Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich Banking-Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2015, 19:23   #1
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hallo und guten Abend,

so wie es ausschaut habe ich auf meinem Rechner, Win-7, 32-Bit-Kiste, (Kleinstbetrieb ohne kommerziellen IT-Support, geschweige denn eigener IT-Abteilung - ich hoffe dass ich hiermit unter die Ausnahmeregelung falle) mit ziemlicher Sicherheit einen Banking-Trojaner eingefangen. Beim Aufruf der entsprechenden E-Bankingseite via IE öffnet sich ein Fenster
mit folgender Meldung:

"In Zusammenhang mit der Modernisierung des Sicherheitssystems kann von Ihnen beim Einloggen ins Benutzerkonto eine zusätzliche Identifizierung angefordert werden. Um Ihr Konto weiterhin benutzen zu können, würden wir Sie einmalig bitten, unsere Applikation für Smartphones auf Ihr Mobiltelefon zu installieren, das zu Ihrem Konto hinzugefügt ist. Ohne Installation der mobilen Applikation wird der Zugang zum Konto gesperrt. Wir danken für Ihr Verständnis."

Dieses Fenster erscheint beim Besuch der E-Bankingwebseite via Firefox nicht.
Ich habe mit der Desinfec't-CD einen Virenscan zwar schon durchgeführt, allerdings ohne
großen Erfolg.

Könnt Ihr mir bitte weiterhelfen?

Gruß,
Gödel

Alt 17.07.2015, 19:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 17.07.2015, 19:30   #3
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hallo Schrauber,

vorab vielen Dank für Deine Zeit und Mühen!

FRST spuckt folgendes aus:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Eva (administrator) on COMPE on 17-07-2015 18:31:33
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\ADVOKAT\AdvoServ.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Archivium\backend\wrapper.exe
(Apache Software Foundation) C:\Program Files\Archivium\apache-tomcat-6\bin\tomcat6.exe
(Sun Microsystems, Inc.) C:\Program Files\Archivium\jre1.6.0_20\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TPMX Electronics Ltd.) C:\Program Files\Lenovo\Mouse Suite\ico.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Mouse Suite\PELMICED.EXE
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(SHI Elektronische Medien GmbH) C:\Program Files\WEKA-Verlag\Ehe- und Familienrecht 1.2\SHIWebOnDisk.exe
(A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
(A-Trust GmbH) C:\Program Files\A-Trust GmbH\a.sign Client\ASignLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Eva\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Program Files\Lenovo\Mouse Suite\ICO.EXE [65536 2009-01-04] (TPMX Electronics Ltd.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-08-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [606208 2009-06-12] (FinePrint Software, LLC)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM\...\Run: [SHIWebOnDiskManager] => C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2015-02-17] (SHI Elektronische Medien GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzAD (the data entry has 285 more characters).
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-21] (Google Inc.)
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Run: [acSecurityLayer] => C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3647360 2013-12-04] (A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH)
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Run: [JUZgkloz] => C:\ProgramData\JUZgkloz.exe
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\MountPoints2: {de73835b-d918-11de-bfc5-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\a.sign Client.lnk [2010-02-06]
ShortcutTarget: a.sign Client.lnk -> C:\Program Files\A-Trust GmbH\a.sign Client\ASignLauncher.exe (A-Trust GmbH)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010-02-08]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-641445819-3458068065-4247131985-1003] => https://guard-safe.net/a2tunnel.js
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/
URLSearchHook: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {FFDBDD4D-F3E4-4239-8D3F-9E4E1C4C7E98} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> {C4C29553-CEAC-4B0B-A343-838A36681B96} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EAT&gct=&itbv=12.10.6.48&apn_uid=FC787CA6-DBB6-4CB8-A5A7-3A6B0EA279FC&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=ie_11.0.9600.16521&doi=2014-04-25&trgb=IE&q={searchTerms}&psv=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2015-04-28] (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
BHO: NCH DE Toolbar -> {b106b661-3e1b-4015-af5c-195e909f35c6} -> C:\Program Files\NCH_DE\prxtbNCH_.dll [2011-05-09] (Conduit Ltd.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll [2009-11-22] (PC-Doctor, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
Toolbar: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5FA3ADDC-92F6-4931-A86E-7E8E904FB566}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default
FF DefaultSearchEngine: NCH DE Customized Web Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: NCH DE Customized Web Search
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&CUI=UN07952075479111276&UM=&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-29] (Apple Inc.)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default\searchplugins\askcom.xml [2011-03-07]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default\searchplugins\conduit.xml [2014-09-26]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-10-19]

Chrome: 
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvoServ; C:\Program Files\ADVOKAT\AdvoServ.exe [77824 2009-11-27] () [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 Archivium; C:\Programme\Archivium\backend\wrapper.exe [204800 2008-02-14] () [File not signed]
R2 backend; C:\Programme\Archivium\\apache-tomcat-6\bin\tomcat6.exe [74752 2012-12-01] (Apache Software Foundation) [File not signed]
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [654640 2009-04-15] (REINER SCT)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited) [File not signed]
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [23040 2007-05-31] (REINER SCT)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl09e49a47; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E05A2151-87F5-4D61-90B1-D4293B327AFE}\MpKsl09e49a47.sys [39168 2015-07-17] (Microsoft Corporation)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [18944 2009-04-21] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 18:31 - 2015-07-17 18:31 - 00020421 _____ C:\Users\Eva\Downloads\FRST.txt
2015-07-17 18:31 - 2015-07-17 18:31 - 00000000 ____D C:\FRST
2015-07-17 18:30 - 2015-07-17 18:30 - 01636864 _____ (Farbar) C:\Users\Eva\Downloads\FRST.exe
2015-07-17 18:27 - 2015-07-17 18:28 - 00000468 _____ C:\Users\Eva\Downloads\defogger_disable.log
2015-07-17 18:27 - 2015-07-17 18:27 - 00050477 _____ C:\Users\Eva\Downloads\Defogger.exe
2015-07-17 18:27 - 2015-07-17 18:27 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-07-15 01:49 - 2015-07-09 19:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 01:49 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 01:49 - 2015-07-09 19:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 01:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 01:49 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 01:49 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 01:49 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 01:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 01:49 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 01:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 01:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 01:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 01:49 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 01:49 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 01:49 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 01:49 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 01:49 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 01:49 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 01:49 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 01:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 01:48 - 2015-07-03 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 01:48 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 01:48 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 01:48 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 01:48 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 01:48 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 01:48 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 01:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 01:48 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 01:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 01:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 01:48 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 01:48 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 01:48 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 01:48 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 01:48 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 01:48 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 01:48 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 01:48 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 01:48 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 01:48 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 01:48 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 01:48 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 01:48 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 01:48 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 01:48 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 01:48 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 01:48 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 01:48 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 01:48 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 01:48 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 01:48 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-10 11:03 - 2015-07-10 11:03 - 00000134 _____ C:\Users\Eva\Desktop\plugin5949307597518014319.trace
2015-07-09 07:11 - 2015-07-09 07:13 - 00000675 _____ C:\Users\Eva\Desktop\plugin2312656446516757476.trace
2015-07-07 10:16 - 2015-07-07 10:16 - 00000000 ____D C:\Users\Eva\AppData\Local\Macromedia
2015-07-07 09:58 - 2015-07-07 09:58 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00001116 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-07 09:54 - 2015-07-07 09:54 - 00242928 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 39.0.exe
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Eva\Downloads\SysinternalsSuite
2015-07-02 19:44 - 2015-07-02 19:44 - 13833282 _____ C:\Users\Eva\Downloads\SysinternalsSuite.zip
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 18:30 - 2012-04-10 08:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 18:27 - 2010-02-06 17:55 - 00000000 ____D C:\Users\Eva
2015-07-17 18:14 - 2010-04-21 11:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 17:44 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 17:44 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 17:34 - 2009-07-21 07:30 - 01776724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-17 17:33 - 2009-11-24 19:02 - 01821734 _____ C:\Windows\WindowsUpdate.log
2015-07-17 17:31 - 2009-07-14 06:39 - 00152239 _____ C:\Windows\setupact.log
2015-07-17 17:29 - 2010-04-21 11:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 17:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 16:37 - 2010-02-08 16:24 - 00000000 ____D C:\Program Files\ADVOKAT
2015-07-17 09:03 - 2010-02-06 19:15 - 00000340 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-17 03:01 - 2015-04-04 23:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 17:06 - 2010-03-17 12:21 - 00000000 ____D C:\Users\Eva\temp
2015-07-16 06:59 - 2010-02-06 17:48 - 00102276 _____ C:\Windows\PFRO.log
2015-07-15 04:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:33 - 2009-07-14 06:33 - 00592624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 03:31 - 2014-12-10 21:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:31 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-15 03:14 - 2013-08-04 06:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 03:07 - 2009-11-24 19:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 21:11 - 2013-11-11 09:54 - 00002132 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 20:30 - 2012-04-10 08:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 20:30 - 2011-08-02 08:53 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-09 18:00 - 2014-06-29 22:25 - 00004500 _____ C:\Users\Eva\9.mbs.txt
2015-07-08 23:00 - 2010-02-06 19:15 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-07-08 09:07 - 2014-03-18 13:13 - 00004498 _____ C:\Users\Eva\8.mbs.txt
2015-07-07 10:07 - 2010-02-06 20:05 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-07-07 09:58 - 2010-02-06 18:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-05 12:11 - 2010-02-06 18:09 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:49 - 2010-02-06 18:09 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 17:37 - 2014-03-12 07:06 - 00004498 _____ C:\Users\Eva\2.mbs.txt
2015-07-01 08:53 - 2014-04-01 14:42 - 00004498 _____ C:\Users\Eva\1.mbs.txt
2015-06-30 18:10 - 2014-06-20 15:19 - 00004498 _____ C:\Users\Eva\0.mbs.txt
2015-06-26 09:50 - 2014-03-06 12:07 - 00004500 _____ C:\Users\Eva\6.mbs.txt
2015-06-25 15:29 - 2014-02-25 13:09 - 00008996 _____ C:\Users\Eva\5.mbs.txt

==================== Files in the root of some directories =======

2012-04-20 17:25 - 2012-04-20 17:40 - 0000463 _____ () C:\Users\Eva\AppData\Roaming\burnaware.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 10:47

==================== End of log ============================
         
--- --- ---



Und hier die Addition.txt:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Eva at 2015-07-17 18:32:15
Running from C:\Users\Eva\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-641445819-3458068065-4247131985-500 - Administrator - Disabled)
Eva (S-1-5-21-641445819-3458068065-4247131985-1003 - Administrator - Enabled) => C:\Users\Eva
Gast (S-1-5-21-641445819-3458068065-4247131985-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
a.sign Bürgerkartensoftware 1.4.3.2 (HKLM\...\a.sign Bürgerkartensoftware) (Version: 1.4.3.2 - A-Trust GmbH)
a.sign Client 1.3.2.12 (HKLM\...\a.sign Client) (Version: 1.3.2.12 - A-Trust GmbH)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.4.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.2 - Adobe Systems Incorporated)
ADVOKAT edition3 (HKLM\...\ADVOKAT edition3) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archivium Dokumentenarchiv (HKU\.DEFAULT\...\Archivium Dokumentenarchiv) (Version:  - Backend - powered by Atos IT Solutions and Services GmbH © 2012)
Archivium Dokumentenarchiv (HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Archivium Dokumentenarchiv) (Version:  - SmartClient - powered by Atos IT Solutions and Services GmbH © 2012)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
asignPDFverify 1.0.9.0 (HKLM\...\asignPDFverify) (Version: 1.0.9.0 - A-Trust)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1D00}) (Version: 12.29.0.224 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon CanoScan Toolbox 5.0 (HKLM\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.8.0 - REINER SCT)
Die Matheprofis 1. CD-ROM (HKLM\...\Die Matheprofis 1. CD-ROM_is1) (Version:  - VERITAS Verlags- und Handelsges.m.b.H. & Co. OHG)
Die Matheprofis 2. CD-ROM (HKLM\...\Die Matheprofis 2. CD-ROM_is1) (Version:  - VERITAS Verlags- und Handelsges.m.b.H. & Co. OHG)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Disketch Disc Label Software (HKLM\...\Disketch) (Version:  - NCH Software)
Express Burn Disc-Brennsoftware (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Express Zip (HKLM\...\ExpressZip) (Version:  - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
H O B (HKLM\...\ST6UNST #1) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kundendienste Online 2.0.0.6 (HKLM\...\Kundendienste Online) (Version: 2.0.0.6 - A-Trust GmbH)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5449.37 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.019.0 - Lenovo)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version: 2.0.5.23 - Lenovo)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCH DE Toolbar (HKLM\...\NCH_DE Toolbar) (Version: 6.8.5.1 - NCH DE)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version:  - )
PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version:  - NCH Software)
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14G - NewSoft)
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Rita Brentrups Fetch (HKLM\...\Rita Brentrups Fetch) (Version: 1.0.4 - Frogster)
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6595 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Sprachlichter 2. Übungs-CD-ROM, V 1.0.2 (HKLM\...\Sprachlichter 2. Übungs-CD-ROM_is1) (Version: 1.0.2 - VERITAS Verlags- und Handelsges.m.b.H. & Co. OG)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0009 - Lenovo)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8703  - TeamViewer GmbH)
ThinkVantage Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.01.0064 - Lenovo Group Limited)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoPad Videobearbeitungs-Software (HKLM\...\VideoPad) (Version:  - NCH Software)
Wartung Samsung CLP-320 Series (HKLM\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
WavePad Audiobearbeitungs-Software (HKLM\...\WavePad) (Version:  - NCH Software)
WEKA Ehe- und Familienrecht 7.0 (HKLM\...\WEKA EHE_ UND FAMILIENRECHT 7_0) (Version: 7.0 - WEKA)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - AnalogDevices (ADIHdAudAddService) MEDIA  (08/05/2009 6.10.01.6595) (HKLM\...\93AD2191E5686B3317E2BD0E3777D115A48A17CB) (Version: 08/05/2009 6.10.01.6595 - AnalogDevices)
Windows-Treiberpaket - Intel (e1kexpress) Net  (06/22/2009 11.0.41.0) (HKLM\...\B6A8F7A84B769E405C68324492F9393BC7510DA3) (Version: 06/22/2009 11.0.41.0 - Intel)
Windows-Treiberpaket - Intel (HECI) System  (06/23/2009 5.2.0.1008) (HKLM\...\4CF241D8BEE94EE801F312E8B49B8E5BAA90F29A) (Version: 06/23/2009 5.2.0.1008 - Intel)
Windows-Treiberpaket - Intel (Serial) Ports  (07/06/2009 5.5.1.1012) (HKLM\...\3C2291C2CD0A09AF3D6EB38263B3E0471B8F67BB) (Version: 07/06/2009 5.5.1.1012 - Intel)
Windows-Treiberpaket - Intel Corporation (igfx) Display  (08/13/2009 8.15.10.1872) (HKLM\...\A5C5AE566ADB7C8046336DA2D0878900614D9235) (Version: 08/13/2009 8.15.10.1872 - Intel Corporation)
Zahlenreise 4. Übungs-CD-ROM, V 1.0.0 (HKLM\...\Zahlenreise 4. Übungs-CD-ROM_is1) (Version: 1.0.0 - VERITAS Verlags- und Handelsges.m.b.H. & Co. OG)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Eva\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-641445819-3458068065-4247131985-1003_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

==================== Restore Points =========================

09-07-2015 09:12:45 Windows Update
13-07-2015 08:46:30 Windows Update
15-07-2015 03:01:07 Windows Update
17-07-2015 03:00:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024DB363-B498-478B-AB3E-EADF3C36BE70} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-20] (PC-Doctor, Inc.)
Task: {27DDFB11-4675-4CE0-BBF1-7B8617CDDB87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {290DC614-695D-4409-B0E7-3F487DFBACBB} - System32\Tasks\Message Center plus => C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3604BF1E-5025-44FF-BFEC-57586C7CE3F2} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {53E2743B-6CAA-4703-884C-F5BC69DA6B97} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {647A0EC4-1774-4B5A-9E82-04AE564F34E4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21] (Adobe Systems Incorporated)
Task: {69F914DD-98CE-41D3-829F-4EBAAC143238} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-13] (Lenovo Group Limited)
Task: {6CCBE771-C80D-4A97-A827-2B1577B91204} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {82D50F71-F005-4A95-978A-BB5DF4485EC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DE43F03-A55D-4616-8D71-109CA80495EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {A94D9700-73CB-4677-B28D-EAEDDE1A05D7} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe [2012-09-10] (NCH Software)
Task: {BD427F82-1C4F-48A4-BC34-205DED128445} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {D1B6459C-35E0-41CB-9E72-3EC247F8878B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION
Task: {E50ADE4B-7C74-43AC-B9F2-9852A7335D08} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {FF44B241-F90E-4AF3-88AE-1F25805F533B} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2010-01-05] (PC-Doctor, Inc.)
Task: {FFCFC50E-AD74-4056-A433-6E82213F9E88} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (Whitelisted) ==============

2011-12-20 12:00 - 2009-09-11 09:47 - 00026624 _____ () C:\Windows\System32\sst3cl3.dll
2009-11-27 13:00 - 2009-11-27 13:00 - 00077824 _____ () C:\Program Files\ADVOKAT\AdvoServ.exe
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 22:14 - 2008-02-14 16:46 - 00204800 _____ () C:\Programme\Archivium\backend\wrapper.exe
2010-03-09 22:14 - 2008-02-14 16:46 - 00081920 _____ () C:\Programme\Archivium\backend\wrapper.dll
2010-02-06 19:51 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2009-11-24 18:52 - 2009-07-16 03:20 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2012-09-10 14:26 - 2012-09-10 14:26 - 00082944 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll
2009-11-24 18:55 - 2009-08-11 19:00 - 00035328 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2009-11-24 18:52 - 2008-12-16 14:47 - 00020480 _____ () C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE
2010-03-19 16:36 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2010-03-19 16:36 - 2006-09-19 17:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2011-12-20 11:59 - 2010-06-07 12:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-05-13 15:52 - 2015-02-17 16:05 - 00045056 ____N () C:\Program Files\WEKA-Verlag\Ehe- und Familienrecht 1.2\webapp\standard\dll\SHINativeUtil.dll
2015-05-13 15:50 - 2015-02-17 16:05 - 01351168 ____N () C:\Program Files\WEKA-Verlag\Ehe- und Familienrecht 1.2\ip-engine\StdFTS\cpl25m.dll
2015-05-13 15:50 - 2015-02-17 16:05 - 00811008 ____N () C:\PROGRAM FILES\WEKA-VERLAG\EHE- UND FAMILIENRECHT 1.2\IP-ENGINE\STDFTS\CONFIG\PROD\RCA\SHICplUni.dll
2015-05-13 15:50 - 2015-02-17 16:05 - 00226816 ____N () C:\PROGRAM FILES\WEKA-VERLAG\EHE- UND FAMILIENRECHT 1.2\IP-ENGINE\STDFTS\CONFIG\PROD\LSS\lss_back.dll
2015-05-13 15:50 - 2015-02-17 16:05 - 00296960 ____N () C:\PROGRAM FILES\WEKA-VERLAG\EHE- UND FAMILIENRECHT 1.2\IP-ENGINE\STDFTS\CONFIG\PROD\LSS\lss_unic.dll
2013-12-04 17:12 - 2013-12-04 17:12 - 02393984 _____ () C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll
2013-12-04 17:12 - 2013-12-04 17:12 - 00008064 _____ () C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll
2013-12-04 17:12 - 2013-12-04 17:12 - 00407424 _____ () C:\Program Files\A-Trust GmbH\a.sign Client\plug_acSecurityLayer.dll
2015-07-17 18:27 - 2015-07-17 18:27 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\bgfeldkirch.at -> hxxp://bgfeldkirch.at
IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\ieaddons.com -> hxxp://www.ieaddons.com
IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\microsoft.com -> hxxp://microsoft.com
IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\microsoft.de -> hxxp://microsoft.de
IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\webuntis.com -> hxxp://klio.webuntis.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D445835F-B031-42B2-963D-97555731744C}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{8A83093A-D844-47DD-8480-0B9160212AEB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{33CB5A6C-131B-4789-96AA-7EEE4A9A6985}] => (Allow) svchost.exe
FirewallRules: [{0C5AFF47-8112-4410-A847-6F2C40BAB634}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{C2393A52-02AE-42AF-ADD6-710FD827B9C9}C:\program files\archivium\jre\bin\javaw.exe] => (Allow) C:\program files\archivium\jre\bin\javaw.exe
FirewallRules: [UDP Query User{289C5AD5-7ABE-4FB1-A7DC-5EB6221FFF61}C:\program files\archivium\jre\bin\javaw.exe] => (Allow) C:\program files\archivium\jre\bin\javaw.exe
FirewallRules: [{5E4488F8-4B91-49F4-AE5A-95EBBFEC5CFB}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{16884E1E-E495-4D60-B82B-902B966B0EB0}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{427CFA84-9DEF-4E2A-AC74-9EC06618BD0B}] => (Allow) C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
FirewallRules: [{04EFBC5B-FCA6-4A29-BAD6-57B8F34EDC66}] => (Allow) C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
FirewallRules: [{18AFFAB1-AFB2-47BE-AAE4-769F8C92518A}] => (Allow) C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
FirewallRules: [{BDC8AFBE-B95A-4A08-9B36-128A6C1ACD57}] => (Allow) C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
FirewallRules: [TCP Query User{5C0C9850-22E5-485C-8253-8198893AA398}\\srv01\hbp\hbp\hbp.exe] => (Allow) \\srv01\hbp\hbp\hbp.exe
FirewallRules: [UDP Query User{3E9A0D64-0EAA-4776-91F7-60346DA342E7}\\srv01\hbp\hbp\hbp.exe] => (Allow) \\srv01\hbp\hbp\hbp.exe
FirewallRules: [TCP Query User{3DB9D884-E1BA-4A06-8B5C-43482AF1E3B8}C:\program files\archivium\jre1.6.0_20\bin\javaw.exe] => (Allow) C:\program files\archivium\jre1.6.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{CAA642C3-923C-4B61-9AF1-6EB69B0FD2C8}C:\program files\archivium\jre1.6.0_20\bin\javaw.exe] => (Allow) C:\program files\archivium\jre1.6.0_20\bin\javaw.exe
FirewallRules: [{5925ED16-6FF7-4D2E-A556-0BF49DD8F9A2}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3E84CD7-9F78-444F-B22D-BC99513A96C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B53748AE-1DB2-4DF1-9934-331A489D9668}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8B411DF-5CBF-43C1-8CFE-CEDCEA31F6C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9F2AD31D-60D4-485E-A495-7A56739BB886}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{05172996-609B-4239-923D-7FAD661B14FF}] => (Allow) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
FirewallRules: [{5A417DF9-246F-49BF-B21E-C0266E8D26F0}] => (Allow) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
FirewallRules: [{66616FE5-1A4E-4203-A7A3-C99C48CF6F7D}] => (Allow) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\Einstellungen.exe
FirewallRules: [{C0D4906D-97D9-4630-8E2F-FC6B379C1008}] => (Allow) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\Einstellungen.exe
FirewallRules: [{96E2D532-C409-4B34-98BD-B7E27B977AE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2EF262F4-B021-4677-8C40-3615DD0E333A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{521A406C-2C8B-4704-A3A0-40129A954BA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 11:37:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17909 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 738

Startzeit: 01d0c00f1e733210

Endzeit: 28

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (07/15/2015 08:38:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17909 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17e4

Startzeit: 01d0bec878e1794c

Endzeit: 16

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (07/15/2015 03:03:20 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (07/14/2015 05:18:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17840 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1204

Startzeit: 01d0be48351a4eb3

Endzeit: 8

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 95afe279-2a3b-11e5-8988-002186f01a11

Error: (07/14/2015 03:01:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Advokat3.exe, Version: 5.22.0.0, Zeitstempel: 0x558be089
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bd3e
ID des fehlerhaften Prozesses: 0x2d4
Startzeit der fehlerhaften Anwendung: 0xAdvokat3.exe0
Pfad der fehlerhaften Anwendung: Advokat3.exe1
Pfad des fehlerhaften Moduls: Advokat3.exe2
Berichtskennung: Advokat3.exe3

Error: (07/14/2015 06:58:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17840 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a0

Startzeit: 01d0bdf195fb7853

Endzeit: 31

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (07/13/2015 01:48:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17840 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 131c

Startzeit: 01d0bd619d574a97

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (07/13/2015 08:42:06 AM) (Source: SQLBrowser) (EventID: 8) (User: )
Description: Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.

Error: (07/13/2015 08:42:06 AM) (Source: SQLBrowser) (EventID: 8) (User: )
Description: Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.

Error: (07/13/2015 08:42:06 AM) (Source: SQLBrowser) (EventID: 8) (User: )
Description: Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.


System errors:
=============
Error: (07/17/2015 05:28:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/16/2015 05:16:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/16/2015 06:59:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/15/2015 03:44:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/15/2015 03:44:00 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/15/2015 03:34:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/15/2015 03:30:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/14/2015 03:14:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/14/2015 03:14:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/14/2015 03:04:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (07/01/2013 10:27:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2013 06:47:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10637 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (04/01/2011 04:21:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (08/04/2010 03:15:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58864 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (07/01/2010 06:56:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/17/2010 11:19:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/12/2010 08:06:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28628 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 65%
Total physical RAM: 1900.11 MB
Available physical RAM: 652.95 MB
Total Virtual: 3800.22 MB
Available Virtual: 2075.47 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:223.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:4.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: CDEDD605)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---



Ich hoffe, soweit korrekt gepostet zu haben.

Gruß,
Gödel
__________________

Alt 18.07.2015, 10:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Ask Toolbar

    Ask Toolbar Updater


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2015, 12:14   #5
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hallo Schrauber,

der Malwarebytes-Ani-Rootkit-Scan hängt seit ca. 30 Minuten bei einem File "...edMobileDriver_S4981MAN32AP22_ML_WHQL_Ver_3.2.rar:Zone.Identif" (mehr ist aus der Scan-Progress-Zeile nicht zu entnehmen). Was soll ich tun?

Gruß,
Gödel


PS: Die Ask-Toolbar Programme habe ich mit dem Revo-Uninstaller entfernt.


Alt 18.07.2015, 14:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Abbrechen und im abgesicherten Modus nochmal laufen lassen.
__________________
--> Wahrscheinlich Banking-Trojaner eingefangen

Alt 18.07.2015, 16:09   #7
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Irgendwie krieg' ich's nicht gebacken. Zweimal Neustart im abgesicherten Modus, jedesmal friert mir das Malwarebytes-Ani-Rootkit nach einer gewissen Zeit ein! (Immer bei einer anderen Datei, jetzt gerade ein .docx-File.)
Ich bin gerade echt ratlos...

Gruß,
Gödel

Alt 19.07.2015, 06:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Dann lass MBAR weg und mach das andere
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.07.2015, 18:47   #9
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Danke,

also ich habe zwischenzeitlich noch ungefähr 1 Tonne Programme deinstalliert, die ich eigentlich nicht brauche und habe das Malwarebytes-Anti-Rootkit nochmals laufen gelassen - hat nichts gebracht...

Dann, auf Deinen geschätzten Rat hin, TDSSKiller gestartet mit folgendem Report:

Code:
ATTFilter
12:31:07.0055 0x1400  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:31:10.0440 0x1400  ============================================================
12:31:10.0440 0x1400  Current date / time: 2015/07/19 12:31:10.0440
12:31:10.0440 0x1400  SystemInfo:
12:31:10.0440 0x1400  
12:31:10.0440 0x1400  OS Version: 6.1.7601 ServicePack: 1.0
12:31:10.0440 0x1400  Product type: Workstation
12:31:10.0440 0x1400  ComputerName: COMPE
12:31:10.0440 0x1400  UserName: Eva
12:31:10.0440 0x1400  Windows directory: C:\Windows
12:31:10.0440 0x1400  System windows directory: C:\Windows
12:31:10.0440 0x1400  Processor architecture: Intel x86
12:31:10.0440 0x1400  Number of processors: 2
12:31:10.0440 0x1400  Page size: 0x1000
12:31:10.0440 0x1400  Boot type: Normal boot
12:31:10.0440 0x1400  ============================================================
12:31:12.0609 0x1400  KLMD registered as C:\Windows\system32\drivers\03014921.sys
12:31:12.0905 0x1400  System UUID: {FA272EC1-E2DA-C198-95D8-C57EB0D419ED}
12:31:13.0654 0x1400  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:13.0701 0x1400  ============================================================
12:31:13.0701 0x1400  \Device\Harddisk0\DR0:
12:31:13.0732 0x1400  MBR partitions:
12:31:13.0732 0x1400  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
12:31:13.0732 0x1400  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D800
12:31:13.0732 0x1400  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
12:31:13.0732 0x1400  ============================================================
12:31:13.0763 0x1400  C: <-> \Device\Harddisk0\DR0\Partition2
12:31:13.0872 0x1400  Q: <-> \Device\Harddisk0\DR0\Partition3
12:31:13.0997 0x1400  ============================================================
12:31:13.0997 0x1400  Initialize success
12:31:13.0997 0x1400  ============================================================
12:31:21.0048 0x16a8  ============================================================
12:31:21.0048 0x16a8  Scan started
12:31:21.0048 0x16a8  Mode: Manual; 
12:31:21.0048 0x16a8  ============================================================
12:31:21.0048 0x16a8  KSN ping started
12:31:23.0872 0x16a8  KSN ping finished: true
12:31:24.0855 0x16a8  ================ Scan system memory ========================
12:31:24.0855 0x16a8  System memory - ok
12:31:24.0855 0x16a8  ================ Scan services =============================
12:31:25.0026 0x16a8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:31:25.0026 0x16a8  1394ohci - ok
12:31:25.0073 0x16a8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:31:25.0073 0x16a8  ACPI - ok
12:31:25.0089 0x16a8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:31:25.0089 0x16a8  AcpiPmi - ok

(...SKIP...)

C:\Program Files\Windows Sidebar\Sidebar.exe
12:34:28.0514 0x0d58  Sidebar - ok
12:34:28.0529 0x0d58  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:34:28.0545 0x0d58  mctadmin - ok
12:34:28.0576 0x0d58  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:34:28.0623 0x0d58  Sidebar - ok
12:34:28.0638 0x0d58  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:34:28.0654 0x0d58  mctadmin - ok
12:34:28.0810 0x0d58  [ 8A2A732CCAEB7DB3ECA59502B73E4AC9, F6D94F73D6FCA23866C76CFCDD608DE3AC2759BD9DA0A504A6C875F6AC9EF478 ] C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
12:34:28.0888 0x0d58  acSecurityLayer - ok
12:34:28.0919 0x0d58  JUZgkloz - ok
12:34:28.0935 0x0d58  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
12:34:28.0935 0x0d58  Win FW state via NFP2: enabled
12:34:31.0696 0x0d58  ============================================================
12:34:31.0696 0x0d58  Scan finished
12:34:31.0696 0x0d58  ============================================================
12:34:31.0696 0x0384  Detected object count: 2
12:34:31.0696 0x0384  Actual detected object count: 2
12:35:33.0550 0x0384  AdvoServ ( UnsignedFile.Multi.Generic ) - skipped by user
12:35:33.0550 0x0384  AdvoServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:35:33.0550 0x0384  SHIWebOnDiskManager ( UnsignedFile.Multi.Generic ) - skipped by user
12:35:33.0550 0x0384  SHIWebOnDiskManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Das gesamte Log-File überschreitet leider die erlaubte Größe (deshalb ist ein Teil geskippt).
Vielen Dank für Deine weiteren Mühen!

Gruß,
Gödel

mbar hat endlich seinen Scan beendet!!!

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.19.02
  rootkit: v2015.07.17.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17914
Eva :: COMPE [administrator]

19.07.2015 18:14:04
mbar-log-2015-07-19 (18-14-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 326510
Time elapsed: 25 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Was darf ich jetzt tun?


Dank und Gruß,
Gödel

Alt 20.07.2015, 08:51   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



OK, da ist schon mal nix


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2015, 17:54   #11
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Yes, hab' ich gemacht!

Code:
ATTFilter
ComboFix 15-07-18.01 - Eva 20.07.2015  15:53:12.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.1900.755 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\Eva\AppData\Roaming\.#
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Recent\SAMSUNG Dr.Printer.url
c:\windows\system32\Cache
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-19 bis 2015-07-19  ))))))))))))))))))))))))))))))
.
.
2015-07-19 19:01 . 2015-07-19 19:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-19 12:26 . 2015-07-19 12:26	--------	d-----w-	c:\program files\Sophos
2015-07-19 12:14 . 2015-07-19 12:15	--------	d-----w-	c:\users\Eva\AppData\Roaming\QuickScan
2015-07-19 12:01 . 2015-07-19 12:02	39168	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03BA0966-79ED-4DB0-9DCA-0DF5AE070F2C}\MpKslbffd80ef.sys
2015-07-19 09:30 . 2015-07-19 09:30	--------	d-----w-	c:\programdata\NCH Software
2015-07-18 21:27 . 2015-06-18 06:41	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-07-18 21:27 . 2015-06-18 06:41	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-07-18 21:26 . 2015-07-18 21:27	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-07-18 21:26 . 2015-07-18 21:26	--------	d-----w-	c:\users\Eva\AppData\Local\Programs
2015-07-18 13:32 . 2015-06-12 07:54	9252600	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03BA0966-79ED-4DB0-9DCA-0DF5AE070F2C}\mpengine.dll
2015-07-18 09:33 . 2015-07-18 21:26	--------	d-----w-	c:\programdata\Malwarebytes
2015-07-18 09:32 . 2015-07-19 16:43	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-18 09:32 . 2015-07-19 18:12	98520	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-18 09:31 . 2015-06-18 06:41	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-17 16:31 . 2015-07-17 16:33	--------	d-----w-	C:\FRST
2015-07-17 05:11 . 2015-06-12 07:54	9252600	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-16 05:28 . 2015-07-02 05:57	912000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D06D4AAC-661E-40BE-8B59-47E1440384A9}\gapaengine.dll
2015-07-14 23:48 . 2015-06-01 23:47	210432	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-07 08:16 . 2015-07-07 08:16	--------	d-----w-	c:\users\Eva\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:11 . 2010-02-06 16:09	246952	------w-	c:\windows\system32\MpSigStub.exe
2015-07-02 05:57 . 2013-08-23 07:06	912000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-16 23:01 . 2015-06-16 23:01	1202856	----a-w-	c:\windows\system32\FM20.DLL
2015-06-02 14:30 . 2014-07-21 14:40	96352	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-05-25 18:07 . 2015-06-10 04:41	3989440	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 04:41	3934144	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 04:41	1307648	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:01 . 2015-06-10 04:41	853504	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:01 . 2015-06-10 04:41	635392	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:01 . 2015-06-10 04:41	400896	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:01 . 2015-06-10 04:41	43008	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:01 . 2015-06-10 04:41	92160	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-06-10 04:41	38912	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:01 . 2015-06-10 04:41	641536	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:00 . 2015-06-10 04:41	40448	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:00 . 2015-06-10 04:41	364544	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 04:41	69632	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:00 . 2015-06-10 04:41	262656	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:00 . 2015-06-10 04:41	37888	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:00 . 2015-06-10 04:41	82944	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:00 . 2015-06-10 04:41	17408	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 17:55 . 2015-06-10 04:41	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 16:53 . 2015-06-10 04:41	36864	----a-w-	c:\windows\system32\UtcResources.dll
2015-05-21 13:20 . 2015-06-10 04:43	163840	----a-w-	c:\windows\system32\aepic.dll
2015-05-09 03:14 . 2015-06-10 04:41	169984	----a-w-	c:\windows\system32\winsrv.dll
2015-05-09 03:13 . 2015-06-10 04:41	293376	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-09 03:12 . 2015-06-10 04:41	271360	----a-w-	c:\windows\system32\conhost.exe
2015-05-09 03:08 . 2015-06-10 04:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 04:41	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 04:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 04:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 04:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:16 . 2015-05-13 19:18	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:07 . 2015-06-10 04:41	4096	----a-w-	c:\windows\system32\msdxm.ocx
2015-04-29 18:07 . 2015-06-10 04:41	4096	----a-w-	c:\windows\system32\dxmasf.dll
2015-04-29 18:07 . 2015-06-10 04:41	8192	----a-w-	c:\windows\system32\spwmp.dll
2015-04-29 18:05 . 2015-06-10 04:41	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2015-04-24 17:56 . 2015-06-10 04:41	530432	----a-w-	c:\windows\system32\comctl32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acSecurityLayer"="c:\program files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2013-12-04 3647360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="c:\program files\Lenovo\Mouse Suite\ICO.EXE" [2009-01-04 65536]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-11 622592]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-08-13 72256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-06-12 606208]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
"SHIWebOnDiskManager"="c:\program files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" [2015-02-17 245760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA&inst=NwA3AC0ANAAzADEANgA0ADgAOAAzADkALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0AWABPADkAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwA0ADIAOQA0ADkANQA0ADgANwA3AC0AUwBUADkAMABGAEEAUABQACsAMQAtAEQARAA5ADAARgArADEALQBGAFUASQArADIALQBGADkAMABNADEAMgBSACsAMQAxAC0AVgBJAFAAMQAyACsAMQA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files\A-Trust GmbH\a.sign Client\ASignLauncher.exe [2014-2-24 2496896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Archivium;Archivium backend;c:\programme\Archivium\backend\wrapper.exe [2008-02-14 204800]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2012-03-02 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2012-03-02 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2012-03-02 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2012-03-02 25088]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-05-31 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-06-18 94936]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-29 284504]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 MpKslbffd80ef;MpKslbffd80ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03BA0966-79ED-4DB0-9DCA-0DF5AE070F2C}\MpKslbffd80ef.sys [2015-07-19 39168]
S2 AdvoServ;ADVOKAT3 Inst;c:\program files\ADVOKAT\AdvoServ.exe [2009-11-27 77824]
S2 backend;backend;c:\programme\Archivium\\apache-tomcat-6\bin\tomcat6.exe [2012-12-01 74752]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2009-04-15 654640]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-13 72256]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-21 2066968]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-06-22 202408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5DC9.tmp [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MEMSWEEP2
*NewlyCreated* - MPKSLBFFD80EF
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - kxtdqpog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 19:09	991048	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 21:46]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 21:46]
.
2015-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2015-07-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-05 07:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.at/
Trusted Zone: bgfeldkirch.at
Trusted Zone: microsoft.com
Trusted Zone: microsoft.de
Trusted Zone: raiffeisen.at\banking
Trusted Zone: webuntis.com\klio
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FA3ADDC-92F6-4931-A86E-7E8E904FB566}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default\
FF - prefs.js: browser.search.selectedEngine - NCH DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-JUZgkloz - c:\programdata\JUZgkloz.exe
AddRemove-Archivium Dokumentenarchiv - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5DC9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-19  21:04:00
ComboFix-quarantined-files.txt  2015-07-19 19:03
.
Vor Suchlauf: 50 Verzeichnis(se), 237.969.281.024 Bytes frei
Nach Suchlauf: 55 Verzeichnis(se), 238.361.845.760 Bytes frei
.
- - End Of File - - 1089661C3635EE5C8964DFA640F603C8
A36C5E4F47E84449FF07ED3517B43A31
         
Neustart, Combofix hat nichts angemeckert, Bankingseite aufgerufen und siehe da:
scheint so zu sein wie früher - keinerlei obskure Meldungen!
Ich hoffe, die Kiste ist sauber!?


Gruß,
Gödel

Alt 21.07.2015, 07:59   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



noch nicht ganz

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2015, 22:43   #13
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hallo Schrauber,

zuerst mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 21.07.2015
Suchlaufzeit: 22:15
Protokolldatei: mbam_20150721.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.21.07
Rootkit-Datenbank: v2015.07.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Eva

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338297
Abgelaufene Zeit: 18 Min., 49 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Rest folgt in Kürze!

Vielen Dank und besten Gruß
Gödel

Alt 22.07.2015, 09:16   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2015, 20:22   #15
goedel
 
Wahrscheinlich Banking-Trojaner eingefangen - Standard

Wahrscheinlich Banking-Trojaner eingefangen



Hallo Schrauber,

ich bin erst heute wieder an meinem Rechner gesessen - vielen Dank für die Geduld!

Der AdwCleaner wirft dieses aus:

Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 21/07/2015 um 22:47:37
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Eva - COMPE
# Gestarted von : C:\Users\Eva\Downloads\eMbahr\adwcleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Eva\AppData\LocalLow\Conduit
Datei Gelöscht : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default\invalidprefs.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Description

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 de)

[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.InstallationId", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SavedHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchEngineBeforeUnload", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,tbclient.tbccint.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurToolbar.co[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.embeddedsData", "[{\"appId\":\"129306877457319611\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.installId", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.installType", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.isPerformedSmartBarTransition", "true");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.originalHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.originalSearchEngine", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.CTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.Uninstall", "0");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.homepage", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.toolbarName", "NCH DE ");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937", "\"cf586bc91d6135c25de29352c439d73c3\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/AT", "\"5d1f6b2d52509e2c8908f2b1c4ea183b\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", "\"1346078238\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"dfe74040abc2ce1:0\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937", "\"a238378f7d0708034a0defa297cb8b8b\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"602b9c5c1d04e9572d485e57be47d0c5\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Eva\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gyx42jr6.default\\conduitCommon\\modules\\3.12.0.8");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.globalUserId", "dbdec4c4-4c2d-4d65-a7c7-b1cf2bbae071");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 10 2014 17:51:25 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Sep 10 2014 17:51:32 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alertsnotifications.ourtoolbar.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 10 2014 17:51:24 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1401369664");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.tbccint.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userId", "a64c382f-0333-4f6b-bbeb-214cb371e5f3");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}&CUI=UN07952075479111276");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBSearchEngineList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}&CUI=UN07952075479111276");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13,hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&CUI=UN07952075479111276&UM[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13,hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "J0MQKITLZNZH0QFBJPFLSS02SX0N3+STNB53+XVE7LSP4S+QPMZ8WEQKEETFKNROCW7EXWAJSGCYPOBJOPAZAQ");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&CUI=UN07952075479111276&UM=&q=,ht[...]

-\\ Google Chrome v43.0.2357.134

[C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=&apn_ptnrs=U3&apn_sauid=&apn_dtid=OSJ000YYAT&psv=&q={searchTerms}

*************************

AdwCleaner[R0].txt - [12606 Bytes] - [21/07/2015 22:45:52]
AdwCleaner[S0].txt - [13218 Bytes] - [21/07/2015 22:47:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13278  Bytes] ##########
         


JRT meldet folgendes:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x86
Ran by Eva on 23.07.2015 at 20:25:17,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\newsoft
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Eva\Appdata\Local\newsoft
Successfully deleted: [Folder] C:\Users\Eva\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Eva\Documents\my pagemanager



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\gyx42jr6.default\smartbar
Successfully deleted the following from C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\gyx42jr6.default\prefs.js

user_pref(CT2801937..clientLogIsEnabled, false);
user_pref(CT2801937..clientLogServiceUrl, hxxp://clientlog.users.tbccint.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent);
user_pref(CT2801937..uninstallLogServiceUrl, hxxp://uninstall.users.tbccint.com/Uninstall.asmx/RegisterToolbarUninstallation);
user_pref(CT2801937.1000082.isPlayDisplay, true);
user_pref(CT2801937.1000082.state, {\state\:\stopped\,\text\:\GermanyFM...\,\description\:\GermanyFM Info\,\url\:\hxxp://www.1000mikes.com/audio/1000mikes.m3
user_pref(CT2801937.1000234.TWC_locId, AUXX0008);
user_pref(CT2801937.1000234.TWC_temp_dis, c);
user_pref(CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR, false);
user_pref(CT2801937.AppTrackingLastCheckTime, Wed Oct 23 2013 11:50:18 GMT+0200);
user_pref(CT2801937.BrowserCompStateIsOpen_129799487489787934, true);
user_pref(CT2801937.BrowserCompStateIsOpen_129800116201456332, true);
user_pref(CT2801937.CTID, CT2801937);
user_pref(CT2801937.CurrentServerDate, 10-9-2014);
user_pref(CT2801937.DSInstall, true);
user_pref(CT2801937.DialogsAlignMode, LTR);
user_pref(CT2801937.DialogsGetterLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.DownloadReferralCookieData, );
user_pref(CT2801937.EMailNotifierPollDate, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.FirstServerDate, 22-5-2012);
user_pref(CT2801937.FirstTime, true);
user_pref(CT2801937.FirstTimeFF3, true);
user_pref(CT2801937.FixPageNotFoundErrors, true);
user_pref(CT2801937.GroupingServerCheckInterval, 1440);
user_pref(CT2801937.GroupingServiceUrl, hxxp://grouping.tbccint.com/);
user_pref(CT2801937.HPInstall, true);
user_pref(CT2801937.HasUserGlobalKeys, true);
user_pref(CT2801937.HomePageProtectorEnabled, true);
user_pref(CT2801937.Initialize, true);
user_pref(CT2801937.InitializeCommonPrefs, true);
user_pref(CT2801937.InstallationAndCookieDataSentCount, 3);
user_pref(CT2801937.InstalledDate, Wed May 09 2012 09:39:28 GMT+0200);
user_pref(CT2801937.InvalidateCache, false);
user_pref(CT2801937.IsAlertDBUpdated, true);
user_pref(CT2801937.IsGrouping, false);
user_pref(CT2801937.IsInitSetupIni, true);
user_pref(CT2801937.IsMulticommunity, false);
user_pref(CT2801937.IsOpenThankYouPage, false);
user_pref(CT2801937.IsOpenUninstallPage, true);
user_pref(CT2801937.IsProtectorsInit, true);
user_pref(CT2801937.LanguagePackLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.LanguagePackReloadIntervalMM, 1440);
user_pref(CT2801937.LanguagePackServiceUrl, hxxp://translation.users.tbccint.com/Translation.ashx);
user_pref(CT2801937.LastLogin_3.12.0.8, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.LatestVersion, 3.20.0.4);
user_pref(CT2801937.Locale, de);
user_pref(CT2801937.MCDetectTooltipHeight, 83);
user_pref(CT2801937.MCDetectTooltipUrl, hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1);
user_pref(CT2801937.MCDetectTooltipWidth, 295);
user_pref(CT2801937.MyStuffEnabledAtInstallation, true);
user_pref(CT2801937.OriginalFirstVersion, 3.12.0.8);
user_pref(CT2801937.RadioIsPodcast, false);
user_pref(CT2801937.RadioLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.RadioLastUpdateIPServer, 3);
user_pref(CT2801937.RadioLastUpdateServer, 129800256255330000);
user_pref(CT2801937.RadioMediaID, 21560175);
user_pref(CT2801937.RadioMediaType, Media Player);
user_pref(CT2801937.RadioMenuSelectedID, EBRadioMenu_CT280193721560175);
user_pref(CT2801937.RadioShrinkedFromSetup, false);
user_pref(CT2801937.RadioStationName, GermanyFM%20Info);
user_pref(CT2801937.RadioStationURL, hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680);
user_pref(CT2801937.RestartDialogFirstTime, false);
user_pref(CT2801937.RestartDialogShouldDisplay, false);
user_pref(CT2801937.SearchFromAddressBarIsInit, true);
user_pref(CT2801937.SearchInNewTabEnabled, true);
user_pref(CT2801937.SearchInNewTabIntervalMM, 1440);
user_pref(CT2801937.SearchInNewTabLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SearchProtectorEnabled, true);
user_pref(CT2801937.SearchProtectorToolbarDisabled, false);
user_pref(CT2801937.SendProtectorDataViaLogin, true);
user_pref(CT2801937.ServiceMapLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SettingsLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SettingsLastUpdate, 1405919504);
user_pref(CT2801937.ThirdPartyComponentsInterval, 504);
user_pref(CT2801937.ThirdPartyComponentsLastCheck, Thu Aug 21 2014 11:38:46 GMT+0200);
user_pref(CT2801937.ThirdPartyComponentsLastUpdate, 1331806000);
user_pref(CT2801937.ToolbarShrinkedFromSetup, false);
user_pref(CT2801937.TrusteLinkUrl, hxxp://trust.cpccint.com);
user_pref(CT2801937.UserID, UN07952075479111276);
user_pref(CT2801937.WeatherNetwork, );
user_pref(CT2801937.WeatherPollDate, Wed Sep 10 2014 17:51:26 GMT+0200);
user_pref(CT2801937.WeatherUnit, C);
user_pref(CT2801937.XING_APP_MARKETPLACE_APP_LANG.enc, ZW4=);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_NORMAL.enc, NTY5);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_SHORT.enc, NDE1);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_WIDTH.enc, MzUz);
user_pref(CT2801937.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2801937.alertChannelId, 1194019);
user_pref(CT2801937.autoDisableScopes, -1);
user_pref(CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f, 66616C7365);
user_pref(CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f, 66616C7365);
user_pref(CT2801937.backendstorage.xing_app_marketplace_app_lang, 656E);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal, 353639);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_height_short, 343135);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_width, 333533);
user_pref(CT2801937.countryCode, AT);
user_pref(CT2801937.enableAlerts, always);
user_pref(CT2801937.firstTimeDialogOpened, true);
user_pref(CT2801937.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT2801937.fixPageNotFoundErrorInHidden, true);
user_pref(CT2801937.fullUserID, UN07952075479111276.UP.20140926085027);
user_pref(CT2801937.globalFirstTimeInfoLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.homepageProtectorEnableByLogin, true);
user_pref(CT2801937.homepageuserchanged, true);
user_pref(CT2801937.initDone, true);
user_pref(CT2801937.isAppTrackingManagerOn, false);
user_pref(CT2801937.isCheckedStartAsHidden, true);
user_pref(CT2801937.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.isFirstRadioInstallation, false);
user_pref(CT2801937.isFirstTimeToolbarLoading, false);
user_pref(CT2801937.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2801937.keyword, true);
user_pref(CT2801937.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://www.trovigo.com/?gd=&ctid=CT2801937&octid=CT2801937&ISID=ISID_ID&SearchSource=15&CUI=UN07
user_pref(CT2801937.lastVersion, 10.33.0.517);
user_pref(CT2801937.missingMachineIdSent, true);
user_pref(CT2801937.myStuffEnabled, R@	????@D@	????`?H	??????H	??????H	??????H	?????H	????);
user_pref(CT2801937.myStuffPublihserMinWidth, 400);
user_pref(CT2801937.myStuffSearchUrl, hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID);
user_pref(CT2801937.myStuffServiceIntervalMM, 1440);
user_pref(CT2801937.navigateToUrlOnSearch, false);
user_pref(CT2801937.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\file%3A%2F%2F%2FC%3A%2FUsers%2FEva%2FAppData%2FLocal%2FMicrosoft%2FWindows%2FTem
user_pref(CT2801937.oldAppsList, 129306877456538355,129306877457319611,111,129306877459819678,129306877459975929,129799474422717075,129799483853381569,129799494588344200,12
user_pref(CT2801937.originalSearchAddressUrl, chrome://browser-region/locale/region.properties);
user_pref(CT2801937.performedDomainChangesMigration, true);
user_pref(CT2801937.revertSettingsEnabled, true);
user_pref(CT2801937.search.searchAppId, 129306877457319611);
user_pref(CT2801937.search.searchCount, 0);
user_pref(CT2801937.searchFromAddressBarEnabledByUser, true);
user_pref(CT2801937.searchInNewTabEnabledByUser, true);
user_pref(CT2801937.searchInNewTabEnabledInHidden, true);
user_pref(CT2801937.searchProtectorDialogDelayInSec, 10);
user_pref(CT2801937.searchProtectorEnableByLogin, true);
user_pref(CT2801937.searchSuggestEnabledByUser, true);
user_pref(CT2801937.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2801937\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://NCHDE.OurToolbar.com//xpi\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\NCH DE \});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2801937.serviceLayer_services_Configuration_lastUpdate, 1411714230096);
user_pref(CT2801937.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1411714231346);
user_pref(CT2801937.serviceLayer_services_appsMetadata_lastUpdate, 1411714230930);
user_pref(CT2801937.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1411714230961);
user_pref(CT2801937.serviceLayer_services_login_10.20.101.5_lastUpdate, 1411714231224);
user_pref(CT2801937.serviceLayer_services_login_10.33.0.517_lastUpdate, 1411715218985);
user_pref(CT2801937.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1411714231052);
user_pref(CT2801937.serviceLayer_services_searchAPI_lastUpdate, 1411714230109);
user_pref(CT2801937.serviceLayer_services_serviceMap_lastUpdate, 1411714229312);
user_pref(CT2801937.serviceLayer_services_toolbarContextMenu_lastUpdate, 1411714230802);
user_pref(CT2801937.serviceLayer_services_toolbarSettings_lastUpdate, 1411714229586);
user_pref(CT2801937.serviceLayer_services_translation_lastUpdate, 1411714231319);
user_pref(CT2801937.settingsINI, true);
user_pref(CT2801937.showToolbarPermission, false);
user_pref(CT2801937.testingCtid, );
user_pref(CT2801937.toolbarAppMetaDataLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.toolbarBornServerTime, 22-5-2012);
user_pref(CT2801937.toolbarContextMenuLastCheckTime, Wed May 09 2012 09:39:32 GMT+0200);
user_pref(CT2801937.toolbarCurrentServerTime, 26-9-2014);
user_pref(CT2801937.toolbarLoginClientTime, Fri Sep 26 2014 08:50:31 GMT+0200);
user_pref(CT2801937.upgradeFromOBVersion, true);
user_pref(CT2801937.xing_app_marketplace_gadget_height_normal.from_oldbar.enc, NTY5);
user_pref(CT2801937.xing_app_marketplace_gadget_height_short.from_oldbar.enc, NDE1);
user_pref(CT2801937.xing_app_marketplace_gadget_width.from_oldbar.enc, MzUz);
user_pref(CT2801937_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1436256771767,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(valueApps.storage.mam_gk_userId, 61646266613263652D353931302D346333382D616431322D323239303964366565326566);



~~~ Chrome


[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2015 at 20:30:14,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

... und zu guter Letzt das FRST-log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Eva (administrator) on COMPE on 23-07-2015 20:36:17
Running from C:\Users\Eva\Downloads\eMbahr
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Mouse Suite\PELMICED.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Users\Eva\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Eva\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Program Files\Lenovo\Mouse Suite\ICO.EXE [65536 2009-01-04] (TPMX Electronics Ltd.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-08-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [606208 2009-06-12] (FinePrint Software, LLC)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SHIWebOnDiskManager] => C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2015-02-17] (SHI Elektronische Medien GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzAD (the data entry has 285 more characters).
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Run: [acSecurityLayer] => C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3647360 2013-12-04] (A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\a.sign Client.lnk [2010-02-06]
ShortcutTarget: a.sign Client.lnk -> C:\Program Files\A-Trust GmbH\a.sign Client\ASignLauncher.exe (A-Trust GmbH)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010-02-08]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {FFDBDD4D-F3E4-4239-8D3F-9E4E1C4C7E98} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll [2009-11-22] (PC-Doctor, Inc.)
Toolbar: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\..\Interfaces\{5FA3ADDC-92F6-4931-A86E-7E8E904FB566}: [NameServer] 8.8.8.8,192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-29] (Apple Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdvoServ; C:\Program Files\ADVOKAT\AdvoServ.exe [77824 2009-11-27] () [File not signed]
S2 Archivium; C:\Programme\Archivium\backend\wrapper.exe [204800 2008-02-14] () [File not signed]
S2 backend; C:\Programme\Archivium\\apache-tomcat-6\bin\tomcat6.exe [74752 2012-12-01] (Apache Software Foundation) [File not signed]
S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [654640 2009-04-15] (REINER SCT)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
S2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited) [File not signed]
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [23040 2007-05-31] (REINER SCT)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [18944 2009-04-21] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Eva\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\5DC9.tmp [X]
S1 MpKslbffd80ef; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03BA0966-79ED-4DB0-9DCA-0DF5AE070F2C}\MpKslbffd80ef.sys [X]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 20:30 - 2015-07-23 20:30 - 00013479 _____ C:\Users\Eva\Desktop\JRT.txt
2015-07-22 09:34 - 2015-07-22 09:34 - 00042865 _____ C:\Users\Eva\Downloads\kta_ei.dat
2015-07-21 22:45 - 2015-07-21 22:47 - 00000000 ____D C:\AdwCleaner
2015-07-21 22:37 - 2015-07-21 22:37 - 08117032 _____ (TeamViewer) C:\Users\Eva\Downloads\TeamViewer_Host_Setup-jkf.exe
2015-07-21 08:51 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 08:51 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 18:05 - 2015-07-20 18:05 - 00000000 ____D C:\Users\Eva\AppData\Local\CEF
2015-07-20 18:04 - 2015-07-20 18:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-20 18:04 - 2015-07-20 18:04 - 00002028 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-20 18:03 - 2015-07-20 18:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-20 18:00 - 2015-07-20 18:00 - 79461560 _____ (Adobe Systems Incorporated) C:\Users\Eva\Downloads\AcroRdrDC1500820082_de_DE.exe
2015-07-20 17:49 - 2015-07-20 17:49 - 01190632 _____ (Adobe Systems Incorporated) C:\Users\Eva\Downloads\readerdc_de_ha_install.exe
2015-07-19 21:04 - 2015-07-19 21:04 - 00019596 _____ C:\ComboFix.txt
2015-07-19 20:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-19 20:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-19 20:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-19 20:50 - 2015-07-19 21:04 - 00000000 ____D C:\Qoobox
2015-07-19 20:50 - 2015-07-19 21:03 - 00000000 ____D C:\Windows\erdnt
2015-07-19 14:26 - 2015-07-19 23:24 - 00000000 ____D C:\Program Files\Sophos
2015-07-19 14:14 - 2015-07-19 14:15 - 00000000 ____D C:\Users\Eva\AppData\Roaming\QuickScan
2015-07-19 11:30 - 2015-07-19 11:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-18 23:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-18 23:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-18 23:26 - 2015-07-18 23:27 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-18 11:33 - 2015-07-18 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 11:32 - 2015-07-21 22:15 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 11:32 - 2015-07-19 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-18 11:31 - 2015-07-23 20:36 - 00000000 ___HD C:\Users\Eva\Downloads\eMbahr
2015-07-18 11:31 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-18 11:09 - 2015-07-19 10:47 - 00000000 ____D C:\Users\Eva\Downloads\RevoUninstallerPortable
2015-07-17 18:31 - 2015-07-23 20:36 - 00000000 ____D C:\FRST
2015-07-17 18:27 - 2015-07-17 18:27 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-07-15 01:49 - 2015-07-09 19:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 01:49 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 01:49 - 2015-07-09 19:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 01:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 01:49 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 01:49 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 01:49 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 01:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 01:49 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 01:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 01:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 01:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 01:49 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 01:49 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 01:49 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 01:49 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 01:49 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 01:49 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 01:49 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 01:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 01:48 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 01:48 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 01:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 01:48 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 01:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 01:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 01:48 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 01:48 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 01:48 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 01:48 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 01:48 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 01:48 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 01:48 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 01:48 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 01:48 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 01:48 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 01:48 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 01:48 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 01:48 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 01:48 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 01:48 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 01:48 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 01:48 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 01:48 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 01:48 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 01:48 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 01:48 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-07 10:16 - 2015-07-07 10:16 - 00000000 ____D C:\Users\Eva\AppData\Local\Macromedia
2015-07-07 09:58 - 2015-07-07 09:58 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00001116 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Eva\Downloads\SysinternalsSuite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 20:14 - 2010-04-21 11:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-23 18:05 - 2010-02-08 16:24 - 00000000 ____D C:\Program Files\ADVOKAT
2015-07-23 15:59 - 2010-03-17 12:21 - 00000000 ____D C:\Users\Eva\temp
2015-07-23 12:35 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 12:35 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 10:19 - 2014-04-23 17:17 - 00008996 _____ C:\Users\Eva\3.mbs.txt
2015-07-23 09:16 - 2009-11-24 19:02 - 01132647 _____ C:\Windows\WindowsUpdate.log
2015-07-23 09:03 - 2010-02-06 19:15 - 00000340 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-23 08:34 - 2010-04-21 11:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-23 08:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 08:34 - 2009-07-14 06:39 - 00154044 _____ C:\Windows\setupact.log
2015-07-22 03:04 - 2009-07-14 06:33 - 00592624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 18:08 - 2014-04-01 14:42 - 00013181 _____ C:\Users\Eva\1.mbs.txt
2015-07-21 17:20 - 2009-07-21 07:30 - 01776724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 08:55 - 2009-11-24 19:05 - 00000000 ____D C:\ProgramData\Adobe
2015-07-20 18:08 - 2010-02-06 17:48 - 00207218 _____ C:\Windows\PFRO.log
2015-07-20 18:05 - 2010-02-06 20:05 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-07-20 18:05 - 2010-02-06 18:24 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Adobe
2015-07-20 18:03 - 2009-11-24 19:05 - 00000000 ____D C:\Program Files\Adobe
2015-07-19 21:04 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-19 21:01 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-19 11:27 - 2012-04-20 17:02 - 00000000 ____D C:\Program Files\NCH Software
2015-07-19 11:23 - 2011-11-07 16:43 - 00000000 ____D C:\Program Files\Veritas
2015-07-19 11:05 - 2013-10-29 10:27 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-19 11:05 - 2013-04-27 10:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 10:56 - 2010-04-21 11:04 - 00000000 ____D C:\Program Files\Google
2015-07-19 10:48 - 2011-11-07 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Veritas
2015-07-19 10:45 - 2012-04-20 17:02 - 00000000 ____D C:\Users\Eva\AppData\Roaming\NCH Software
2015-07-19 08:56 - 2010-04-21 11:05 - 00000000 ____D C:\Users\Eva\AppData\Local\Google
2015-07-17 18:27 - 2010-02-06 17:55 - 00000000 ____D C:\Users\Eva
2015-07-17 03:01 - 2015-04-04 23:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-15 04:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:31 - 2014-12-10 21:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:31 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-15 03:14 - 2013-08-04 06:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 03:07 - 2009-11-24 19:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-09 18:00 - 2014-06-29 22:25 - 00004500 _____ C:\Users\Eva\9.mbs.txt
2015-07-08 09:07 - 2014-03-18 13:13 - 00004498 _____ C:\Users\Eva\8.mbs.txt
2015-07-07 09:58 - 2010-02-06 18:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-03 08:49 - 2010-02-06 18:09 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 17:37 - 2014-03-12 07:06 - 00004498 _____ C:\Users\Eva\2.mbs.txt
2015-06-30 18:10 - 2014-06-20 15:19 - 00004498 _____ C:\Users\Eva\0.mbs.txt
2015-06-26 09:50 - 2014-03-06 12:07 - 00004500 _____ C:\Users\Eva\6.mbs.txt
2015-06-25 15:29 - 2014-02-25 13:09 - 00008996 _____ C:\Users\Eva\5.mbs.txt
2015-06-23 13:27 - 2010-02-06 18:09 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-04-20 17:25 - 2012-04-20 17:40 - 0000463 _____ () C:\Users\Eva\AppData\Roaming\burnaware.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 12:27

==================== End of log ============================
         


Gruß,
Gödel

Geändert von goedel (23.07.2015 um 20:39 Uhr)

Antwort

Themen zu Wahrscheinlich Banking-Trojaner eingefangen
aufruf, benutzerkonto, besuch, betrieb, eigener, eingefangen, einloggen, fenster, firefox, folge, gen, guten, ide, identifizierung, installation, meldung, mobile, modernisierung, rechner, scan, sicherheit, virenscan, wahrscheinlich, zugang, zusätzliche, öffnet



Ähnliche Themen: Wahrscheinlich Banking-Trojaner eingefangen


  1. Wahrscheinlich DHL-Virus/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (2)
  2. Wahrscheinlich ein aggressiver Trojaner
    Log-Analyse und Auswertung - 22.05.2014 (8)
  3. Hallo, Adware wahrscheinlich wieder eingefangen..
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (4)
  4. Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (33)
  5. Wahrscheinlich Tatanga eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (4)
  6. Bundestrojaner eingefangen - Online Banking-Meldung
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (11)
  7. Wahrscheinlich Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (16)
  8. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  9. Eingabe von 40 TAN bei online-banking, Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2011 (23)
  10. Wahrscheinlich Trojaner auf PC
    Log-Analyse und Auswertung - 21.09.2010 (9)
  11. Mein PC hat sich wahrscheinlich einen Trojaner eingefangen...
    Log-Analyse und Auswertung - 16.09.2010 (17)
  12. Wahrscheinlich Trojaner
    Log-Analyse und Auswertung - 13.07.2010 (5)
  13. Wahrscheinlich Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2009 (10)
  14. wahrscheinlich trojaner
    Log-Analyse und Auswertung - 30.11.2008 (7)
  15. Wahrscheinlich ein Trojaner???
    Log-Analyse und Auswertung - 22.03.2008 (7)
  16. Wahrscheinlich W32/Agobot-TB eingefangen - HiJackThis Log-File -
    Log-Analyse und Auswertung - 08.01.2007 (5)

Zum Thema Wahrscheinlich Banking-Trojaner eingefangen - Hallo und guten Abend, so wie es ausschaut habe ich auf meinem Rechner, Win-7, 32-Bit-Kiste, (Kleinstbetrieb ohne kommerziellen IT-Support, geschweige denn eigener IT-Abteilung - ich hoffe dass ich hiermit unter - Wahrscheinlich Banking-Trojaner eingefangen...
Archiv
Du betrachtest: Wahrscheinlich Banking-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.