Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner mitb_12 (?) beim Onlinebanking fordert TAN an (https://www.trojaner-board.de/155175-trojaner-mitb_12-beim-onlinebanking-fordert-tan.html)

uaf 13.06.2014 10:14
Trojaner mitb_12 (?) beim Onlinebanking fordert TAN an
 
Stichworte: Trojaner mitb_12 (?) beim Onlinebanking fordert TAN an

Hallo,
da ich das erste mal hier bin bitte ich evtl fehlende Infos zu entschuldigen aber ich versuch mein Bestes.
Ich nutze meinen PC gewerblich (1-Mann Firma) aber dennoch möchte ich es gleich sagen.
"Ausname für gewerblich genutzte Rechner, dann teile dies deutlich mit!"
Wenn Kosten anfallen bitte ich darum, mir dies vorher mitzuteilen, damit ich noch entscheiden kann ob ich es mir leisten kann.

Der Fehler war höchstwahrscheinlich, dass ich einige Zeit vorher eine Zip-Datei in einer Mail doppelt geklickt habe, die als Fax aus Berlin bezeichnet war. Da ich blöderweise genau an diesem Tag ein Fax aus Berlin erwartet habe und dachte, das die es ist ist mir dieser Schnitzer passiert. MIST!

Also am 3.6. bekam ich plötzlich ne SMS dass ich die TAN xxxxxx für eine Überweisung im Onlinebankin (VR-Networld) eingeben soll um 8998 EUR auf ein Konto nach englang zu bezahlen (die SEPA begann mit GB...)
ich habe sofort bei der Bank angerufen und die sagten mir, dass ein soge4nannter Trojaner Namens mitb_12 unterwegs ist und wohl auch auf meinem PC. Daraufhin wurde der online Zugang gesperrt.

Microsoft Security Essentials läuft sowieso auf meinem PC
(Antimalware-Clientversion: 4.4.304.0
Modulversion: 1.1.10600.0
Antivirusdefinition: 1.175.1942.0
Antispywaredefinition: 1.175.1942.0
Version des Moduls des Netzwerkinspektionssystems: 2.1.10502.0
Version der Definition des Netzwerkinspektionssystems: 111.22.0.0)

Ich hab dann Malwarebytes' Anti Malware runter geladen (Testversion 2.0.2.1012) und die software hat auch 3 x Malware gefunden, die ich alle gelöscht habe. Die Logfiles hierfür sind in der Software vorhanden, ich habe die xml Dateien in txt umbenannt.
Im Moment lass ich beide Scanner nochmal nacheinander laufen (Microsoft zuerst mit aktualisierten Definitionen, dann Malwarebytes) um zu sehen ob wieder was da ist.
DENN:
Nachdem ich der Bank sagte, dass die Schäfdlinge entfernt sind (laut Malwarebytes' Anti Malware) haben die mich wieder für das Onlinebanking frei geschalten.

Am nächsten Tag kam ein Anruf von der Bank, dass ich wohl immer noch einen Virus hätte und sie jezt das Online Banking komplett sperren.

Meinen PC komplett neu aufzusetzen ist eine wahnsinns Arbeit, ich würde nur gerbne wissen, ob ich irgendwie feststellen kann, ob der / die Trojaner noch da sind.

Vielen herzlichen Dank.

schrauber 13.06.2014 11:44
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

uaf 14.06.2014 11:05
Danke für die schnelle antwort, hier die Logs:
-----GMER:
[CODE]
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-13 10:52:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC45 232,83GB
Running: Gmer-19357.exe; Driver: C:\Users\UWEFRA~1\AppData\Local\Temp\kxldqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528  fffff80002bab000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575  fffff80002bab02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- EOF - GMER 2.1 ----
--- --- ---




----FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by uwefraass (administrator) on CHEF-PC on 11-06-2014 15:29:39
Running from C:\temp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(telegate MEDIA AG) C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk -> C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe (telegate MEDIA AG)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: [NameServer]192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Password Exporter - C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-03-04]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-04] (Adobe Systems) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 15:29 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 12:03 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:03 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 12:03 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 12:03 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 12:03 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 12:03 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 12:01 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 12:01 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 12:01 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 12:01 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 12:01 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 12:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 12:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 12:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 12:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 12:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 12:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 ____D () C:\Users\uwefraass\Documents\Updater
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 09:58 - 2014-06-04 09:59 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 18:57 - 2014-06-11 15:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 18:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 18:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:30 - 2014-05-30 15:37 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:25 - 2014-05-29 11:44 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:25 - 2014-05-29 11:44 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-24 15:43 - 2014-05-24 15:44 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:41 - 2014-05-19 13:42 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk
2014-05-14 15:06 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 15:06 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 15:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 15:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 15:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 15:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 15:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 15:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 15:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 15:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 15:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 15:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 15:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 15:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 15:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 15:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 15:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 15:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 15:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 15:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 15:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-11 15:30 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Temp
2014-06-11 15:29 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-06-11 15:29 - 2014-03-03 22:27 - 00000000 ____D () C:\temp
2014-06-11 15:29 - 2014-03-03 19:11 - 01842976 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 15:27 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass
2014-06-11 15:17 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 15:17 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 15:16 - 2014-06-03 18:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 15:16 - 2014-03-04 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 15:16 - 2014-03-04 14:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-11 15:09 - 2014-03-06 19:55 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-11 15:09 - 2014-03-06 19:54 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-11 15:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 15:08 - 2014-03-05 16:37 - 00015484 _____ () C:\Windows\PFRO.log
2014-06-11 15:08 - 2009-07-14 06:51 - 00034062 _____ () C:\Windows\setupact.log
2014-06-11 15:06 - 2014-03-04 20:27 - 00000000 ____D () C:\Immobilien
2014-06-11 14:59 - 2014-03-06 19:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-10 15:36 - 2014-03-04 16:42 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\Adobe
2014-06-10 15:20 - 2009-07-14 19:58 - 00657428 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 15:20 - 2009-07-14 19:58 - 00130818 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 15:20 - 2009-07-14 07:13 - 01507104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 15:03 - 2014-03-06 13:13 - 00002772 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-10 15:03 - 2014-03-06 13:13 - 00002695 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-07 16:51 - 2014-03-06 19:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 16:48 - 2009-07-14 06:45 - 00304088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-06 14:01 - 2014-03-06 19:55 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2014-03-06 19:55 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 14:01 - 2014-03-06 19:54 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-04 15:43 - 2014-03-04 14:59 - 00069024 _____ () C:\Users\uwefraass\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:11 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Adobe
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 ____D () C:\Users\uwefraass\Documents\Updater
2014-06-04 10:05 - 2014-03-05 12:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:03 - 2014-03-04 14:59 - 00000000 ___RD () C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 10:01 - 2014-03-05 12:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-04 09:59 - 2014-06-04 09:58 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:37 - 2014-05-30 15:30 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:44 - 2014-05-29 11:25 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:44 - 2014-05-29 11:25 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-28 20:53 - 2014-06-11 12:01 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 20:37 - 2014-06-11 12:01 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 20:35 - 2014-06-11 12:01 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 20:30 - 2014-06-11 12:01 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 20:30 - 2014-06-11 12:01 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 20:29 - 2014-06-11 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 20:28 - 2014-06-11 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 20:28 - 2014-06-11 12:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 20:27 - 2014-06-11 12:01 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 18:48 - 2014-06-11 12:01 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 18:39 - 2014-06-11 12:01 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 18:38 - 2014-06-11 12:01 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 18:33 - 2014-06-11 12:01 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 18:32 - 2014-06-11 12:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 12:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 12:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 12:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 18:29 - 2014-06-11 12:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 12:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-27 15:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-26 12:39 - 2014-04-23 09:06 - 00005632 _____ () C:\Users\uwefraass\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 15:44 - 2014-05-24 15:43 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:42 - 2014-05-19 13:41 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk
2014-05-14 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 15:29 - 2014-03-04 14:59 - 00000000 ___RD () C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 15:14 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 15:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 07:16 - 2014-03-04 16:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 07:16 - 2014-03-04 16:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 07:16 - 2014-03-04 16:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-03 18:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 18:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 18:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat


Some content of TEMP:
====================
C:\Users\uwefraass\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\uwefraass\AppData\Local\Temp\InstallAX.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:23

==================== End Of Log ============================
--- --- ---



---Addition.log
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by uwefraass at 2014-06-11 15:30:50
Running from C:\temp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ACDSee 8 (HKLM-x32\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.1.100 - ACD Systems Ltd.)
ActiveTrader Deutschland (HKLM-x32\...\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}) (Version: 6.1.1 - Cortal Consors)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader 9 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Browser-Plug-In für BlackBerry World (HKLM-x32\...\{5C02D7F0-68DB-4D27-9603-1C96EF01C8D8}) (Version: 10.2.172.7 - Research In Motion Limited)
CaptureWizPro 3.A0 (HKLM-x32\...\CaptureWiz) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Free DWG Viewer 7.2 (HKLM-x32\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.69 - IGC)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 (HKLM-x32\...\{39D6D822-4BB4-46D5-90C8-8C1E5837CEBD}) (Version: 1.00.0000 - telegate MEDIA AG)
KONICA MINOLTA magicolor 1690MF (HKLM\...\KONICA MINOLTA magicolor 1690MF) (Version:  - )
KONICA MINOLTA magicolor 1690MF Scanner (HKLM-x32\...\InstallShield_{23E68747-DA44-4EF1-A70E-3ECC8A5F7A6B}) (Version:  - )
KONICA MINOLTA magicolor 1690MF Scanner (Version: 1.00.0000 - KONICA MINOLTA) Hidden
KONICA MINOLTA mc1690MF (FAX) (HKLM-x32\...\{37599606-D472-446A-9646-B13CE8A55BB5}) (Version:  - )
Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{2C41394E-E15B-47DC-B33C-54D33EA85B68}) (Version: 15.00.00.0005 - Haufe-Lexware GmbH & Co.KG)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PS Password Keeper 1.83 (HKLM-x32\...\{44256328-D529-4728-9E8E-90CCBE90C2BB}_is1) (Version: 1.83 - PolarSoft)
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Ihr Firmenname)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.6 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (x32 Version: 6.0.5601.6 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

17-05-2014 13:25:28 Windows Update
20-05-2014 22:00:57 Windows Update
24-05-2014 00:14:30 Windows Update
27-05-2014 17:35:12 Windows Update
30-05-2014 23:45:59 Windows Update
03-06-2014 22:11:12 Windows Update
04-06-2014 08:00:57 Installed Adobe Photoshop CS2
07-06-2014 14:59:41 Windows Update
10-06-2014 22:46:32 Windows Update
11-06-2014 10:00:40 Windows Update
11-06-2014 13:00:11 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {205D9565-85D9-4FC4-9BBF-8D50E6FA8B78} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {F39AFEE6-8666-432A-B44E-B799F2E5E250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-04 20:51 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-04-07 10:40 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu
2014-04-07 10:40 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
2014-03-05 18:45 - 2002-01-17 21:54 - 00059904 ____N () C:\Program Files (x86)\CaptureWiz\Pro\NewProcs.dll
2014-05-10 15:53 - 2014-05-10 15:54 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 07:16 - 2014-05-14 07:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: TOSHIBA e-STUDIO Series
Description: TOSHIBA e-STUDIO Series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2014 11:40:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/11/2014 11:40:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/10/2014 06:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0, Zeitstempel: 0x4c1c2372
Name des fehlerhaften Moduls: OUTLLIB.dll, Version: 11.0.8330.0, Zeitstempel: 0x4cb60a62
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00197d1c
ID des fehlerhaften Prozesses: 0x1080
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (06/10/2014 00:32:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/10/2014 00:32:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/09/2014 00:32:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/09/2014 00:32:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/08/2014 00:31:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/08/2014 00:31:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/07/2014 05:35:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/11/2014 03:10:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/07/2014 04:49:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/03/2014 07:13:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/03/2014 07:10:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/24/2014 10:45:48 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/23/2014 07:40:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/19/2014 02:56:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/19/2014 00:07:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/14/2014 03:16:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/13/2014 11:09:48 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (06/11/2014 11:40:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (06/11/2014 11:40:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (06/10/2014 06:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372OUTLLIB.dll11.0.8330.04cb60a62c000000500197d1c108001cf826d8d59f259C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLLIB.dlla0ce2ba5-f0b8-11e3-8f9a-00262d232023

Error: (06/10/2014 00:32:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (06/10/2014 00:32:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (06/09/2014 00:32:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (06/09/2014 00:32:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (06/08/2014 00:31:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (06/08/2014 00:31:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (06/07/2014 05:35:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3036.8 MB
Available physical RAM: 1443.22 MB
Total Pagefile: 6071.79 MB
Available Pagefile: 4189.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:178.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 98DEB064)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- defogger_disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 11/06/2014 (uwefraass)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

---malwarebytes...(File 1)
Code:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/06/03 18:57:45 +0200</date>
<logfile>mbam-log-2014-06-03 (18-57-43).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.06.03.05</malware-database>
<rootkit-database>v2014.06.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>uwefraass</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>329084</objects>
<time>693</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-715309621-2808863863-679364080-1146-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>71a0007412694de9123aa12a51b29e62</hash></key>
<file><path>C:\Users\uwefraass\AppData\Local\Temp\is-90U0S.tmp\OCSetupHlp.dll</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>ec25a3d1e19a11252752494205ff04fc</hash></file>
<file><path>C:\Users\uwefraass\Downloads\Adobe_Acrobat_9_Pro_Extended.exe</path><vendor>PUP.Optional.OneClickDownloader.A</vendor><action>success</action><hash>5ab7e39162192a0c0694e52e4fb2718f</hash></file>
</items>
</mbam-log>


---malwarebytes...(File 2)
Code:
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:04.818283+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="f0b58134-aaaf-4c4c-b6b2-6bc45f313d1f" result="Starting" subtype="Malware Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:04.858283+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="6265f5c0-5ddd-48b1-96be-e10b7de6c58d" result="Started" subtype="Malware Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:04.878283+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="b88d1cb0-02a2-42bc-8625-69ca528cd256" result="Starting" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="1" datetime="2014-06-03T18:57:13.282375+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CHEF-PC" fromVersion="2014.2.20.1" last_modified_tag="34abf953-9aa6-46b6-ac95-fa83e6854bca" name="Rootkit Database" toVersion="2014.6.2.1"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:16.140425+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="16393c5e-b405-439a-8a39-efccb81b5e8c" result="Started" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="1" datetime="2014-06-03T18:57:24.980513+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CHEF-PC" fromVersion="2014.3.4.9" last_modified_tag="48575080-e5c7-42e9-9b31-1df4b262b443" name="Malware Database" toVersion="2014.6.3.5"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:26.274535+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="fae6a9d0-2cda-4238-9626-72b0ddfb3dae" result="Starting" subtype="Refresh"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:26.274535+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="dd55c326-9808-4e70-8829-f99e1a32e9a8" result="Stopping" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:26.304535+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="dc099694-d6d1-4630-84a9-9fe1ed8abd49" result="Stopped" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:30.474587+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="be8216af-6184-4f50-ac44-c605318b1f6c" result="Success" subtype="Refresh"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:30.510588+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="95eb987a-5597-497e-8293-6f14e0937428" result="Starting" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T18:57:30.800591+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="e7aeb59a-45ec-4141-aee4-dae525e955a0" result="Started" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:12:24.637053+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="43623238-13b2-4fef-b4f2-bf0767c9c530" result="Starting" subtype="Malware Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:12:24.683853+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="f438f5d2-ec83-4887-b330-5feb39bcd53c" result="Started" subtype="Malware Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:12:24.730653+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="2415b316-f266-4a48-9d1c-77c93172dd49" result="Starting" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:12:56.445509+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="43093c46-33a5-48a1-b4c7-4e4feb6bfcbf" result="Started" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="1" datetime="2014-06-03T19:19:06.374903+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CHEF-PC" fromVersion="2014.6.3.5" last_modified_tag="ca5e8408-3abd-45d1-96cb-1147887dada0" name="Malware Database" toVersion="2014.6.3.6"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:01.409421+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="64f77447-e17a-4e63-a00e-fc4e4deaea35" result="Starting" subtype="Refresh"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:01.417416+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="6b9ed800-a9fd-4eb7-9d72-628d72c0c5f8" result="Stopping" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:01.466381+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="47836be8-137c-4f5e-bc1f-bc47728058ce" result="Stopped" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:06.564810+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="250c9014-1480-47a9-9131-44abe368f3b0" result="Success" subtype="Refresh"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:06.650750+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="1e4db81d-5c65-4724-bbd7-2720fb4a7628" result="Starting" subtype="Malicious Website Protection"></record>
  <record severity="debug" LoggingEventType="2" datetime="2014-06-03T19:20:07.506150+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CHEF-PC" last_modified_tag="acf9fc6c-0023-4a8d-990e-92638417d3f6" result="Started" subtype="Malicious Website Protection"></record>
</logs>


Schönes Weekend allen die es lesen.

schrauber 15.06.2014 06:08
Unsere Tools bite wie beschrieben auf dem Desktop speichern. FRST löschen neu laden.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

uaf 16.06.2014 12:42
Hier nochmals die neue Log-Dateien.
(Exe am Desktop gespeichert, Logstaei auch)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by uwefraass (administrator) on CHEF-PC on 16-06-2014 13:37:41
Running from C:\Users\uwefraass\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(telegate MEDIA AG) C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\java.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk -> C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe (telegate MEDIA AG)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: [NameServer]192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Password Exporter - C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-03-04]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-04] (Adobe Systems) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                        )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 13:37 - 2014-06-16 13:37 - 02081280 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-06-16 13:37 - 00013083 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-16 13:37 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-13 13:24 - 2014-06-13 13:28 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:24 - 2002-06-13 10:56 - 00315444 _____ () C:\Windows\SysWOW64\isdnapi32.dll
2014-06-13 13:24 - 2002-06-13 10:55 - 00262194 _____ (Auerswald GmbH & Co. KG) C:\Windows\SysWOW64\tpapi32.dll
2014-06-13 13:24 - 2001-01-22 15:52 - 00049152 _____ () C:\Windows\SysWOW64\AuerCapiJNINative.dll
2014-06-13 13:24 - 2000-07-26 10:40 - 00032768 _____ () C:\Windows\SysWOW64\AuerUsbJNINative.dll
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:48 - 2014-06-13 12:49 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 11:02 - 2014-06-13 11:02 - 00041204 _____ () C:\Users\uwefraass\Desktop\FRST.log
2014-06-13 09:32 - 2014-06-13 10:52 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 19:02 - 2014-06-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-12 18:56 - 2014-06-13 13:25 - 00000000 ____D () C:\Auerswald
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 16:13 - 2014-06-13 11:15 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-11 15:29 - 2014-06-16 13:37 - 00000000 ____D () C:\FRST
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 12:03 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:03 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 12:03 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 12:03 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 12:03 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 12:03 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 12:01 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 12:01 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 12:01 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 12:01 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 12:01 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 12:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 12:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 12:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 12:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 12:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 12:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 ____D () C:\Users\uwefraass\Documents\Updater
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 09:58 - 2014-06-04 09:59 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 18:57 - 2014-06-13 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 18:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 18:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:30 - 2014-05-30 15:37 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:25 - 2014-05-29 11:44 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:25 - 2014-05-29 11:44 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-24 15:43 - 2014-05-24 15:44 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:41 - 2014-05-19 13:42 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk

==================== One Month Modified Files and Folders =======

2014-06-16 13:38 - 2014-06-16 13:37 - 00013083 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-16 13:38 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Temp
2014-06-16 13:37 - 2014-06-16 13:37 - 02081280 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-16 13:37 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-06-16 13:30 - 2014-03-03 22:27 - 00000000 ____D () C:\temp
2014-06-16 13:21 - 2014-03-04 14:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-16 13:16 - 2014-03-04 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 13:07 - 2014-03-03 19:11 - 02011029 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 12:46 - 2014-03-06 19:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-16 12:12 - 2009-07-14 19:58 - 00657428 _____ () C:\Windows\system32\perfh007.dat
2014-06-16 12:12 - 2009-07-14 19:58 - 00130818 _____ () C:\Windows\system32\perfc007.dat
2014-06-16 12:12 - 2009-07-14 07:13 - 01507104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 11:43 - 2014-03-06 13:13 - 00002926 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-16 11:43 - 2014-03-06 13:13 - 00002849 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-14 11:56 - 2014-03-04 20:27 - 00000000 ____D () C:\Immobilien
2014-06-13 13:28 - 2014-06-13 13:24 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:28 - 2014-06-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-13 13:25 - 2014-06-12 18:56 - 00000000 ____D () C:\Auerswald
2014-06-13 13:24 - 2014-03-05 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 13:04 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 13:04 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 12:56 - 2014-03-06 19:55 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-13 12:56 - 2014-03-06 19:54 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-13 12:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 12:56 - 2009-07-14 06:51 - 00034286 _____ () C:\Windows\setupact.log
2014-06-13 12:49 - 2014-06-13 12:48 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 12:38 - 2014-06-03 18:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 12:35 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 11:15 - 2014-06-11 16:13 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 11:02 - 2014-06-13 11:02 - 00041204 _____ () C:\Users\uwefraass\Desktop\FRST.log
2014-06-13 10:52 - 2014-06-13 09:32 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 16:47 - 2014-03-04 16:42 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\Adobe
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 15:27 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass
2014-06-11 15:08 - 2014-03-05 16:37 - 00015484 _____ () C:\Windows\PFRO.log
2014-06-07 16:51 - 2014-03-06 19:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 16:48 - 2009-07-14 06:45 - 00304088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-06 14:01 - 2014-03-06 19:55 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2014-03-06 19:55 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 14:01 - 2014-03-06 19:54 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-04 15:43 - 2014-03-04 14:59 - 00069024 _____ () C:\Users\uwefraass\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:11 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Adobe
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 ____D () C:\Users\uwefraass\Documents\Updater
2014-06-04 10:05 - 2014-03-05 12:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:03 - 2014-03-04 14:59 - 00000000 ___RD () C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 10:01 - 2014-03-05 12:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-04 09:59 - 2014-06-04 09:58 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:37 - 2014-05-30 15:30 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:44 - 2014-05-29 11:25 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:44 - 2014-05-29 11:25 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-28 20:53 - 2014-06-11 12:01 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 20:37 - 2014-06-11 12:01 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 20:35 - 2014-06-11 12:01 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 20:30 - 2014-06-11 12:01 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 20:30 - 2014-06-11 12:01 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 20:29 - 2014-06-11 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 20:28 - 2014-06-11 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 20:28 - 2014-06-11 12:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 20:27 - 2014-06-11 12:01 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 18:48 - 2014-06-11 12:01 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 18:39 - 2014-06-11 12:01 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 18:38 - 2014-06-11 12:01 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 18:33 - 2014-06-11 12:01 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 18:32 - 2014-06-11 12:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 12:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 12:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 12:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 18:29 - 2014-06-11 12:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 12:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-27 15:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-26 12:39 - 2014-04-23 09:06 - 00005632 _____ () C:\Users\uwefraass\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 15:44 - 2014-05-24 15:43 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:42 - 2014-05-19 13:41 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk

Files to move or delete:
====================
C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat


Some content of TEMP:
====================
C:\Users\uwefraass\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\uwefraass\AppData\Local\Temp\InstallAX.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:23

==================== End Of Log ============================
--- --- ---

schrauber 17.06.2014 09:23
dann jetzt Combofix bitte :)

uaf 17.06.2014 09:56
Code:
Combofix Logfile:

       
Code:

       
ComboFix 14-06-16.01 - uwefraass 17.06.2014  10:30:53.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3037.1462 [GMT 2:00]
ausgeführt von:: c:\users\uwefraass\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-17 bis 2014-06-17  ))))))))))))))))))))))))))))))
.
.
2014-06-17 08:36 . 2014-06-17 08:36        --------        d-----w-        c:\users\uwefraass.Chef-PC\AppData\Local\temp
2014-06-17 08:36 . 2014-06-17 08:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-17 00:23 . 2014-06-17 00:23        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAE55EFE-8EB0-4E7F-8E60-5993C8CEAA6E}\offreg.dll
2014-06-17 00:22 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAE55EFE-8EB0-4E7F-8E60-5993C8CEAA6E}\mpengine.dll
2014-06-16 20:57 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 11:24 . 2014-06-13 11:28        --------        d-----w-        c:\program files (x86)\Auerswald
2014-06-13 11:24 . 2002-06-13 08:56        315444        ----a-w-        c:\windows\SysWow64\isdnapi32.dll
2014-06-13 11:24 . 2002-06-13 08:55        262194        ----a-w-        c:\windows\SysWow64\tpapi32.dll
2014-06-13 11:24 . 2001-01-22 13:52        49152        ----a-w-        c:\windows\SysWow64\AuerCapiJNINative.dll
2014-06-13 11:24 . 2000-07-26 08:40        32768        ----a-w-        c:\windows\SysWow64\AuerUsbJNINative.dll
2014-06-13 10:46 . 2003-11-10 16:14        729088        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-06-13 10:46 . 2003-11-10 16:13        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-06-13 10:46 . 2003-11-10 16:12        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-06-13 10:46 . 2003-11-10 16:12        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-06-13 10:46 . 2003-11-10 16:11        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-06-13 10:46 . 2003-11-10 16:10        32768        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-06-13 10:46 . 2014-06-13 10:46        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-06-13 10:46 . 2014-06-13 10:46        188548        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-06-13 08:55 . 2014-05-02 10:32        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26A75AD8-A142-438C-86F7-602DA9C2196D}\gapaengine.dll
2014-06-12 16:56 . 2014-06-13 11:25        --------        d-----w-        C:\Auerswald
2014-06-11 13:29 . 2014-06-16 11:38        --------        d-----w-        C:\FRST
2014-06-11 10:01 . 2014-05-28 18:28        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2014-06-04 08:03 . 2014-06-04 08:03        --------        d-----w-        c:\program files (x86)\Common Files\Adobe Systems Shared
2014-06-04 07:58 . 2014-06-04 07:59        --------        d-----w-        C:\PhSp_CS2_UE_Ret
2014-06-03 16:57 . 2014-06-13 10:38        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-03 16:56 . 2014-06-03 16:56        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-03 16:56 . 2014-06-03 16:56        --------        d-----w-        c:\programdata\Malwarebytes
2014-06-03 16:56 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-06-03 16:56 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-06-03 16:56 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-06-03 16:51 . 2014-06-03 16:51        --------        d-----w-        c:\programdata\Licenses
2014-06-03 16:47 . 2014-06-03 16:47        --------        d-----w-        c:\programdata\Simply Super Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-06 12:01 . 2014-03-06 17:55        107368        ----a-w-        c:\windows\system32\LMIRfsClientNP.dll
2014-06-06 12:01 . 2014-03-06 17:55        35656        ----a-w-        c:\windows\system32\LMIport.dll
2014-06-06 12:01 . 2014-03-06 17:54        92488        ----a-w-        c:\windows\system32\LMIinit.dll
2014-05-14 05:16 . 2014-03-04 14:42        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 05:16 . 2014-03-04 14:42        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 10:32 . 2014-03-05 22:06        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-18 17:56 . 2014-03-06 17:55        107368        ----a-w-        c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-04-12 02:22 . 2014-05-14 13:04        155072        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 13:04        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 13:04        29184        ----a-w-        c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 13:04        136192        ----a-w-        c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 13:04        28160        ----a-w-        c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 13:04        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 13:04        31232        ----a-w-        c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 13:04        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 13:04        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-03-31 01:51 . 2014-03-03 21:58        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-25 17:54 . 2014-03-25 17:54        53248        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\ARPPRODUCTICON.exe
2014-03-25 17:54 . 2014-03-25 17:54        49152        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\UNINST_Uninstall_A_12E15C8FBF2A42F3BDBB8E54EB308A1B.exe
2014-03-25 17:54 . 2014-03-25 17:54        45056        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\NewShortcut5_895908FDF5DE4B02B2DA52FA335D7677.exe
2014-03-25 17:54 . 2014-03-25 17:54        45056        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\NewShortcut4_63CC9B2ECACD4E5B99F65D70FA7984BE.exe
2014-03-25 17:54 . 2014-03-25 17:54        45056        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\NewShortcut3_951F6FCDE2BB4653A3E56FFC5AA64680.exe
2014-03-25 17:54 . 2014-03-25 17:54        45056        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\NewShortcut2_B963F02C68D44A4E8456DDF0B605BB7F.exe
2014-03-25 17:54 . 2014-03-25 17:54        45056        ----a-r-        c:\users\uwefraass\AppData\Roaming\Microsoft\Installer\{0DE75F32-3E22-42F7-B6CD-5A6644581F4E}\NewShortcut1_2324C98D53E04F878B3058BEAD6F43F6.exe
2014-03-25 02:43 . 2014-05-14 13:06        14175744        ----a-w-        c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-30 19:27        294456        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
.
c:\users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CaptureWiz.lnk - c:\program files (x86)\CaptureWiz\Pro\CaptureWiz.exe [2014-3-5 2011168]
Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk - c:\program files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe [2014-3-5 475136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2014-4-5 25214]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-3-5 983552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 auusb;Auerswald ISDN USB Driver;c:\windows\system32\DRIVERS\auusb.sys;c:\windows\SYSNATIVE\DRIVERS\auusb.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-04 05:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-30 19:27        357432        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2013-12-11 57928]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: NameServer = 192.168.0.3
FF - ProfilePath - c:\users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-17  10:43:41
ComboFix-quarantined-files.txt  2014-06-17 08:43
.
Vor Suchlauf: 14 Verzeichnis(se), 191.553.236.992 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 191.606.841.344 Bytes frei
.
- - End Of File - - BA52C3F9E0C21781BE128935BA9DC0C7

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 17.06.2014 11:01
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

uaf 17.06.2014 16:04
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.06.2014
Suchlauf-Zeit: 16:02:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.17.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: uwefraass

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345264
Verstrichene Zeit: 13 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
----------------------------------------------------------
AdwCleaner hat 2 txt Dateien erzeugt
AdwCleaner[R0].txt und AdwCleaner[S0].txt
Hier die AdwCleaner[R0].txt
AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 17/06/2014 um 16:29:17
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : uwefraass - CHEF-PC
# Gestartet von : C:\Users\uwefraass\Desktop\adwcleaner_3.212.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\uwefraass\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\uwefraass\Documents\Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\2ag6b0lj.default\prefs.js ]


[ Datei : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1802 octets] - [17/06/2014 16:29:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1862 octets] ##########
--- --- ---

[/CODE]

----------------------------------------------------------

Hier die AdwCleaner[S0].txt
AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 17/06/2014 um 16:31:27
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : uwefraass - CHEF-PC
# Gestartet von : C:\Users\uwefraass\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\uwefraass\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\uwefraass\Documents\Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\2ag6b0lj.default\prefs.js ]


[ Datei : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1950 octets] - [17/06/2014 16:29:17]
AdwCleaner[S0].txt - [1863 octets] - [17/06/2014 16:31:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1923 octets] ##########
--- --- ---

[/CODE]

----------------------------------------------------------


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by uwefraass on 17.06.2014 at 16:36:51,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\uwefraass\AppData\Roaming\mozilla\firefox\profiles\bn2f83wa.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2014 at 16:43:55,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by uwefraass (administrator) on CHEF-PC on 17-06-2014 16:49:38
Running from C:\Users\uwefraass\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(telegate MEDIA AG) C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk -> C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011\kstart32.exe (telegate MEDIA AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: [NameServer]192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Password Exporter - C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-03-04]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-04] (Adobe Systems) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                        )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 16:43 - 2014-06-17 16:43 - 00000765 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-06-17 16:35 - 00000000 ____D () C:\AdwCleaner
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 16:27 - 2014-06-17 16:27 - 00001159 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 15:40 - 2014-06-17 15:40 - 01333465 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.212.exe
2014-06-17 15:39 - 2014-06-17 15:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\uwefraass\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-06-17 15:25 - 2014-06-17 15:36 - 00224727 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\uwefraass.Chef-PC\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Chef\AppData\Local\temp
2014-06-17 10:27 - 2014-06-17 10:44 - 00000000 ____D () C:\Qoobox
2014-06-17 10:27 - 2014-06-17 10:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-17 10:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-17 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-16 13:37 - 2014-06-17 16:49 - 00012122 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-16 13:37 - 2014-06-16 13:37 - 02081280 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:24 - 2014-06-13 13:28 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:24 - 2002-06-13 10:56 - 00315444 _____ () C:\Windows\SysWOW64\isdnapi32.dll
2014-06-13 13:24 - 2002-06-13 10:55 - 00262194 _____ (Auerswald GmbH & Co. KG) C:\Windows\SysWOW64\tpapi32.dll
2014-06-13 13:24 - 2001-01-22 15:52 - 00049152 _____ () C:\Windows\SysWOW64\AuerCapiJNINative.dll
2014-06-13 13:24 - 2000-07-26 10:40 - 00032768 _____ () C:\Windows\SysWOW64\AuerUsbJNINative.dll
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:48 - 2014-06-13 12:49 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 11:02 - 2014-06-13 11:02 - 00041204 _____ () C:\Users\uwefraass\Desktop\FRST.log
2014-06-13 09:32 - 2014-06-13 10:52 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 19:02 - 2014-06-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-12 18:56 - 2014-06-13 13:25 - 00000000 ____D () C:\Auerswald
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 16:13 - 2014-06-13 11:15 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-11 15:29 - 2014-06-17 16:49 - 00000000 ____D () C:\FRST
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 12:03 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:03 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 12:03 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 12:03 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 12:03 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 12:03 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 12:01 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 12:01 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 12:01 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 12:01 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 12:01 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 12:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 12:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 12:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 12:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 12:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 12:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 09:58 - 2014-06-04 09:59 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 18:57 - 2014-06-17 16:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 18:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 18:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 18:51 - 2014-06-17 10:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:30 - 2014-05-30 15:37 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:25 - 2014-05-29 11:44 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:25 - 2014-05-29 11:44 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-24 15:43 - 2014-05-24 15:44 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:41 - 2014-05-19 13:42 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk

==================== One Month Modified Files and Folders =======

2014-06-17 16:50 - 2014-06-16 13:37 - 00012122 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-17 16:49 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-06-17 16:49 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Temp
2014-06-17 16:43 - 2014-06-17 16:43 - 00000765 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-06-17 16:40 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 16:40 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 16:37 - 2014-06-03 18:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:35 - 2014-06-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-06-17 16:33 - 2014-03-06 19:55 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-17 16:33 - 2014-03-06 19:54 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-17 16:33 - 2014-03-03 19:11 - 01313232 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 16:32 - 2014-03-05 16:37 - 00016590 _____ () C:\Windows\PFRO.log
2014-06-17 16:32 - 2014-03-04 14:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-17 16:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 16:32 - 2009-07-14 06:51 - 00034398 _____ () C:\Windows\setupact.log
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 16:29 - 2014-03-06 19:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-17 16:27 - 2014-06-17 16:27 - 00001159 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-06-17 16:16 - 2014-03-04 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 16:00 - 2009-07-14 19:58 - 00657428 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 16:00 - 2009-07-14 19:58 - 00130818 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 16:00 - 2009-07-14 07:13 - 01507104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 15:42 - 2014-03-03 22:27 - 00000000 ____D () C:\temp
2014-06-17 15:40 - 2014-06-17 15:40 - 01333465 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.212.exe
2014-06-17 15:40 - 2014-06-17 15:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\uwefraass\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-06-17 15:37 - 2014-03-04 20:27 - 00000000 ____D () C:\Immobilien
2014-06-17 15:36 - 2014-06-17 15:25 - 00224727 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:50 - 2014-03-11 19:15 - 01526060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-17 10:44 - 2014-06-17 10:27 - 00000000 ____D () C:\Qoobox
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\uwefraass.Chef-PC\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Chef\AppData\Local\temp
2014-06-17 10:42 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-17 10:41 - 2014-06-17 10:27 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-17 10:33 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-16 16:52 - 2014-03-06 13:13 - 00003003 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-16 16:52 - 2014-03-06 13:13 - 00002926 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-16 13:37 - 2014-06-16 13:37 - 02081280 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:28 - 2014-06-13 13:24 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:28 - 2014-06-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-13 13:25 - 2014-06-12 18:56 - 00000000 ____D () C:\Auerswald
2014-06-13 13:24 - 2014-03-05 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:49 - 2014-06-13 12:48 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 12:35 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 11:15 - 2014-06-11 16:13 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 11:02 - 2014-06-13 11:02 - 00041204 _____ () C:\Users\uwefraass\Desktop\FRST.log
2014-06-13 10:52 - 2014-06-13 09:32 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 16:47 - 2014-03-04 16:42 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\Adobe
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 15:27 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass
2014-06-07 16:51 - 2014-03-06 19:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 16:48 - 2009-07-14 06:45 - 00304088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-06 14:01 - 2014-03-06 19:55 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2014-03-06 19:55 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 14:01 - 2014-03-06 19:54 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-04 15:43 - 2014-03-04 14:59 - 00069024 _____ () C:\Users\uwefraass\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:11 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Adobe
2014-06-04 10:05 - 2014-03-05 12:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:03 - 2014-03-04 14:59 - 00000000 ___RD () C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 10:01 - 2014-03-05 12:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-04 09:59 - 2014-06-04 09:58 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-03 18:56 - 2014-06-03 18:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt
2014-05-30 15:37 - 2014-05-30 15:30 - 223584287 _____ () C:\Users\uwefraass\Desktop\Plaene Faerberstr 2.zip
2014-05-29 11:44 - 2014-05-29 11:25 - 00026112 _____ () C:\Users\uwefraass\Desktop\k18_alt.xls
2014-05-29 11:44 - 2014-05-29 11:25 - 00024576 _____ () C:\Users\uwefraass\Desktop\k31_alt.xls
2014-05-28 20:53 - 2014-06-11 12:01 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 20:37 - 2014-06-11 12:01 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 20:35 - 2014-06-11 12:01 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 20:31 - 2014-06-11 12:01 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 20:30 - 2014-06-11 12:01 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 20:30 - 2014-06-11 12:01 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 20:29 - 2014-06-11 12:01 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 20:29 - 2014-06-11 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 20:28 - 2014-06-11 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 20:28 - 2014-06-11 12:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 20:28 - 2014-06-11 12:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 20:27 - 2014-06-11 12:01 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 18:48 - 2014-06-11 12:01 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 18:39 - 2014-06-11 12:01 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 18:38 - 2014-06-11 12:01 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 18:33 - 2014-06-11 12:01 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 18:32 - 2014-06-11 12:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 12:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 18:31 - 2014-06-11 12:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 12:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 12:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 12:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 12:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 18:29 - 2014-06-11 12:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 12:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-27 15:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-27 14:36 - 2014-05-27 14:36 - 00016114 _____ () C:\Users\uwefraass\Desktop\consors.xls - Verknüpfung.lnk
2014-05-26 12:39 - 2014-04-23 09:06 - 00005632 _____ () C:\Users\uwefraass\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 15:44 - 2014-05-24 15:43 - 00000000 ____D () C:\Users\uwefraass\Desktop\Office
2014-05-21 12:51 - 2014-05-21 12:51 - 00001179 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.lnk
2014-05-20 17:24 - 2014-05-20 17:24 - 00231279 _____ () C:\Users\uwefraass\AppData\Local\census.cache
2014-05-20 17:24 - 2014-05-20 17:24 - 00105184 _____ () C:\Users\uwefraass\AppData\Local\ars.cache
2014-05-20 13:08 - 2014-05-20 13:08 - 00000036 _____ () C:\Users\uwefraass\AppData\Local\housecall.guid.cache
2014-05-19 13:42 - 2014-05-19 13:41 - 00001118 _____ () C:\Users\uwefraass\Desktop\RunAll.lnk
2014-05-19 13:41 - 2014-05-19 13:41 - 00001301 _____ () C:\Users\uwefraass\Desktop\Immo.mde von C auf den Server.lnk

Files to move or delete:
====================
C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat


Some content of TEMP:
====================
C:\Users\uwefraass\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:23

==================== End Of Log ============================
--- --- ---

schrauber 18.06.2014 09:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

uaf 18.06.2014 10:40
ich bin gerade dabei, nur macht ESET seit 20 Minuten nichts. Die Signaturen wurden runter geladen und jetzt steht ESET bei "Computer wird geprüft... / 0 % / geprüfte Dateien: 0 etc

Was kann ich machen?

schrauber 19.06.2014 11:48
Immer noch? Der Scan dauert schon ne Weile.

uaf 20.06.2014 08:59
ich habe den Scan nach über 2 Stunden abgebrochen. Es stand immer noch 0 % da und ich musste auch mal wiederan den PC.
Wie kann ich jetzt weiter machen?

schrauber 21.06.2014 09:04
Lass ESET weg und mach nen Vollscan mit deinem AV Programm.

uaf 23.06.2014 15:26
ich habe es nach dem wochenende heute nochmal mit ESET versucht und heute hat es funktioniert.
Folgende Ergebnisse kamen:

Code:
C:\Immobilien\AddOns\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Immobilien\AddOns\pdfcreator\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll        Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\ravingreyvenBrowserFilter.exe        Variante von MSIL/BrowseFox.B evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\updateravingreyven.exe        Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\ravingreyven.BrowserAdapter.exe        Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\ravingreyven.PurBrowse64.exe        Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\ravingreyvenBAApp.dll        Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe        Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\{e63d9559-e4c3-499e-867a-a3c9d0a21400}.dll        Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.Bromon.dll        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.BroStats.dll        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.BrowserAdapterS.dll        möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.CompatibilityChecker.dll        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.FFUpdate.dll        Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.IEUpdate.dll        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.PurBrowseG.dll        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\temp\musterbogen_einbuergerungstest - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\uwefraass\AppData\Local\Temp\is-K29IE.tmp\PDFCreator-1_7_3_setup.exe        Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung
C:\Users\uwefraass\AppData\Local\Temp\n5190\s5190.exe        Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung
C:\Users\uwefraass\AppData\Local\Temp\n5285\s5285.exe        Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung
Jetzt kommt noch das Log von Microosft Security Essential, das läuft gerade

Die hat gar nichts gefunden...

schrauber 23.06.2014 19:48
dann den restvon oben :)

uaf 25.06.2014 11:49
Tut mir leid, das verstehe ich nicht. Was ist "der Rest von oben"?

schrauber 25.06.2014 18:26
oben hab ich 3 Anweisungen gepostet, du hast nur Nummer 1 gemacht, den ESET Onlinescan.

uaf 01.07.2014 16:00
Ok, nach ein paar Tagen Pause kann ich weiter machen.
hier die 3 log-files:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.07.2014
Suchlauf-Zeit: 16:26:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.01.05
Rootkit Datenbank: v2014.07.01.01
Lizenz: Premium
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: uwefraass

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351497
Verstrichene Zeit: 10 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Trojan.Downloader, C:\ProgramData\dlprotect.exe, 3460, Löschen bei Neustart, [90c91a80aecdea4c9549960060a1936d]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64, In Quarantäne, [47124456dc9f3006eb2550ba778df30d],

Registrierungswerte: 1
Trojan.Downloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Download Protect, C:\ProgramData\dlprotect.exe, In Quarantäne, [90c91a80aecdea4c9549960060a1936d]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
Trojan.Downloader, C:\ProgramData\dlprotect.exe, Löschen bei Neustart, [90c91a80aecdea4c9549960060a1936d],
PUP.Optional.BundleInstaller.A, C:\Users\uwefraass\AppData\Local\Temp\n5190\s5190.exe, In Quarantäne, [30296a30c0bb88aeba3e81c8f50b41bf],
PUP.Optional.BundleInstaller.A, C:\Users\uwefraass\AppData\Local\Temp\n5285\s5285.exe, In Quarantäne, [99c0e8b23f3c3bfb7385fc4d80809769],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys, In Quarantäne, [47124456dc9f3006eb2550ba778df30d],

Physische Sektoren: 0
(No malicious items detected)


(end)

---------------

AdwCleaner Logfile:
Code:
# AdwCleaner v3.214 - Bericht erstellt am 01/07/2014 um 16:08:20
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : uwefraass - CHEF-PC
# Gestartet von : C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : DlProtectSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\SparPilotAddon
Ordner Gelöscht : C:\Users\UWEFRA~1\AppData\Local\Temp\raving reyven
Ordner Gelöscht : C:\Users\uwefraass\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Windows\System32\DlProtectSvc.exe
Datei Gelöscht : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\2ag6b0lj.default\prefs.js ]


[ Datei : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1952 octets] - [01/07/2014 16:04:34]
AdwCleaner[R2].txt - [2071 octets] - [01/07/2014 16:05:41]
AdwCleaner[S1].txt - [326 octets] - [01/07/2014 16:05:23]
AdwCleaner[S2].txt - [1988 octets] - [01/07/2014 16:08:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2048 octets] ##########
--- --- ---


*************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by uwefraass on 01.07.2014 at 16:47:22,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\uwefraass\AppData\Roaming\mozilla\firefox\profiles\bn2f83wa.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2014 at 16:53:55,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und hier noch ein aktuelles FRST.log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014
Ran by uwefraass (administrator) on CHEF-PC on 01-07-2014 16:59:22
Running from C:\Users\uwefraass\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\rasdlg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: [NameServer]192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}] - C:\Windows\Installer\{05316C15-4D79-49BA-B6E1-530C2AA84DE5}\{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{05316C15-4D79-49BA-B6E1-530C2AA84DE5}\{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}.xpi [2014-07-01]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-12]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-04] (Adobe Systems) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 typepesf; C:\Windows\system32\rasdlg64.exe [119296 2014-06-20] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                        )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 16:53 - 2014-07-01 16:55 - 00000764 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-07-01 16:27 - 2014-07-01 16:27 - 00002136 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S2].txt
2014-07-01 16:18 - 2014-07-01 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 16:18 - 2014-07-01 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:18 - 2014-07-01 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:18 - 2014-07-01 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 16:18 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 16:18 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 16:18 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-01 16:03 - 2014-07-01 16:04 - 01346519 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
2014-06-28 17:29 - 2014-06-28 17:29 - 00001151 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.xls - Verknüpfung.lnk
2014-06-25 17:25 - 2014-06-25 17:20 - 00240824 _____ () C:\Users\uwefraass\Desktop\ktos.xps
2014-06-23 12:31 - 2014-06-23 12:31 - 00002696 _____ () C:\Users\uwefraass\Desktop\eset_20140623.txt
2014-06-20 17:21 - 2014-06-20 17:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-20 17:00 - 2014-06-20 17:00 - 00001013 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\uwefraass\Documents\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-06-20 16:58 - 2014-06-20 16:58 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator1.7.3
2014-06-20 16:58 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-06-20 16:58 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-06-20 16:58 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-06-20 16:58 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-06-20 16:58 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-06-20 16:56 - 2014-06-20 16:56 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\dlg
2014-06-20 16:54 - 2014-06-20 16:54 - 00119296 _____ () C:\Windows\system32\rasdlg64.exe
2014-06-18 16:15 - 2014-06-18 16:15 - 00000000 ____D () C:\Users\uwefraass\AppData\Temp
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 10:52 - 2014-06-18 10:53 - 02347384 _____ (ESET) C:\Users\uwefraass\Desktop\esetsmartinstaller_deu.exe
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-07-01 16:08 - 00000000 ____D () C:\AdwCleaner
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 16:27 - 2014-07-01 16:42 - 00002033 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 15:25 - 2014-06-20 16:51 - 00119240 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:27 - 2014-06-17 10:44 - 00000000 ____D () C:\Qoobox
2014-06-17 10:27 - 2014-06-17 10:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-17 10:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-17 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-16 13:37 - 2014-07-01 16:59 - 00011531 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-16 13:37 - 2014-07-01 16:58 - 02083328 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-07-01 16:58 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:24 - 2014-06-13 13:28 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:24 - 2002-06-13 10:56 - 00315444 _____ () C:\Windows\SysWOW64\isdnapi32.dll
2014-06-13 13:24 - 2002-06-13 10:55 - 00262194 _____ (Auerswald GmbH & Co. KG) C:\Windows\SysWOW64\tpapi32.dll
2014-06-13 13:24 - 2001-01-22 15:52 - 00049152 _____ () C:\Windows\SysWOW64\AuerCapiJNINative.dll
2014-06-13 13:24 - 2000-07-26 10:40 - 00032768 _____ () C:\Windows\SysWOW64\AuerUsbJNINative.dll
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:48 - 2014-06-13 12:49 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 09:32 - 2014-06-13 10:52 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 19:02 - 2014-06-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-12 18:56 - 2014-06-13 13:25 - 00000000 ____D () C:\Auerswald
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 16:13 - 2014-06-13 11:15 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-11 15:29 - 2014-07-01 16:59 - 00000000 ____D () C:\FRST
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 12:03 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:03 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 12:03 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 12:03 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 12:03 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 12:03 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 12:01 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 12:01 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 12:01 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 12:01 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 12:01 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 12:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 12:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 12:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 12:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 12:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 12:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 09:58 - 2014-06-04 09:59 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:51 - 2014-06-17 10:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt

==================== One Month Modified Files and Folders =======

2014-07-01 16:59 - 2014-06-16 13:37 - 00011531 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-07-01 16:59 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-07-01 16:58 - 2014-06-16 13:37 - 02083328 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-07-01 16:58 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-07-01 16:55 - 2014-07-01 16:53 - 00000764 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-07-01 16:46 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 16:46 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 16:42 - 2014-06-17 16:27 - 00002033 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-07-01 16:41 - 2014-07-01 16:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 16:40 - 2014-03-03 19:11 - 01079155 _____ () C:\Windows\WindowsUpdate.log
2014-07-01 16:39 - 2014-03-06 19:55 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-01 16:39 - 2014-03-06 19:54 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-01 16:39 - 2014-03-04 14:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-01 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 16:39 - 2009-07-14 06:51 - 00034790 _____ () C:\Windows\setupact.log
2014-07-01 16:38 - 2014-03-05 16:37 - 00020252 _____ () C:\Windows\PFRO.log
2014-07-01 16:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-07-01 16:27 - 2014-07-01 16:27 - 00002136 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S2].txt
2014-07-01 16:27 - 2014-03-03 22:27 - 00000000 ____D () C:\temp
2014-07-01 16:25 - 2014-03-06 19:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-01 16:24 - 2014-07-01 16:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:24 - 2014-07-01 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:24 - 2014-07-01 16:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 16:16 - 2014-03-04 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-01 16:11 - 2014-03-04 14:54 - 00049188 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:08 - 2014-06-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-07-01 16:04 - 2014-07-01 16:03 - 01346519 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
2014-07-01 16:02 - 2014-03-04 20:27 - 00000000 ____D () C:\Immobilien
2014-06-30 15:16 - 2009-07-14 19:58 - 00657428 _____ () C:\Windows\system32\perfh007.dat
2014-06-30 15:16 - 2009-07-14 19:58 - 00130818 _____ () C:\Windows\system32\perfc007.dat
2014-06-30 15:16 - 2009-07-14 07:13 - 01507104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 19:08 - 2014-03-06 13:13 - 00003311 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-29 19:08 - 2014-03-06 13:13 - 00003234 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-28 17:29 - 2014-06-28 17:29 - 00001151 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.xls - Verknüpfung.lnk
2014-06-28 14:19 - 2009-07-14 04:34 - 00000750 _____ () C:\Windows\win.ini
2014-06-25 17:20 - 2014-06-25 17:25 - 00240824 _____ () C:\Users\uwefraass\Desktop\ktos.xps
2014-06-23 17:26 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-23 12:31 - 2014-06-23 12:31 - 00002696 _____ () C:\Users\uwefraass\Desktop\eset_20140623.txt
2014-06-20 17:21 - 2014-06-20 17:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-20 17:21 - 2014-03-04 13:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-06-20 17:00 - 2014-06-20 17:00 - 00001013 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\uwefraass\Documents\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 16:58 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-06-20 16:58 - 2014-06-20 16:58 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator1.7.3
2014-06-20 16:56 - 2014-06-20 16:56 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\dlg
2014-06-20 16:54 - 2014-06-20 16:54 - 00119296 _____ () C:\Windows\system32\rasdlg64.exe
2014-06-20 16:51 - 2014-06-17 15:25 - 00119240 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-18 16:15 - 2014-06-18 16:15 - 00000000 ____D () C:\Users\uwefraass\AppData\Temp
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 10:53 - 2014-06-18 10:52 - 02347384 _____ (ESET) C:\Users\uwefraass\Desktop\esetsmartinstaller_deu.exe
2014-06-18 07:59 - 2014-03-25 19:54 - 00000000 ____D () C:\Program Files (x86)\ActiveTraderDE
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:50 - 2014-03-11 19:15 - 01526060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-17 10:44 - 2014-06-17 10:27 - 00000000 ____D () C:\Qoobox
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:41 - 2014-06-17 10:27 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-17 10:33 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:28 - 2014-06-13 13:24 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:28 - 2014-06-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-13 13:25 - 2014-06-12 18:56 - 00000000 ____D () C:\Auerswald
2014-06-13 13:24 - 2014-03-05 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:49 - 2014-06-13 12:48 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 12:35 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 11:15 - 2014-06-11 16:13 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 10:52 - 2014-06-13 09:32 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 16:47 - 2014-03-04 16:42 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\Adobe
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 15:27 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass
2014-06-07 16:51 - 2014-03-06 19:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 16:48 - 2009-07-14 06:45 - 00304088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-06 14:01 - 2014-03-06 19:55 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2014-03-06 19:55 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 14:01 - 2014-03-06 19:54 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-04 15:43 - 2014-03-04 14:59 - 00069024 _____ () C:\Users\uwefraass\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:11 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Adobe
2014-06-04 10:05 - 2014-03-05 12:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 10:01 - 2014-03-05 12:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-04 09:59 - 2014-06-04 09:58 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt

Files to move or delete:
====================
C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat


Some content of TEMP:
====================
C:\Users\uwefraass\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:21

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 02.07.2014 11:51
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\raving reyven

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte. Noch Probleme?

uaf 02.07.2014 12:21
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by uwefraass at 2014-07-02 13:11:33 Run:1
Running from C:\Users\uwefraass\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\raving reyven
*****************

"C:\Program Files (x86)\raving reyven" => File/Directory not found.

==== End of Fixlog ====
Wegen dem Text ""C:\Program Files (x86)\raving reyven" => File/Directory not found." in der Logdatei habe ich mal auf dem PC nach "ravin" gesucht und es wurde folgendes Verzeichnis gefunden:
C:\AdwCleaner\Quarantine\C\Users\uwefraass\AppData\Local\Temp\raving reyven\

Darin befindet sich eine Datei: 7za.exe.vir

und hier das neue FRST.TXT

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by uwefraass (administrator) on CHEF-PC on 02-07-2014 13:18:51
Running from C:\Users\uwefraass\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\rasdlg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\java.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-715309621-2808863863-679364080-1146\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
Startup: C:\Users\uwefraass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{69DD83B2-061B-422E-BEDC-BED45830FAA1}: [NameServer]192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}] - C:\Windows\Installer\{05316C15-4D79-49BA-B6E1-530C2AA84DE5}\{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{05316C15-4D79-49BA-B6E1-530C2AA84DE5}\{D3548A54-BFE5-4CA8-B718-DCD107A5E6CA}.xpi [2014-07-01]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-12]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-04] (Adobe Systems) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 typepesf; C:\Windows\system32\rasdlg64.exe [119296 2014-06-20] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [208616 2013-07-01] (Auerswald GmbH & Co.KG                        )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 16:53 - 2014-07-01 16:55 - 00000764 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-07-01 16:27 - 2014-07-01 16:27 - 00002136 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S2].txt
2014-07-01 16:18 - 2014-07-02 09:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 16:18 - 2014-07-01 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:18 - 2014-07-01 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:18 - 2014-07-01 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 16:18 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 16:18 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 16:18 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-01 16:03 - 2014-07-01 16:04 - 01346519 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
2014-06-28 17:29 - 2014-06-28 17:29 - 00001151 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.xls - Verknüpfung.lnk
2014-06-25 17:25 - 2014-06-25 17:20 - 00240824 _____ () C:\Users\uwefraass\Desktop\ktos.xps
2014-06-23 12:31 - 2014-06-23 12:31 - 00002696 _____ () C:\Users\uwefraass\Desktop\eset_20140623.txt
2014-06-20 17:21 - 2014-06-20 17:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-20 17:00 - 2014-06-20 17:00 - 00001013 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\uwefraass\Documents\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-06-20 16:58 - 2014-06-20 16:58 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator1.7.3
2014-06-20 16:58 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-06-20 16:58 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-06-20 16:58 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-06-20 16:58 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-06-20 16:58 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-06-20 16:56 - 2014-06-20 16:56 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\dlg
2014-06-20 16:54 - 2014-06-20 16:54 - 00119296 _____ () C:\Windows\system32\rasdlg64.exe
2014-06-18 16:15 - 2014-06-18 16:15 - 00000000 ____D () C:\Users\uwefraass\AppData\Temp
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 10:52 - 2014-06-18 10:53 - 02347384 _____ (ESET) C:\Users\uwefraass\Desktop\esetsmartinstaller_deu.exe
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-07-01 16:08 - 00000000 ____D () C:\AdwCleaner
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 16:27 - 2014-07-01 16:42 - 00002033 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 15:25 - 2014-06-20 16:51 - 00119240 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:27 - 2014-06-17 10:44 - 00000000 ____D () C:\Qoobox
2014-06-17 10:27 - 2014-06-17 10:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-17 10:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-17 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-17 10:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-16 13:37 - 2014-07-02 13:18 - 00012500 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-06-16 13:37 - 2014-07-02 13:11 - 02083840 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-06-16 13:37 - 2014-07-02 13:11 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:24 - 2014-06-13 13:28 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:24 - 2002-06-13 10:56 - 00315444 _____ () C:\Windows\SysWOW64\isdnapi32.dll
2014-06-13 13:24 - 2002-06-13 10:55 - 00262194 _____ (Auerswald GmbH & Co. KG) C:\Windows\SysWOW64\tpapi32.dll
2014-06-13 13:24 - 2001-01-22 15:52 - 00049152 _____ () C:\Windows\SysWOW64\AuerCapiJNINative.dll
2014-06-13 13:24 - 2000-07-26 10:40 - 00032768 _____ () C:\Windows\SysWOW64\AuerUsbJNINative.dll
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:48 - 2014-06-13 12:49 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 09:32 - 2014-06-13 10:52 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 19:02 - 2014-06-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-12 18:56 - 2014-06-13 13:25 - 00000000 ____D () C:\Auerswald
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 16:13 - 2014-06-13 11:15 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-11 15:29 - 2014-07-02 13:18 - 00000000 ____D () C:\FRST
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 12:03 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:03 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 12:03 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 12:03 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 12:03 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 12:03 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 12:03 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 12:03 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 12:01 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 12:01 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 12:01 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 12:01 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 12:01 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 12:01 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 12:01 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 12:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 12:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 12:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 12:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 12:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 12:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 12:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 12:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 12:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 12:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 12:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 12:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 12:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 09:58 - 2014-06-04 09:59 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:51 - 2014-06-17 10:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt

==================== One Month Modified Files and Folders =======

2014-07-02 13:19 - 2014-06-16 13:37 - 00012500 _____ () C:\Users\uwefraass\Desktop\FRST.txt
2014-07-02 13:18 - 2014-06-11 15:29 - 00000000 ____D () C:\FRST
2014-07-02 13:16 - 2014-03-04 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 13:11 - 2014-06-16 13:37 - 02083840 _____ (Farbar) C:\Users\uwefraass\Desktop\FRST64.exe
2014-07-02 13:11 - 2014-06-16 13:37 - 00000000 ____D () C:\Users\uwefraass\Desktop\FRST-OlderVersion
2014-07-02 13:09 - 2014-03-04 20:27 - 00000000 ____D () C:\Immobilien
2014-07-02 12:25 - 2014-03-06 19:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-02 11:53 - 2014-03-04 14:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-02 10:02 - 2014-03-03 22:27 - 00000000 ____D () C:\temp
2014-07-02 09:44 - 2014-03-06 13:13 - 00003388 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-07-02 09:44 - 2014-03-06 13:13 - 00003311 _____ () C:\Users\uwefraass\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-02 09:23 - 2014-07-01 16:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 06:10 - 2014-03-03 19:11 - 01231287 _____ () C:\Windows\WindowsUpdate.log
2014-07-01 16:55 - 2014-07-01 16:53 - 00000764 _____ () C:\Users\uwefraass\Desktop\JRT.txt
2014-07-01 16:46 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 16:46 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 16:42 - 2014-06-17 16:27 - 00002033 _____ () C:\Users\uwefraass\Desktop\mbam.txt
2014-07-01 16:39 - 2014-03-06 19:55 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-01 16:39 - 2014-03-06 19:54 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-01 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 16:39 - 2009-07-14 06:51 - 00034790 _____ () C:\Windows\setupact.log
2014-07-01 16:38 - 2014-03-05 16:37 - 00020252 _____ () C:\Windows\PFRO.log
2014-07-01 16:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-07-01 16:27 - 2014-07-01 16:27 - 00002136 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S2].txt
2014-07-01 16:24 - 2014-07-01 16:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:24 - 2014-07-01 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:24 - 2014-07-01 16:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 16:11 - 2014-03-04 14:54 - 00049188 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:08 - 2014-06-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-07-01 16:04 - 2014-07-01 16:03 - 01346519 _____ () C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
2014-06-30 15:16 - 2009-07-14 19:58 - 00657428 _____ () C:\Windows\system32\perfh007.dat
2014-06-30 15:16 - 2009-07-14 19:58 - 00130818 _____ () C:\Windows\system32\perfc007.dat
2014-06-30 15:16 - 2009-07-14 07:13 - 01507104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 17:29 - 2014-06-28 17:29 - 00001151 _____ () C:\Users\uwefraass\Desktop\BIC und IBAN Liste.xls - Verknüpfung.lnk
2014-06-28 14:19 - 2009-07-14 04:34 - 00000750 _____ () C:\Windows\win.ini
2014-06-25 17:20 - 2014-06-25 17:25 - 00240824 _____ () C:\Users\uwefraass\Desktop\ktos.xps
2014-06-23 17:26 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-23 12:31 - 2014-06-23 12:31 - 00002696 _____ () C:\Users\uwefraass\Desktop\eset_20140623.txt
2014-06-20 17:21 - 2014-06-20 17:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-20 17:21 - 2014-06-20 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-20 17:21 - 2014-03-04 13:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-06-20 17:00 - 2014-06-20 17:00 - 00001013 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\uwefraass\Documents\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-06-20 17:00 - 2014-06-20 16:58 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-06-20 16:58 - 2014-06-20 16:58 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-06-20 16:58 - 2014-06-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator1.7.3
2014-06-20 16:56 - 2014-06-20 16:56 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\dlg
2014-06-20 16:54 - 2014-06-20 16:54 - 00119296 _____ () C:\Windows\system32\rasdlg64.exe
2014-06-20 16:51 - 2014-06-17 15:25 - 00119240 _____ () C:\Windows\SysWOW64\~.tmp
2014-06-18 16:15 - 2014-06-18 16:15 - 00000000 ____D () C:\Users\uwefraass\AppData\Temp
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 10:53 - 2014-06-18 10:52 - 02347384 _____ (ESET) C:\Users\uwefraass\Desktop\esetsmartinstaller_deu.exe
2014-06-18 07:59 - 2014-03-25 19:54 - 00000000 ____D () C:\Program Files (x86)\ActiveTraderDE
2014-06-17 16:36 - 2014-06-17 16:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 16:31 - 2014-06-17 16:31 - 00002011 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[S0].txt
2014-06-17 16:29 - 2014-06-17 16:29 - 00001950 _____ () C:\Users\uwefraass\Desktop\AdwCleaner[R0].txt
2014-06-17 15:42 - 2014-06-17 15:42 - 01016261 _____ (Thisisu) C:\Users\uwefraass\Desktop\JRT.exe
2014-06-17 11:16 - 2014-06-17 11:16 - 00001115 _____ () C:\Users\uwefraass\Documents\Anfrage001.txt
2014-06-17 10:50 - 2014-03-11 19:15 - 01526060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-17 10:44 - 2014-06-17 10:27 - 00000000 ____D () C:\Qoobox
2014-06-17 10:43 - 2014-06-17 10:43 - 00019739 _____ () C:\ComboFix.txt
2014-06-17 10:41 - 2014-06-17 10:27 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 10:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-17 10:33 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-16 13:30 - 2014-06-16 13:30 - 05206841 ____R (Swearware) C:\Users\uwefraass\Desktop\ComboFix.exe
2014-06-13 13:28 - 2014-06-13 13:24 - 00000000 ____D () C:\Program Files (x86)\Auerswald
2014-06-13 13:28 - 2014-06-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auerswald
2014-06-13 13:25 - 2014-06-12 18:56 - 00000000 ____D () C:\Auerswald
2014-06-13 13:24 - 2014-03-05 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 13:04 - 2014-06-13 13:04 - 00003118 _____ () C:\Windows\System32\Tasks\{2E5D5999-7D7B-4970-A722-1169E7C663BA}
2014-06-13 12:49 - 2014-06-13 12:48 - 00000156 _____ () C:\Windows\silent.log
2014-06-13 12:35 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 11:15 - 2014-06-11 16:13 - 00002439 _____ () C:\Users\uwefraass\Desktop\Troj_Dokument1.txt
2014-06-13 11:03 - 2014-06-13 11:03 - 00023176 _____ () C:\Users\uwefraass\Desktop\Addition.log
2014-06-13 10:52 - 2014-06-13 09:32 - 00000633 _____ () C:\Users\uwefraass\Desktop\gmer.txt
2014-06-12 16:47 - 2014-03-04 16:42 - 00000000 ____D () C:\Users\uwefraass\AppData\Roaming\Adobe
2014-06-11 17:58 - 2014-06-11 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 15:27 - 2014-06-11 15:27 - 00000000 _____ () C:\Users\uwefraass\defogger_reenable
2014-06-11 15:27 - 2014-03-04 14:59 - 00000000 ____D () C:\Users\uwefraass
2014-06-07 16:51 - 2014-03-06 19:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-07 16:48 - 2009-07-14 06:45 - 00304088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-06 14:01 - 2014-03-06 19:55 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2014-03-06 19:55 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 14:01 - 2014-03-06 19:54 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-04 15:43 - 2014-03-04 14:59 - 00069024 _____ () C:\Users\uwefraass\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:11 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\uwefraass\AppData\Local\Adobe
2014-06-04 10:05 - 2014-03-05 12:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-04 10:04 - 2014-06-04 10:04 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-04 10:02 - 2014-06-04 10:02 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-06-04 10:02 - 2014-06-04 10:02 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-06-04 10:01 - 2014-03-05 12:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-04 09:59 - 2014-06-04 09:58 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-03 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-03 18:56 - 2014-06-03 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:51 - 2014-06-03 18:51 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-03 18:47 - 2014-06-03 18:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-06-03 18:34 - 2014-06-03 18:34 - 00016010 _____ () C:\Users\uwefraass\Desktop\XFAfJbcX.htm
2014-06-03 12:44 - 2014-06-03 12:44 - 00000029 _____ () C:\Users\uwefraass\Documents\Photoshop.txt

Files to move or delete:
====================
C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat


Some content of TEMP:
====================
C:\Users\uwefraass\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:21

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 03.07.2014 11:34
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R2 typepesf; C:\Windows\system32\rasdlg64.exe [119296 2014-06-20] () [File not signed]
C:\Windows\system32\rasdlg64.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme?

uaf 03.07.2014 12:05
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by uwefraass at 2014-07-03 12:58:32 Run:2
Running from C:\Users\uwefraass\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R2 typepesf; C:\Windows\system32\rasdlg64.exe [119296 2014-06-20] () [File not signed]
C:\Windows\system32\rasdlg64.exe
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
typepesf => Service stopped successfully.
typepesf => Service deleted successfully.
C:\Windows\system32\rasdlg64.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

schrauber 03.07.2014 12:29
ich frag dann jetzt zum 458mal:

Noch Probleme?

uaf 03.07.2014 15:41
Ob ich noch Probleme habe kann ich nicht sagen, denn ich hatte die ja nur wie ganz am Anfang beschrieben einmal mit der eigenartigen SMS eine TAN einzugeben.
Wie kann ich denn feststellen ob der / die Trojaner noch da sind oder gelöscht sind?
ich lass jetzt nochmal adwcleaner laufen und mbam .
mal sehen welche Meldungen dann kommen.
Ich melde mich danach wieder.
Erstmal so vielen Dank

Hallo,
hier zunächst die Logstei des AWD-cleaner:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.214 - Bericht erstellt am 03/07/2014 um 15:43:51
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : uwefraass - CHEF-PC
# Gestartet von : C:\Users\uwefraass\Desktop\adwcleaner_3.214.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\2ag6b0lj.default\prefs.js ]


[ Datei : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1952 octets] - [01/07/2014 16:04:34]
AdwCleaner[R2].txt - [2071 octets] - [01/07/2014 16:05:41]
AdwCleaner[R3].txt - [899 octets] - [03/07/2014 15:43:51]
AdwCleaner[S1].txt - [326 octets] - [01/07/2014 16:05:23]
AdwCleaner[S2].txt - [2136 octets] - [01/07/2014 16:08:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1077 octets] ##########
--- --- ---


MBAM hat auch nichts gefunden, also denke ich dass wohl soweit alles clean sein sollte.
ich werde es mal beobachten und dann - falls was kommt - wieder melden.

Gerzlichen dank für die Hilfe. Wo und wie kann ich mich denn spendentechnisch oder per Rechnung bedanken?

was ist denn eigentlich mit diesen beiden Meldungen vom AWD-Cleaner? sind das Trojaner oder malware oder ist es dieses idiotische Ravin Reyven das dauernd Werbung hochpoppt?
Code:
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\2ag6b0lj.default\prefs.js ]
[ Datei : C:\Users\uwefraass\AppData\Roaming\Mozilla\Firefox\Profiles\bn2f83wa.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1952 octets] - [01/07/2014 16:04:34]
AdwCleaner[R2].txt - [2071 octets] - [01/07/2014 16:05:41]
AdwCleaner[R3].txt - [1157 octets] - [03/07/2014 15:43:51]
AdwCleaner[R4].txt - [1277 octets] - [03/07/2014 16:06:03]
AdwCleaner[S1].txt - [326 octets] - [01/07/2014 16:05:23]
AdwCleaner[S2].txt - [2136 octets] - [01/07/2014 16:08:20]
AdwCleaner[S3].txt - [1219 octets] - [03/07/2014 16:01:22]
AdwCleaner[S4].txt - [1199 octets] - [03/07/2014 16:08:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1259 octets] ##########

schrauber 04.07.2014 13:06
Das sind einfach nur die Profile von Firefox die gelistet werden.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131