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonas\Downloads\revosetup95.exe
2014-06-06 13:20 - 2013-04-08 13:43 - 00000000 ____D () C:\Users\jonas\Desktop\Arbeitsprotokolle
2014-06-06 12:36 - 2013-04-08 11:36 - 00000000 ____D () C:\Users\jonas\AppData\Local\Paint.NET
2014-06-06 09:59 - 2014-06-05 15:20 - 00000000 ____D () C:\Users\jonas\Downloads\alt
2014-06-04 15:04 - 2014-06-04 15:04 - 03182552 _____ () C:\Users\jonas\Desktop\The race for raw materials in Africa - AG Version.pptx
2014-06-04 15:04 - 2013-05-18 13:26 - 00000000 ____D () C:\Users\jonas\AppData\Local\CutePDF Writer
2014-06-04 13:24 - 2013-04-02 11:16 - 00000000 ____D () C:\Users\jonas\Desktop\Papers PDF
2014-06-02 14:31 - 2013-05-14 17:19 - 00045557 _____ () C:\Users\jonas\Desktop\Primers_Jonas 2013 -.xlsx
2014-05-28 20:53 - 2014-06-12 16:48 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 20:37 - 2014-06-12 16:48 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 20:35 - 2014-06-12 16:48 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 20:31 - 2014-06-12 16:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 20:31 - 2014-06-12 16:48 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 20:30 - 2014-06-12 16:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 20:30 - 2014-06-12 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 20:29 - 2014-06-12 16:48 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 20:29 - 2014-06-12 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 20:28 - 2014-06-12 16:48 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 20:28 - 2014-06-12 16:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 20:28 - 2014-06-12 16:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 20:27 - 2014-06-12 16:48 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 18:48 - 2014-06-12 16:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 18:39 - 2014-06-12 16:48 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 18:38 - 2014-06-12 16:48 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 18:33 - 2014-06-12 16:48 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 18:32 - 2014-06-12 16:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 16:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 18:31 - 2014-06-12 16:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 18:31 - 2014-06-12 16:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 16:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 16:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 18:29 - 2014-06-12 16:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 16:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-26 10:55 - 2014-05-26 10:55 - 00012047 _____ () C:\Users\jonas\Desktop\pLAE1.ma4
2014-05-26 10:55 - 2014-05-26 10:55 - 00009194 _____ () C:\Users\jonas\Desktop\msb2 deletion plasmid.ma4
2014-05-23 15:21 - 2009-07-14 07:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 08:47 - 2013-04-02 11:11 - 00000000 ___RD () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 08:46 - 2013-04-02 11:20 - 00000000 ____D () C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 16:36 - 2014-01-16 17:49 - 00524800 _____ () C:\Users\jonas\Desktop\TUWIEN_***.xls
Some content of TEMP:
====================
C:\Users\jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkfpmzr.dll
C:\Users\jonas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 10:05
==================== End Of Log ============================
--- --- --- --- --- --- addition frst [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by jonas at 2014-06-17 17:41:53
Running from C:\Users\jonas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1580 - Avira)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
ClustalX2 (HKLM-x32\...\{2F574EDF-22DD-4546-8DDC-D73B04455137}) (Version: 2.0.11 - University College Dublin)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation)
Gene Runner (HKLM-x32\...\{910AD659-D14B-451D-8670-4ECDA5FC47B3}) (Version: 4.0.9.63 - Gene Runner)
GeneDoc (HKLM-x32\...\GeneDoc) (Version: - )
GENtle (HKLM-x32\...\GENtle) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GraphPad Prism 5 (HKLM-x32\...\{35B73650-6899-11DA-6784-00232A9018BE}) (Version: 5.01 - GraphPad Software)
Harzing's Publish or Perish 4.6.3.5156 (HKLM\...\{5676F50B-9B69-415A-ACB5-E591BF48D282}) (Version: 4.6.3.5156 - Tarma Software Research Pty Ltd)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version: - NIH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MEGA 4 (HKLM-x32\...\{B185CA27-2F59-49C0-A043-42A98E723C8E}) (Version: 4.0.0002 - Sudhir Kumar et al.)
MEGA5 (HKLM-x32\...\{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1) (Version: - Arizona State University)
Mendeley Desktop 1.8.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.4 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
V11CC (x32 Version: 11.0.0000 - Invitrogen Corporation) Hidden
V11CNT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11COM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11DT (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11NQ (x32 Version: 11.0 - Invitrogen Corporation) Hidden
V11PFAM (x32 Version: 11.0 - Invitrogen Corporation) Hidden
Vector NTI 11 (HKLM-x32\...\{9876E8C6-F8D7-4F43-84D3-B97D177F9466}) (Version: 11.0.0000 - Invitrogen Corporation)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
==================== Restore Points =========================
22-05-2014 08:30:07 Geplanter Prüfpunkt
29-05-2014 10:18:03 Geplanter Prüfpunkt
05-06-2014 15:51:42 Geplanter Prüfpunkt
10-06-2014 07:28:18 Revo Uninstaller's restore point - Ask Toolbar
12-06-2014 11:09:57 ComboFix created restore point
12-06-2014 14:47:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1416622D-2113-4FD7-AE26-21A275B39979} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-jonas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {50DC5F78-6E26-4EAB-AA7D-052F6DCC42B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {5D8AA142-F4CB-4CA5-8C43-71263013C671} - System32\Tasks\AdobeAAMUpdater-1.0-molbiotech26-Silvia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {5F643954-E916-4328-81BF-BE604BCDA4FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {D38D95CC-5B7F-47C7-9CEC-D2BA7704C415} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-18 13:24 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-17 16:57 - 2014-06-17 16:57 - 00854367 _____ () C:\Users\jonas\Desktop\SecurityCheck.exe
2012-11-23 18:02 - 2012-05-09 12:38 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-06-17 09:11 - 2014-06-17 09:11 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkfpmzr.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\jonas\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-08 11:40 - 2013-04-08 11:40 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-05-12 14:14 - 2014-05-12 14:14 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 21:43 - 2012-09-23 21:43 - 00101888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Users^jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet 400 color M451nw
Description: HP LaserJet 400 color M451nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CP1515n
Description: HP Color LaserJet CP1515n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2014 04:57:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/17/2014 04:54:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/17/2014 02:15:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/17/2014 02:15:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/17/2014 02:13:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PDFXCview.exe, Version 2.5.214.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c8c
Startzeit: 01cf8a1d9c844300
Endzeit: 16
Anwendungspfad: C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
Berichts-ID: c0aa2941-f618-11e3-a828-002354c145ce
Error: (06/17/2014 02:12:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/17/2014 09:12:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:35:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/17/2014 09:12:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/17/2014 09:11:37 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/17/2014 09:11:37 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/17/2014 09:11:37 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 11
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/17/2014 09:11:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (06/16/2014 10:36:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (06/16/2014 10:34:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/16/2014 10:33:56 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/16/2014 10:33:56 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (06/16/2014 10:33:56 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 11
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Microsoft Office Sessions:
=========================
Error: (06/17/2014 04:57:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
Error: (06/17/2014 04:54:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/17/2014 02:15:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
Error: (06/17/2014 02:15:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
Error: (06/17/2014 02:13:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PDFXCview.exe2.5.214.2c8c01cf8a1d9c84430016C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exec0aa2941-f618-11e3-a828-002354c145ce
Error: (06/17/2014 02:12:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\jonas\Downloads\esetsmartinstaller_deu.exe
Error: (06/17/2014 09:12:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:35:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 1919.24 MB
Available physical RAM: 514.63 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2064.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:105.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BD55C8ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
nein probleme hab ich keine mehr zumindest keine offensichtlichen wie das fenster das ursprünglich da war! empfiehlt es sich die selben scans auch zuhause durchzuführen oder soll ich die eher nur bei verdacht bzw. wenns klar ist dass ich mir was eingefangen hab anwenden? Geändert von cosinus (16.01.2017 um 20:04 Uhr) Grund: Name unkenntlich |
|
18.06.2014, 09:41
| #14 |
| /// the machine /// TB-Ausbilder | ms13-052 Virus nach öffnen von .rtf Datei nur wenn du was eingefangen hast. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 07:42
| #15 |
| | ms13-052 Virus nach öffnen von .rtf Datei Alles klar, super danke für die ausführliche Antwort und die Hilfe, wie bereits erwähnt super service werde euch weiterempfehlen und die spende sollte mittlerweile auch schon angekommen sein schönen tag noch! lg jonas |
|
| Themen zu ms13-052 Virus nach öffnen von .rtf Datei |
| .rtf datei, administrator, adobe flash player, adware/adware.gen2, avira, e-mail anhang, exp/2012-5076.d, exp/cve-2012-0507.a.196, exp/cve-2012-5076, exp/java.ternewb.gen, exp/java.ternub.gen, explorer.exe, flash player, iexplore.exe, microsoft, mozilla, ms13-052, services.exe, super, svchost.exe, tr/crypt.xpack.gen, tracker |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
