micha-sdh | 21.08.2014 12:05 | Erledigt. Die oben beschriebene Fehlermeldung ist zumindest schon mal weg. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 21.08.2014
Suchlauf-Zeit: 12:08:03
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.08.21.02
Rootkit Datenbank: v2014.08.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: S
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 318630
Verstrichene Zeit: 14 Min, 2 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 6
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [13238b3e85f694a2c1cb7c2c14eed927],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [13238b3e85f694a2c1cb7c2c14eed927],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2356455393-4161031106-362288086-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [3cfacdfcf68516200c0e6e018e746b95],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [87af5a6f730849ed632133c3679bd42c],
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, In Quarantäne, [ee484287f18a7db9b22dea26c93a4cb4],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2356455393-4161031106-362288086-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [70c69e2b4f2c80b65d15738f09fafb05],
Registrierungswerte: 2
Trojan.Ransom.Gen, HKU\S-1-5-21-2356455393-4161031106-362288086-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|EtofIqoja, regsvr32.exe "C:\ProgramData\EtofIqoja\EtofIqoja.dat", Löschen bei Neustart, [ee48b0198cefcb6bfae9a2a6bc486b95]
Trojan.Ransom.Gen, HKU\S-1-5-21-2356455393-4161031106-362288086-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OmwoJraw, regsvr32.exe "C:\ProgramData\OmwoJraw\OmwoJraw.dat", Löschen bei Neustart, [d95d7257e69543f30cd749ff976d7789]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 27
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [7bbb3d8c304b37ffbb709af83ec68b75],
Trojan.PolyCrypt.Gen, C:\Users\S\AppData\Local\Temp\wowli.dll, In Quarantäne, [0d29537680fbc4729cae901b09f8857b],
Trojan.Ransom.Gen, C:\ProgramData\EtofIqoja\EtofIqoja.dat, In Quarantäne, [ee48b0198cefcb6bfae9a2a6bc486b95],
Trojan.Ransom.Gen, C:\ProgramData\OmwoJraw\OmwoJraw.dat, In Quarantäne, [d95d7257e69543f30cd749ff976d7789],
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[2c0ac603d1aab1855740ce3d24e1bc44]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[0b2bd3f6d8a3d066efa88e7d0df8847c]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[6dc9aa1fb0cb8aacb7e0e823679ee719]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[53e3715896e54ceae0b793780104e41c]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[fe38e9e01764ae88168143c864a1dd23]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[1d194485f6854aeccfc815f6d82d14ec]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[45f1b41585f62d093a5dd63506ff40c0]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "94e7e3730000000000004a0f6edf14d5");), Ersetzt,[bc7ab7122d4e33037d1aaf5c7293c53b]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15964");), Ersetzt,[171f3b8eb5c6f93d653251ba12f326da]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[b77fe0e9c6b553e34750d4374cb9e719]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[fc3a8b3e502b3ef8fe99d8336a9ba15f]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[d5619a2f1b6045f1cec942c9cc39857b]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[67cf5574c3b8ef47f5a294779b6a56aa]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[d363d6f3f78444f2c9cef4174cb960a0]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[e2543c8d631888aed9be37d422e3c53b]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[ed490bbe7efd1b1b33648f7ce4216a96]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[a591e6e385f6f343c5d29d6e43c27e82]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Ersetzt,[a98dfacf512ae551b9de19f2877e32ce]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.618:51:21");), Ersetzt,[a690f0d9017a85b1f4a30902b64fbb45]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Ersetzt,[53e3e9e0631877bfd6c126e5be4722de]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[1422f2d78af1f4421a7d26e5f60ffe02]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119403&tsp=5007");), Ersetzt,[76c09633cbb0ab8b0b8c41cad332738d]
PUP.Optional.Delta.A, C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[4de9c306df9c0c2adfb8f01bbd482bd5]
Physische Sektoren: 0
(No malicious items detected)
(end)
AdwCleaner Logfile: Code:
# AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 12:45:27
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : S - SCHWEDE
# Gestartet von : C:\Users\S\Desktop\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Babylon
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\l062mb0m.default\ICQToolbarData
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\l062mb0m.default\invalidprefs.js
Datei Gelöscht : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\l062mb0m.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tunatic_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tunatic_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\USerS\S\AppData\Roaming\Mozilla\Firefox\ProfileS\l062mb0m.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "filezilla%20backup||filezilla");
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1308169233");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.13");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "129426239112942624961294273593893");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1308169236);
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("vshare.install.date", "1299283200000");
Zeile gelöscht : user_pref("vshare.install.dumpFileCount", 0);
Zeile gelöscht : user_pref("vshare.install.dumpFileDisabled", false);
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.guid", "{11c286fe-b8e0-49c5-874a-5fe1b902d8dc}");
Zeile gelöscht : user_pref("vshare.install.isDisabled", true);
Zeile gelöscht : user_pref("vshare.install.isHidden", true);
Zeile gelöscht : user_pref("vshare.install.istoolbarhp", true);
Zeile gelöscht : user_pref("vshare.install.istoolbarsearch", true);
Zeile gelöscht : user_pref("vshare.install.laststatreq", "1304467200000");
Zeile gelöscht : user_pref("vshare.install.newtab", true);
Zeile gelöscht : user_pref("vshare.install.overlayVersion", 1);
Zeile gelöscht : user_pref("vshare.install.userHPSettings", "hxxp://www.spox.com/de/index.html");
Zeile gelöscht : user_pref("vshare.install.userSPSettings", "Google");
*************************
AdwCleaner[R0].txt - [6249 octets] - [21/08/2014 12:30:04]
AdwCleaner[S0].txt - [5772 octets] - [21/08/2014 12:45:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5832 octets] ########## --- --- ---
[/CODE] Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by S on 21.08.2014 at 12:49:03,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2356455393-4161031106-362288086-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{05FED0BD-E035-4D98-85C6-C8D3CC52A465}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{0CC0232D-65FB-4B54-9147-692A84C6EC7E}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{2519BCA4-876D-4F89-A709-B54C0F8C25BA}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{2CD144EF-E0F9-4DA2-9693-0EF3C7B8EAE7}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{4F46CD40-161B-4AD4-8F8B-E624F269C42B}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{9A932317-7CEC-4F50-90EC-9FBD117C9774}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{FBD8E825-462F-4DFB-AF0D-3438EA3654B6}
~~~ FireFox
Successfully deleted: [File] C:\Users\S\AppData\Roaming\mozilla\firefox\profiles\l062mb0m.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
Emptied folder: C:\Users\S\AppData\Roaming\mozilla\firefox\profiles\l062mb0m.default\minidumps [642 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2014 at 12:55:22,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by S (administrator) on SCHWEDE on 21-08-2014 12:56:11
Running from C:\Users\S\Desktop\Trojaner_Board
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2356455393-4161031106-362288086-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {89616134-0458-4972-B851-E92B7D44C4C7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {ADD2E8FB-7284-4AAB-B53D-B9A38F70BB3F} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {CA0BD1B5-A06D-4B17-B78F-31373DF84432} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E7CF941-0F13-484B-9667-43FF6CB73CD5}: [NameServer]141.35.1.16,141.35.1.80
FireFox:
========
FF ProfilePath: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default
FF Homepage: hxxp://www.zeit.de/index
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-11]
FF Extension: Firebug - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\Extensions\firebug@software.joehewitt.com.xpi [2011-12-02]
FF Extension: Web Developer - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-07-06]
FF Extension: Adblock Plus - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-13]
FF Extension: zoompicture - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\Extensions\{e9ad55ab-4d1c-42d2-a40c-a5563a9ad5e6}.xpi [2012-03-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-11-16]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [File not signed]
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
S3 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
S4 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-06] (DT Soft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed]
S3 PolarUSB; C:\Windows\SysWOW64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) [File not signed]
S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
R2 WinRing0_1_2_0; C:\Users\S\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [14544 2011-01-04] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 12:55 - 2014-08-21 12:55 - 00001808 _____ () C:\Users\S\Desktop\JRT.txt
2014-08-21 12:49 - 2014-08-21 12:49 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 12:30 - 2014-08-21 12:45 - 00000000 ____D () C:\AdwCleaner
2014-08-21 12:29 - 2014-08-21 12:29 - 00008092 _____ () C:\Users\S\Desktop\mbam.txt
2014-08-21 12:07 - 2014-08-21 12:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 12:06 - 2014-08-21 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 12:06 - 2014-08-21 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 12:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 12:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 12:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 12:02 - 2014-08-21 12:02 - 01364531 _____ () C:\Users\S\Desktop\adwcleaner_3.308.exe
2014-08-21 12:02 - 2014-08-21 12:02 - 01016261 _____ (Thisisu) C:\Users\S\Desktop\JRT.exe
2014-08-21 11:57 - 2014-08-21 11:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\S\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 09:20 - 2014-08-21 12:46 - 00001866 _____ () C:\Windows\PFRO.log
2014-08-21 09:20 - 2014-08-21 12:46 - 00000168 _____ () C:\Windows\setupact.log
2014-08-21 09:20 - 2014-08-21 09:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 23:51 - 2014-08-21 12:25 - 00000000 ____D () C:\ProgramData\OmwoJraw
2014-08-20 20:33 - 2014-08-20 20:33 - 00000000 ____D () C:\Users\S\AppData\Local\Adobe
2014-08-20 18:48 - 2014-08-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-20 18:41 - 2014-08-20 18:41 - 00342095 _____ () C:\Users\S\Desktop\bookmarks-2014-08-20.json
2014-08-20 16:37 - 2014-08-20 16:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-20 16:30 - 2014-08-20 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 13:57 - 2014-08-20 13:57 - 00024253 _____ () C:\ComboFix.txt
2014-08-20 13:35 - 2014-08-20 13:36 - 05572251 ____R (Swearware) C:\Users\S\Desktop\ComboFix.exe
2014-08-20 13:33 - 2014-08-20 13:33 - 03481100 _____ () C:\Users\S\Desktop\umweltpolitische_Entscheidungssystem2.PSD
2014-08-20 13:16 - 2014-08-20 13:16 - 03458782 _____ () C:\Users\S\Desktop\umweltpolitische_Entscheidungssystem.psd
2014-08-20 11:11 - 2014-08-21 12:56 - 00000000 ____D () C:\Users\S\Desktop\Trojaner_Board
2014-08-20 10:42 - 2014-08-20 10:42 - 06052529 _____ (Tim Kosse) C:\Users\S\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-20 10:15 - 2014-08-21 12:56 - 00000000 ____D () C:\FRST
2014-08-20 10:13 - 2014-08-20 10:13 - 00000000 _____ () C:\Users\S\defogger_reenable
2014-08-18 23:28 - 2014-08-21 12:24 - 00000000 ____D () C:\ProgramData\EtofIqoja
2014-08-18 22:41 - 2014-08-18 22:41 - 00021113 _____ () C:\Users\S\Desktop\OutlookContacts.csv
2014-08-18 12:38 - 2014-08-18 12:39 - 00000000 ____D () C:\ProgramData\OgekIlkok
2014-08-15 11:42 - 2014-08-18 12:33 - 00020564 _____ () C:\Users\S\Desktop\Beteiligung_14-15.xlsx
2014-08-13 09:21 - 2014-08-07 03:52 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 09:21 - 2014-08-07 03:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-11 22:55 - 2014-08-15 13:16 - 00000000 ____D () C:\Users\S\Desktop\Fußball
2014-08-08 14:02 - 2014-08-08 14:02 - 00012982 _____ () C:\Users\S\Desktop\Notenübersicht.xlsx
2014-08-08 12:41 - 2014-08-08 12:41 - 00028824 _____ () C:\Users\S\Desktop\Geld.one
2014-08-08 12:38 - 2014-08-08 12:38 - 00058024 _____ () C:\Users\S\Desktop\Persönliche Informationen.one
2014-08-08 12:35 - 2014-08-08 12:35 - 00000000 ____D () C:\Users\S\Documents\OneNote-Notizbücher
2014-08-08 12:28 - 2014-08-18 22:22 - 00000000 ___RD () C:\Users\S\OneDrive
2014-08-08 12:28 - 2014-08-08 12:28 - 00002181 _____ () C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00002120 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00002120 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-08 12:28 - 2014-08-08 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-08-05 12:28 - 2014-08-20 16:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-30 15:23 - 2014-08-11 22:56 - 00000000 ____D () C:\Users\S\Desktop\DSG_Präsi
2014-07-30 15:01 - 2014-08-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:08 - 2014-07-24 17:08 - 00056569 _____ () C:\Users\S\Documents\PARMUVA.spv
2014-07-24 13:49 - 2014-07-24 18:51 - 00096565 _____ () C:\Users\S\Desktop\Auswertung_Parmuva_01.06.sav
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 12:56 - 2014-08-20 11:11 - 00000000 ____D () C:\Users\S\Desktop\Trojaner_Board
2014-08-21 12:56 - 2014-08-20 10:15 - 00000000 ____D () C:\FRST
2014-08-21 12:55 - 2014-08-21 12:55 - 00001808 _____ () C:\Users\S\Desktop\JRT.txt
2014-08-21 12:54 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 12:54 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 12:49 - 2014-08-21 12:49 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-21 12:46 - 2014-08-21 09:20 - 00001866 _____ () C:\Windows\PFRO.log
2014-08-21 12:46 - 2014-08-21 09:20 - 00000168 _____ () C:\Windows\setupact.log
2014-08-21 12:46 - 2011-04-21 21:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-21 12:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 12:45 - 2014-08-21 12:30 - 00000000 ____D () C:\AdwCleaner
2014-08-21 12:45 - 2011-08-04 10:05 - 01214838 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 12:29 - 2014-08-21 12:29 - 00008092 _____ () C:\Users\S\Desktop\mbam.txt
2014-08-21 12:28 - 2014-08-21 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 12:25 - 2014-08-20 23:51 - 00000000 ____D () C:\ProgramData\OmwoJraw
2014-08-21 12:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-08-21 12:24 - 2014-08-18 23:28 - 00000000 ____D () C:\ProgramData\EtofIqoja
2014-08-21 12:06 - 2014-08-21 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 12:06 - 2014-08-21 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 12:06 - 2012-03-26 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 12:02 - 2014-08-21 12:02 - 01364531 _____ () C:\Users\S\Desktop\adwcleaner_3.308.exe
2014-08-21 12:02 - 2014-08-21 12:02 - 01016261 _____ (Thisisu) C:\Users\S\Desktop\JRT.exe
2014-08-21 11:57 - 2014-08-21 11:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\S\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 09:20 - 2014-08-21 09:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 23:16 - 2011-01-04 01:40 - 00000000 ____D () C:\Users\S\AppData\Roaming\Skype
2014-08-20 20:33 - 2014-08-20 20:33 - 00000000 ____D () C:\Users\S\AppData\Local\Adobe
2014-08-20 18:48 - 2014-08-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-20 18:48 - 2014-07-30 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-20 18:43 - 2011-05-03 22:49 - 17862656 ___SH () C:\Users\S\Desktop\Thumbs.db
2014-08-20 18:41 - 2014-08-20 18:41 - 00342095 _____ () C:\Users\S\Desktop\bookmarks-2014-08-20.json
2014-08-20 18:33 - 2011-01-31 23:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-20 18:31 - 2011-01-06 02:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-20 17:45 - 2012-04-09 01:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 17:45 - 2011-05-19 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 16:37 - 2014-08-20 16:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-20 16:37 - 2010-07-28 13:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-20 16:30 - 2014-08-20 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 16:30 - 2014-08-05 12:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 16:30 - 2013-08-05 19:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-20 13:57 - 2014-08-20 13:57 - 00024253 _____ () C:\ComboFix.txt
2014-08-20 13:57 - 2012-04-02 21:18 - 00000000 ____D () C:\Qoobox
2014-08-20 13:57 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-20 13:50 - 2009-07-14 04:34 - 00000241 _____ () C:\Windows\system.ini
2014-08-20 13:48 - 2012-04-02 21:18 - 00000000 ____D () C:\Windows\ERDNT
2014-08-20 13:36 - 2014-08-20 13:35 - 05572251 ____R (Swearware) C:\Users\S\Desktop\ComboFix.exe
2014-08-20 13:33 - 2014-08-20 13:33 - 03481100 _____ () C:\Users\S\Desktop\umweltpolitische_Entscheidungssystem2.PSD
2014-08-20 13:16 - 2014-08-20 13:16 - 03458782 _____ () C:\Users\S\Desktop\umweltpolitische_Entscheidungssystem.psd
2014-08-20 10:55 - 2011-01-06 02:43 - 00000000 ____D () C:\Users\S\AppData\Roaming\FileZilla
2014-08-20 10:42 - 2014-08-20 10:42 - 06052529 _____ (Tim Kosse) C:\Users\S\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-20 10:13 - 2014-08-20 10:13 - 00000000 _____ () C:\Users\S\defogger_reenable
2014-08-20 10:13 - 2011-01-03 16:50 - 00000000 ____D () C:\Users\S
2014-08-19 22:02 - 2010-07-28 13:50 - 00000000 ____D () C:\ProgramData\Skype
2014-08-19 08:41 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-18 22:41 - 2014-08-18 22:41 - 00021113 _____ () C:\Users\S\Desktop\OutlookContacts.csv
2014-08-18 22:22 - 2014-08-08 12:28 - 00000000 ___RD () C:\Users\S\OneDrive
2014-08-18 12:39 - 2014-08-18 12:38 - 00000000 ____D () C:\ProgramData\OgekIlkok
2014-08-18 12:33 - 2014-08-15 11:42 - 00020564 _____ () C:\Users\S\Desktop\Beteiligung_14-15.xlsx
2014-08-15 13:16 - 2014-08-11 22:55 - 00000000 ____D () C:\Users\S\Desktop\Fußball
2014-08-13 10:50 - 2011-01-04 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 10:49 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 10:47 - 2014-07-12 15:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 10:47 - 2011-01-03 18:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 23:05 - 2014-01-08 19:26 - 00000000 ____D () C:\Users\S\Documents\ManiaPlanet
2014-08-12 22:16 - 2014-01-08 19:26 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-08-11 22:56 - 2014-07-30 15:23 - 00000000 ____D () C:\Users\S\Desktop\DSG_Präsi
2014-08-09 12:00 - 2011-01-03 16:50 - 00000000 ____D () C:\Windows\pss
2014-08-08 14:02 - 2014-08-08 14:02 - 00012982 _____ () C:\Users\S\Desktop\Notenübersicht.xlsx
2014-08-08 12:41 - 2014-08-08 12:41 - 00028824 _____ () C:\Users\S\Desktop\Geld.one
2014-08-08 12:38 - 2014-08-08 12:38 - 00058024 _____ () C:\Users\S\Desktop\Persönliche Informationen.one
2014-08-08 12:35 - 2014-08-08 12:35 - 00000000 ____D () C:\Users\S\Documents\OneNote-Notizbücher
2014-08-08 12:28 - 2014-08-08 12:28 - 00002181 _____ () C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00002120 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00002120 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-08 12:28 - 2014-08-08 12:28 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-08 12:28 - 2014-08-08 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-08-07 03:52 - 2014-08-13 09:21 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:46 - 2014-08-13 09:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 12:29 - 2013-08-05 19:43 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:20 - 2011-01-03 18:14 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-30 19:47 - 2011-01-06 22:02 - 00038400 _____ () C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 19:36 - 2011-01-06 21:49 - 00000000 ____D () C:\Users\S\AppData\Local\WMTools Downloaded Files
2014-07-30 14:32 - 2013-08-07 15:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-30 14:32 - 2011-01-12 23:15 - 00000000 ____D () C:\Users\S\AppData\Roaming\DVDVideoSoft
2014-07-30 14:32 - 2011-01-12 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-25 11:36 - 2012-11-16 14:22 - 00000000 ____D () C:\Users\S\Documents\Citavi 3
2014-07-25 11:35 - 2012-11-16 14:22 - 00000000 ____D () C:\Users\S\AppData\Roaming\Swiss Academic Software
2014-07-24 18:51 - 2014-07-24 13:49 - 00096565 _____ () C:\Users\S\Desktop\Auswertung_Parmuva_01.06.sav
2014-07-24 17:42 - 2012-05-11 13:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:41 - 2012-05-11 13:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:10 - 2012-05-11 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 17:08 - 2014-07-24 17:08 - 00056569 _____ () C:\Users\S\Documents\PARMUVA.spv
Some content of TEMP:
====================
C:\Users\S\AppData\Local\Temp\avgnt.exe
C:\Users\S\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-18 14:06
==================== End Of Log ============================ --- --- ---
[/CODE] |