ihansklaus | 20.07.2014 20:04 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 20.07.2014
Suchlauf-Zeit: 19:19:23
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.20.04
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Rico
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286687
Verstrichene Zeit: 12 Min, 36 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1296, Löschen bei Neustart, [5173ecb5205bc175e0853d21b44d5fa1]
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, 1480, Löschen bei Neustart, [bf05079a3447251180df4c45df2232ce]
Module: 1
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b212029f2f4cd4624271414c25dc8977],
Registrierungsschlüssel: 17
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [5173ecb5205bc175e0853d21b44d5fa1],
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsProtectManger, In Quarantäne, [bf05079a3447251180df4c45df2232ce],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger, In Quarantäne, [bf05079a3447251180df4c45df2232ce],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [b80cd7cac8b367cf0129b89f4eb413ed],
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [7b49adf4d2a9201663c6d1f637cbc13f],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [9d27425f0e6d9f9740d307d106fc08f8],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [24a05051bfbcae8835710606ef15c23e],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, In Quarantäne, [f8cc9f020b70cd69f85c2e9800020ef2],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [853f31707cff5bdb0c57508e6e94b34d],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7450b4ed9ae1bd7990166aa2a75da45c],
PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, In Quarantäne, [754f465bd4a7c472228a578c788adc24],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, In Quarantäne, [b113d3ce2a51cf67b0678058d42e11ef],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [5272efb2fc7f68cec84953740cf61ee2],
PUP.Optional.Qone8, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1fa5673a28537cbae0c521ebf70d55ab],
Registrierungswerte: 1
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER|ImagePath, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service, In Quarantäne, [c9fb544da8d3ca6c40677f4ac43e619f]
Registrierungsdaten: 8
PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[9133e0c1bac1e25422917b12a75aac54]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[13b1f5acea91a88e51aa3f607292b24e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[477de0c1403b7cba32f8713935cf8977]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}),Ersetzt,[3391930e5c1f191d59a08d128b7935cb]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[daea247dc4b7033356a1950a11f3827e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[d5efb0f16c0fb284d328039c12f227d9]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[566eb3ee85f626100426c5e537cda759]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=),Ersetzt,[e7dde2bf146785b10d5c2e714eb6e020]
Ordner: 40
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [a2226f324a3172c4f314a5ef15edee12],
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy, In Quarantäne, [84404f527209df578a201a89fd05837d],
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\8130BE1525174DA3B97D3701F7F97513, In Quarantäne, [84404f527209df578a201a89fd05837d],
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\FEE391BD11614A0D9B3D28DF4D4D6E0A, In Quarantäne, [84404f527209df578a201a89fd05837d],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, In Quarantäne, [b90bf1b02d4e0e28022fe3cc51b1e61a],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [b90bf1b02d4e0e28022fe3cc51b1e61a],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [af15b2ef9ae1ee488ff216a3db279a66],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [af15b2ef9ae1ee488ff216a3db279a66],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, Löschen bei Neustart, [53712b764c2f2e08e74101b97a88ae52],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52],
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday, In Quarantäne, [91338a1792e9b581b65775484db5d42c],
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday, In Quarantäne, [91338a1792e9b581b65775484db5d42c],
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0, In Quarantäne, [91338a1792e9b581b65775484db5d42c],
Dateien: 77
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [5173ecb5205bc175e0853d21b44d5fa1],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b212029f2f4cd4624271414c25dc8977],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, Löschen bei Neustart, [bf05079a3447251180df4c45df2232ce],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [9133e0c1bac1e25422917b12a75aac54],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72],
PUP.Optional.Conduit.A, C:\Users\Rico\AppData\Roaming\OpenCandy\8130BE1525174DA3B97D3701F7F97513\SSStub_SearchProtect_p1v0.exe, In Quarantäne, [576d445ddf9cb680c9d376aed928e51b],
PUP.Optional.Skytech.A, C:\$RECYCLE.BIN\S-1-5-21-1296850485-3907825808-2435419184-1000\$RIXN03Z\UninstallManager.exe, In Quarantäne, [e4e0594882f92511159e0984758c43bd],
PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [fec60c95bac1d95dcbdc4253f311f709],
PUP.Optional.Amonetize, C:\Windows\SysWOW64\nethtsrv.exe, In Quarantäne, [5173c8d96f0c40f63fc22c69cb36f50b],
PUP.Optional.Amonetize, C:\Windows\SysWOW64\netupdsrv.exe, In Quarantäne, [b014445dd4a75cdac240346116eb07f9],
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, In Quarantäne, [9e26059caad15dd9a8877421dd24ec14],
PUP.Optional.OptimumInstaller.A, C:\Users\Rico\Downloads\setup.exe, In Quarantäne, [d8ecf2af265543f3d6ea9eb739c87f81],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25],
Rogue.Multiple, C:\ProgramData\374311380\BITACB5.tmp, In Quarantäne, [a2226f324a3172c4f314a5ef15edee12],
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\FEE391BD11614A0D9B3D28DF4D4D6E0A\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, In Quarantäne, [84404f527209df578a201a89fd05837d],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [af15b2ef9ae1ee488ff216a3db279a66],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-18[10-51-11-342].log, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update\conf, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52],
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl, In Quarantäne, [91338a1792e9b581b65775484db5d42c],
PUP.Optional.WebsSearches.A, C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57" ],), Ersetzt,[9430f5acdf9c63d370b09841a95b867a]
PUP.Optional.WebsSearches.A, C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57",), Ersetzt,[d7ed7928a8d393a3210015c4f90b06fa]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.216 - Bericht erstellt am 20/07/2014 um 20:12:53
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Rico - RICO-PC
# Gestartet von : C:\Users\Rico\Downloads\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdatem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Rico\AppData\Local\Browsersafeguard
Ordner Gelöscht : C:\Users\Rico\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Rico\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Rico\AppData\Roaming\SupTab
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\hfpapi.dll
Datei Gelöscht : C:\Windows\SysWOW64\installd.exe
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Free_soft_today
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\Registry Helper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Wpm
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1405875039&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [5277 octets] - [20/07/2014 20:11:39]
AdwCleaner[S0].txt - [4204 octets] - [20/07/2014 20:12:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4264 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Rico on 20.07.2014 at 20:42:12,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2014 at 20:55:23,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Rico (administrator) on RICO-PC on 20-07-2014 20:56:30
Running from C:\Users\Rico\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-06-07] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x005ADF4C7C42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPEFC849AC-009D-49B5-B945-6CD5047C9535&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-20]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: webssearches
CHR Extension: (Google Docs) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Citavi Picker) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-20]
CHR Extension: (Google Mail) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-20 20:56 - 2014-07-20 20:56 - 00015220 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-20 20:56 - 2014-07-20 20:56 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-20 20:55 - 2014-07-20 20:55 - 00000624 _____ () C:\Users\Rico\Desktop\JRT.txt
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:15 - 2014-07-20 20:15 - 00004348 _____ () C:\Users\Rico\Desktop\AdwCleaner[S0].txt
2014-07-20 20:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-20 20:11 - 2014-07-20 20:12 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 20:07 - 2014-07-20 20:07 - 00022999 _____ () C:\Users\Rico\Desktop\mbam.txt
2014-07-20 19:17 - 2014-07-20 20:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 19:17 - 2014-07-20 19:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 19:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 19:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 19:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 19:15 - 2014-07-20 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:18 - 2014-07-20 17:50 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:26 - 2014-07-20 18:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 10:13 - 2014-07-20 18:56 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-18 10:13 - 2014-07-20 18:56 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:48 - 2014-07-18 09:50 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:59 - 2014-07-18 13:03 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 17:50 - 2014-07-17 17:51 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 17:00 - 2014-07-20 20:56 - 00000000 ____D () C:\FRST
2014-07-17 16:59 - 2014-07-20 20:56 - 02089984 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:44 - 2014-07-20 20:39 - 00001736 _____ () C:\Windows\setupact.log
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2014-07-20 20:13 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-17 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 16:30 - 2014-07-20 16:39 - 00000000 ____D () C:\Qoobox
2014-07-17 16:30 - 2014-07-17 16:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:25 - 2014-07-20 16:30 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-17 16:24 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:24 - 2014-07-17 16:25 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 15:39 - 2014-07-17 15:40 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 15:57 - 2014-07-14 18:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-11 16:37 - 2014-07-17 16:30 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-11 16:37 - 2014-07-17 16:30 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 17:55 - 2014-07-10 19:15 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 09:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:37 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:37 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:37 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:37 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:37 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:37 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-08 16:51 - 2014-07-10 20:48 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:48 - 2014-07-06 21:49 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 20:10 - 2014-07-10 20:46 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:02 - 2014-07-05 15:08 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:06 - 2014-06-26 12:07 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp
==================== One Month Modified Files and Folders =======
2014-07-20 20:57 - 2014-07-20 20:56 - 00015220 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-20 20:56 - 2014-07-20 20:56 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-20 20:56 - 2014-07-17 17:00 - 00000000 ____D () C:\FRST
2014-07-20 20:56 - 2014-07-17 16:59 - 02089984 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-20 20:55 - 2014-07-20 20:55 - 00000624 _____ () C:\Users\Rico\Desktop\JRT.txt
2014-07-20 20:46 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 20:46 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 20:44 - 2014-03-18 01:31 - 01367421 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 20:42 - 2014-03-25 17:27 - 00000000 ___RD () C:\Users\Rico\Dropbox
2014-07-20 20:42 - 2014-03-25 17:26 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DropboxMaster
2014-07-20 20:42 - 2014-03-25 17:25 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Dropbox
2014-07-20 20:39 - 2014-07-20 19:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 20:39 - 2014-07-17 16:44 - 00001736 _____ () C:\Windows\setupact.log
2014-07-20 20:39 - 2014-03-22 15:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:15 - 2014-07-20 20:15 - 00004348 _____ () C:\Users\Rico\Desktop\AdwCleaner[S0].txt
2014-07-20 20:13 - 2014-07-17 16:43 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-20 20:12 - 2014-07-20 20:11 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:12 - 2014-03-22 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-20 20:12 - 2014-03-18 01:40 - 00000993 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 20:08 - 2014-03-22 15:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 20:07 - 2014-07-20 20:07 - 00022999 _____ () C:\Users\Rico\Desktop\mbam.txt
2014-07-20 20:05 - 2014-03-22 15:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-07-20 20:01 - 2014-06-18 10:53 - 00000000 ____D () C:\temp
2014-07-20 19:17 - 2014-07-20 19:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 19:16 - 2014-07-20 19:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:56 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-20 18:56 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-20 18:53 - 2014-06-08 13:14 - 00000000 ____D () C:\Users\Rico\Documents\Projektarbeit MB
2014-07-20 18:50 - 2014-07-20 16:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:50 - 2014-07-20 17:18 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:25 - 2014-03-18 09:36 - 00109232 _____ () C:\Users\Rico\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 17:24 - 2009-07-14 06:45 - 00415656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 17:21 - 2014-06-14 17:16 - 00000000 ____D () C:\Users\Rico\AppData\Local\Adobe
2014-07-20 17:19 - 2014-03-22 18:10 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 17:17 - 2014-03-22 18:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-20 17:14 - 2014-03-18 13:11 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:39 - 2014-07-17 16:30 - 00000000 ____D () C:\Qoobox
2014-07-20 16:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 16:30 - 2014-07-17 16:25 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 13:03 - 2014-07-17 17:59 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 13:03 - 2011-04-12 09:43 - 00699160 _____ () C:\Windows\system32\perfh007.dat
2014-07-18 13:03 - 2011-04-12 09:43 - 00149268 _____ () C:\Windows\system32\perfc007.dat
2014-07-18 13:03 - 2009-07-14 07:13 - 01592824 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:50 - 2014-07-18 09:48 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:51 - 2014-07-17 17:50 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:58 - 2014-03-18 01:38 - 00000000 ____D () C:\Users\Rico
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-17 16:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2009-07-14 04:34 - 63963136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-17 16:30 - 2014-07-11 16:37 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-17 16:30 - 2014-07-11 16:37 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:26 - 2014-07-17 16:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:25 - 2014-07-17 16:24 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 16:22 - 2014-03-22 15:35 - 00000000 ____D () C:\Users\Rico\AppData\Local\Google
2014-07-17 15:45 - 2014-05-14 18:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 15:45 - 2014-03-18 01:28 - 00000000 ____D () C:\Windows\Panther
2014-07-17 15:40 - 2014-07-17 15:39 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 18:57 - 2014-07-14 15:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-10 20:48 - 2014-07-08 16:51 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-10 20:46 - 2014-07-06 20:10 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 19:15 - 2014-07-10 17:55 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:08 - 2014-03-22 15:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 15:08 - 2014-03-22 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 15:08 - 2014-03-22 15:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 11:14 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:45 - 2014-03-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 09:44 - 2014-03-18 10:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:42 - 2014-03-18 10:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 17:37 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 11:59 - 2014-03-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:49 - 2014-07-06 21:48 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:59 - 2014-03-18 09:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:08 - 2014-07-05 15:02 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 22:28 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Local\Genesis_06180851
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 09:00 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:07 - 2014-06-26 12:06 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 22:14 - 2014-07-09 09:37 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 09:37 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp
Some content of TEMP:
====================
C:\Users\Rico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeueotr.dll
C:\Users\Rico\AppData\Local\Temp\Quarantine.exe
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite10291.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite20428.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite26316.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite44829.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite87153.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite96679.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 03:16
==================== End Of Log ============================ --- --- ---
--- --- ---
die nervigen Werbeanzeigen sind schon mal weg. |