Logical123 | 21.06.2014 12:24 | Danke für die schnelle Antwort. Anbei die logs.
MBAM SCANLOG Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 21.06.2014
Scan Time: 12:05:45
Logfile: scanlog malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.21.02
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: THE
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286469
Time Elapsed: 21 min, 15 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1796, Delete-on-Reboot, [987e1269f38835017bb51faadf221ee2]
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [5fb73546f883d85e69b498e3bb47dc24],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [a472e695f883f93d5bc39cdf0af8f60a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [53c3b2c994e7dc5ab4c6a821fb079769],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3662517450-2009597863-3860512860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Delete-on-Reboot, [fd19c1ba7dfe6acc87aa0cabb54df30d],
Registry Values: 1
PUP.Optional.SearchProtection.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Search Protection, C:\ProgramData\Search Protection\SearchProtection.exe, Quarantined, [58be2d4eb7c4c373c52d27a1b34fc33d]
Registry Data: 4
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRj4,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRj4,&q={searchTerms}),Replaced,[26f02e4d3645bf77571bc5b158ace818]
PUP.Optional.Snapdo, HKU\S-1-5-21-3662517450-2009597863-3860512860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}),Delete-on-Reboot,[0412a5d6cdae0b2b2eac90efe71da060]
PUP.Optional.Snapdo, HKU\S-1-5-21-3662517450-2009597863-3860512860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}),Delete-on-Reboot,[ae68017a8deea6906f6cf18e9e66d22e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3662517450-2009597863-3860512860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gpNJk9530fJniBzWfhMQ3I_gwPgCGgWuF12C5OLKo_YU0yvyLurPtmNlbQOhk9AE0W2lPs-14NrSHZstM7m_se7voNzFaefe8gMDAvOlvEQEUrFW-8yMvPcU8LyaRjo,&q={searchTerms}),Delete-on-Reboot,[ba5c5427047793a34d268ee88282c13f]
Folders: 4
PUP.Optional.OpenCandy, C:\Users\THE\AppData\Roaming\OpenCandy, Quarantined, [46d04e2d7dfe70c6bf240f7e23df43bd],
PUP.Optional.OpenCandy, C:\Users\THE\AppData\Roaming\OpenCandy\AFF6962C12A7491B978D0155A6261203, Quarantined, [46d04e2d7dfe70c6bf240f7e23df43bd],
PUP.Optional.OpenCandy, C:\Users\THE\AppData\Roaming\OpenCandy\E1E9E46C79254DDA92C9D0EA88E9B818, Quarantined, [46d04e2d7dfe70c6bf240f7e23df43bd],
PUP.Optional.Iminent.A, C:\Users\THE\AppData\Roaming\IminentToolbar, Quarantined, [67afc1ba6d0e1a1c2b8007881ee44bb5],
Files: 6
RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [987e1269f38835017bb51faadf221ee2],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIFE05.tmp, Quarantined, [57bff883e69563d3e6462a04d52b1be5],
PUP.Optional.SearchProtection.A, C:\ProgramData\Search Protection\SearchProtection.exe, Quarantined, [58be2d4eb7c4c373c52d27a1b34fc33d],
PUP.Optional.OpenCandy, C:\Users\THE\AppData\Roaming\OpenCandy\AFF6962C12A7491B978D0155A6261203\TuneUpUtilities2013_2200218_de-DE.exe, Quarantined, [46d04e2d7dfe70c6bf240f7e23df43bd],
PUP.Optional.OpenCandy, C:\Users\THE\AppData\Roaming\OpenCandy\E1E9E46C79254DDA92C9D0EA88E9B818\TuneUpUtilities2012_de-DE.exe, Quarantined, [46d04e2d7dfe70c6bf240f7e23df43bd],
PUP.Optional.Iminent.A, C:\Users\THE\AppData\Roaming\IminentToolbar\sqlite3.dll, Quarantined, [67afc1ba6d0e1a1c2b8007881ee44bb5],
Physical Sectors: 0
(No malicious items detected)
(end) MBAM Protection Log Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 21.06.2014 12:05:05, SYSTEM, HILDE-PC, Protection, Malware Protection, Starting,
Protection, 21.06.2014 12:05:05, SYSTEM, HILDE-PC, Protection, Malware Protection, Started,
Protection, 21.06.2014 12:05:05, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.06.2014 12:05:09, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Started,
Update, 21.06.2014 12:05:28, SYSTEM, HILDE-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.20.1,
Update, 21.06.2014 12:05:40, SYSTEM, HILDE-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.21.2,
Protection, 21.06.2014 12:05:42, SYSTEM, HILDE-PC, Protection, Refresh, Starting,
Protection, 21.06.2014 12:05:43, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 21.06.2014 12:05:43, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 21.06.2014 12:06:09, SYSTEM, HILDE-PC, Protection, Refresh, Success,
Protection, 21.06.2014 12:06:09, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.06.2014 12:06:10, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Started,
Protection, 21.06.2014 12:31:04, SYSTEM, HILDE-PC, Protection, Malware Protection, Starting,
Protection, 21.06.2014 12:31:04, SYSTEM, HILDE-PC, Protection, Malware Protection, Started,
Protection, 21.06.2014 12:31:04, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.06.2014 12:33:16, SYSTEM, HILDE-PC, Protection, Malicious Website Protection, Started,
(end) AdwCleaner Code:
# AdwCleaner v3.212 - Bericht erstellt am 21/06/2014 um 12:45:29
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : THE - HILDE-PC
# Gestartet von : C:\Users\THE\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Search Protection
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files\Toolbar Cleaner
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\THE\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\THE\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\THE\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\THE\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\THE\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\THE\AppData\Roaming\SecureSearch
Ordner Gelöscht : C:\Users\THE\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\THE\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\THE\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xml
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\THE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf[2]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf[2]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar (1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar (1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6293 octets] - [21/06/2014 12:37:49]
AdwCleaner[S0].txt - [5930 octets] - [21/06/2014 12:45:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5990 octets] ########## JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by THE on 21.06.2014 at 12:59:37,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-09A0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-09A0_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\wscm32.dll"
Successfully deleted: [File] "C:\Windows\system32\wscm64.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2014 at 13:09:59,25
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by THE (administrator) on HILDE-PC on 21-06-2014 13:12:45
Running from C:\Users\THE\Cookies\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKU\S-1-5-21-3662517450-2009597863-3860512860-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3662517450-2009597863-3860512860-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-02-24] ()
HKU\S-1-5-21-3662517450-2009597863-3860512860-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3662517450-2009597863-3860512860-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\THE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\THE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\THE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:14391
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC7882AC222DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0A8923B8-D8DB-4C98-91FF-491D43AEB834} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0A8923B8-D8DB-4C98-91FF-491D43AEB834} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.115.253
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2013-10-23]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-07] (Avira Operations GmbH & Co. KG)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-06-16] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-18] (Avira GmbH)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 catchme; \??\C:\Users\THE\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-21 13:10 - 2014-06-21 13:10 - 00001763 _____ () C:\Users\THE\Desktop\JRT_new.txt
2014-06-21 13:10 - 2014-06-21 13:09 - 00001763 _____ () C:\Users\THE\Desktop\JRT.txt
2014-06-21 12:52 - 2014-06-21 12:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 12:50 - 2014-06-21 12:50 - 00006070 _____ () C:\Users\THE\Desktop\AdwCleaner[S0].txt
2014-06-21 12:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-21 12:37 - 2014-06-21 12:45 - 00000000 ____D () C:\AdwCleaner
2014-06-21 12:07 - 2014-06-21 12:07 - 01333465 _____ () C:\Users\THE\Desktop\adwcleaner_3.212.exe
2014-06-21 12:07 - 2014-06-21 12:07 - 01016261 _____ (Thisisu) C:\Users\THE\Desktop\JRT.exe
2014-06-21 12:04 - 2014-06-21 12:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 12:04 - 2014-06-21 12:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 12:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 12:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 12:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-19 22:28 - 2014-06-19 22:28 - 00017221 _____ () C:\ComboFix.txt
2014-06-19 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 21:52 - 2014-06-19 22:28 - 00000000 ____D () C:\Qoobox
2014-06-19 21:52 - 2014-06-19 22:25 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 21:46 - 2014-06-19 21:46 - 05207168 ____R (Swearware) C:\Users\THE\Desktop\ComboFix.exe
2014-06-19 21:42 - 2014-06-19 21:42 - 00001226 _____ () C:\Users\THE\Desktop\Revo Uninstaller.lnk
2014-06-19 21:42 - 2014-06-19 21:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-19 19:58 - 2014-06-21 13:12 - 00000000 ____D () C:\FRST
2014-06-19 19:48 - 2014-06-19 19:49 - 00000020 _____ () C:\Users\THE\defogger_reenable
2014-06-19 19:47 - 2014-06-19 19:47 - 00025756 _____ () C:\Users\THE\AVSCAN-20140616-001740-0A75A3E8.LOG
2014-06-19 19:43 - 2014-06-19 19:43 - 00053922 _____ () C:\Users\THE\AVSCAN-20140619-154146-82394699.LOG
2014-06-18 01:22 - 2014-06-18 01:22 - 00000000 ____D () C:\Users\THE\AppData\Roaming\EurekaLab s.a.s
2014-06-12 14:02 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 14:02 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 14:02 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 14:02 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 14:02 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 14:02 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 14:02 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 14:02 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 14:02 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 14:02 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 14:02 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 14:02 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 14:02 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 14:02 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 14:02 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 14:02 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 14:02 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 14:02 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 14:02 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 14:02 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 14:02 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 14:02 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 14:02 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 14:02 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 14:02 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 14:02 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 14:02 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 14:02 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 14:01 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 14:01 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 14:01 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 14:01 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 14:01 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 14:01 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 14:01 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 14:01 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 14:01 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 14:01 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-08 17:07 - 2014-06-08 17:07 - 00000000 ____D () C:\Users\THE\AppData\Local\NVIDIA
2014-06-08 11:26 - 2014-06-08 17:05 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Wise Registry Cleaner
2014-06-08 11:26 - 2014-06-08 11:26 - 00001189 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Program Files\Wise
2014-06-07 23:08 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-06-07 21:39 - 2014-06-21 12:56 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-07 21:39 - 2014-06-07 21:39 - 00000000 ____D () C:\Users\THE\AppData\Roaming\LavasoftStatistics
2014-06-07 21:39 - 2014-06-07 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-07 21:37 - 2014-06-07 21:38 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-07 21:37 - 2014-06-07 21:37 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Lavasoft
2014-06-07 21:36 - 2014-06-07 21:36 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-07 21:34 - 2014-06-07 21:34 - 00000000 ____D () C:\ProgramData\Lavasoft
==================== One Month Modified Files and Folders =======
2014-06-21 13:12 - 2014-06-19 19:58 - 00000000 ____D () C:\FRST
2014-06-21 13:10 - 2014-06-21 13:10 - 00001763 _____ () C:\Users\THE\Desktop\JRT_new.txt
2014-06-21 13:09 - 2014-06-21 13:10 - 00001763 _____ () C:\Users\THE\Desktop\JRT.txt
2014-06-21 13:05 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 13:05 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 12:59 - 2014-06-21 12:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 12:56 - 2014-06-07 21:39 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-21 12:56 - 2014-05-03 19:45 - 00000000 ____D () C:\Users\THE\AppData\Roaming\DropboxMaster
2014-06-21 12:56 - 2012-07-28 15:56 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Dropbox
2014-06-21 12:55 - 2011-08-15 22:51 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 12:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 12:55 - 2009-07-14 06:39 - 00070077 _____ () C:\Windows\setupact.log
2014-06-21 12:54 - 2011-06-16 13:23 - 01496357 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 12:52 - 2014-06-21 12:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 12:50 - 2014-06-21 12:50 - 00006070 _____ () C:\Users\THE\Desktop\AdwCleaner[S0].txt
2014-06-21 12:50 - 2012-04-10 08:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 12:46 - 2011-06-16 13:37 - 00671920 _____ () C:\Windows\PFRO.log
2014-06-21 12:45 - 2014-06-21 12:37 - 00000000 ____D () C:\AdwCleaner
2014-06-21 12:45 - 2014-04-23 00:11 - 00001062 _____ () C:\Users\THE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-21 12:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-06-21 12:17 - 2011-08-15 22:51 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 12:07 - 2014-06-21 12:07 - 01333465 _____ () C:\Users\THE\Desktop\adwcleaner_3.212.exe
2014-06-21 12:07 - 2014-06-21 12:07 - 01016261 _____ (Thisisu) C:\Users\THE\Desktop\JRT.exe
2014-06-21 12:04 - 2014-06-21 12:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 12:04 - 2014-06-21 12:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-19 22:28 - 2014-06-19 22:28 - 00017221 _____ () C:\ComboFix.txt
2014-06-19 22:28 - 2014-06-19 21:52 - 00000000 ____D () C:\Qoobox
2014-06-19 22:28 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-19 22:28 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-19 22:25 - 2014-06-19 21:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 22:20 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 21:46 - 2014-06-19 21:46 - 05207168 ____R (Swearware) C:\Users\THE\Desktop\ComboFix.exe
2014-06-19 21:46 - 2011-08-15 22:51 - 00000000 ____D () C:\Program Files\Google
2014-06-19 21:42 - 2014-06-19 21:42 - 00001226 _____ () C:\Users\THE\Desktop\Revo Uninstaller.lnk
2014-06-19 21:42 - 2014-06-19 21:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-19 21:13 - 2014-05-14 14:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 21:13 - 2011-08-08 12:17 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Mozilla
2014-06-19 19:49 - 2014-06-19 19:48 - 00000020 _____ () C:\Users\THE\defogger_reenable
2014-06-19 19:48 - 2011-06-16 11:34 - 00000000 ____D () C:\Users\THE
2014-06-19 19:47 - 2014-06-19 19:47 - 00025756 _____ () C:\Users\THE\AVSCAN-20140616-001740-0A75A3E8.LOG
2014-06-19 19:43 - 2014-06-19 19:43 - 00053922 _____ () C:\Users\THE\AVSCAN-20140619-154146-82394699.LOG
2014-06-18 03:00 - 2014-04-08 20:29 - 00000560 _____ () C:\Users\THE\Documents\NotenEinstellungen.ini
2014-06-18 01:22 - 2014-06-18 01:22 - 00000000 ____D () C:\Users\THE\AppData\Roaming\EurekaLab s.a.s
2014-06-17 09:53 - 2011-06-16 11:33 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 04:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:30 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 03:13 - 2011-06-16 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 03:11 - 2013-08-15 03:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:05 - 2011-06-17 22:06 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 23:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-08 17:07 - 2014-06-08 17:07 - 00000000 ____D () C:\Users\THE\AppData\Local\NVIDIA
2014-06-08 17:07 - 2011-06-16 13:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-08 17:05 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Wise Registry Cleaner
2014-06-08 11:26 - 2014-06-08 11:26 - 00001189 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Program Files\Wise
2014-06-08 10:48 - 2014-06-12 14:01 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 14:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 23:09 - 2012-02-14 22:09 - 00000000 ____D () C:\Temp
2014-06-07 23:08 - 2012-11-19 04:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-07 22:26 - 2014-02-15 01:27 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-07 22:26 - 2014-02-15 01:27 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-07 21:39 - 2014-06-07 21:39 - 00000000 ____D () C:\Users\THE\AppData\Roaming\LavasoftStatistics
2014-06-07 21:39 - 2014-06-07 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-07 21:38 - 2014-06-07 21:37 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-07 21:37 - 2014-06-07 21:37 - 00000000 ____D () C:\Users\THE\AppData\Roaming\Lavasoft
2014-06-07 21:36 - 2014-06-07 21:36 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-07 21:34 - 2014-06-07 21:34 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-07 00:18 - 2013-06-18 22:31 - 00001031 _____ () C:\Users\THE\Desktop\Biomembranen.lnk
2014-06-07 00:18 - 2012-11-25 02:06 - 00001140 _____ () C:\Users\THE\Desktop\Free YouTube Download.lnk
2014-05-30 11:18 - 2014-06-12 14:02 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 14:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 14:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 14:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 14:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 14:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 14:02 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 14:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 14:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 14:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 14:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 14:02 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 14:02 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 14:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 14:02 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 14:02 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 14:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 14:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 14:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 14:02 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 14:02 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 14:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 14:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 14:02 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 14:02 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 14:02 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 14:02 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 14:02 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\THE\AppData\Local\Temp\avgnt.exe
C:\Users\THE\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeix2wb.dll
C:\Users\THE\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 01:07
==================== End Of Log ============================ --- --- ---
--- --- ---
Sieht doch ganz gut aus oder? Was gibt es noch zu tun?
Vielen Dank und beste Grüße! |