Thorsten1975 | 05.01.2015 17:46 | Hallo Schrauber,
nachfolgend die Log Dateien.
mbam: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 05.01.2015
Suchlauf-Zeit: 17:19:11
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.05.06
Rootkit Datenbank: v2014.12.30.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Hofmann
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346609
Verstrichene Zeit: 8 Min, 33 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe, 2424, Löschen bei Neustart, [3199b2415f2a86b012fa1352a65dfa06]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe, 2604, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6]
Module: 2
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\FiddlerCore.dll, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\Newtonsoft.Json.dll, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
Registrierungsschlüssel: 6
PUP.Optional.Snapdo.T, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [1ab06e855237ae88694e6ab354af03fd],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [1ab06e855237ae88694e6ab354af03fd],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WaInterEnhance, In Quarantäne, [2c9e8f6416733df91c5ff2f712f253ad],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Internet Enhancer Service, In Quarantäne, [3199b2415f2a86b012fa1352a65dfa06],
PUP.Optional.Wajam.A, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WaInterEnhance, In Quarantäne, [e1e9c330f495bd79d1ab44a5877d03fd],
PUP.Optional.Wajam.A, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIEnhance, In Quarantäne, [deec17dc2366cd6921efd98cd231d42c],
Registrierungswerte: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [f2d809eac3c6e65032992057a55ec43c]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [1eacdb18d3b68aac08c36611d52e1ce4]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [d8f230c3c7c277bf590c90f1c73c31cf]
Registrierungsdaten: 4
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=1f88638c-c48a-f04d-2add-e624c21ef8bd&searchtype=ds&q={searchTerms}&installDate=07/02/2014, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=1f88638c-c48a-f04d-2add-e624c21ef8bd&searchtype=ds&q={searchTerms}&installDate=07/02/2014),Ersetzt,[9139698a2f5a32045ae09ae365a049b7]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}),Ersetzt,[bf0b3ab9c8c1f343320dc2bbf510bb45]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}),Ersetzt,[e1e97f74bdcc7fb7ce72d1ac35d0ba46]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-920650905-1512621059-2649446888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q={searchTerms}),Ersetzt,[a2282bc84a3f0432f645e99494713fc1]
Ordner: 14
PUP.Optional.OpenCandy, C:\Users\Hofmann\AppData\Roaming\OpenCandy, In Quarantäne, [5773ad466e1b003659c4b57929da1ee2],
PUP.Optional.OpenCandy, C:\Users\Hofmann\AppData\Roaming\OpenCandy\A4371B9B539549B9AE1B256198AE147B, In Quarantäne, [5773ad466e1b003659c4b57929da1ee2],
PUP.Optional.OpenCandy, C:\Users\Hofmann\AppData\Roaming\OpenCandy\DAC15790CAA74EF59D23B653A0990593, In Quarantäne, [5773ad466e1b003659c4b57929da1ee2],
PUP.Optional.SearchProtect.A, C:\Users\Hofmann\AppData\Local\SearchProtect, In Quarantäne, [69619d565d2c7eb86f1c0c3715eee51b],
PUP.Optional.SearchProtect.A, C:\Users\Hofmann\AppData\Local\SearchProtect\Logs, In Quarantäne, [69619d565d2c7eb86f1c0c3715eee51b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [5575797a5e2b60d68a4bc899b350e818],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [5575797a5e2b60d68a4bc899b350e818],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Uninstall Wajam, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
Dateien: 79
PUP.Optional.OpenCandy.A, C:\Users\Hofmann\AppData\Roaming\OpenCandy\A4371B9B539549B9AE1B256198AE147B\dlm.exe, In Quarantäne, [1dad49aa276289ad369b29161ae78e72],
PUP.Optional.Linkury.A, C:\Users\Hofmann\AppData\Roaming\OpenCandy\A4371B9B539549B9AE1B256198AE147B\Installer.exe, In Quarantäne, [8545668d99f0033373d2a0963cc9d729],
PUP.Optional.Linkury.A, C:\Users\Hofmann\AppData\Roaming\OpenCandy\A4371B9B539549B9AE1B256198AE147B\SnapDo_RBCB_p4v7.exe, In Quarantäne, [63678d66058495a1d1741026df2610f0],
PUP.Optional.OpenCandy.A, C:\Users\Hofmann\AppData\Roaming\OpenCandy\DAC15790CAA74EF59D23B653A0990593\dlm.exe, In Quarantäne, [0ac0d122f693d85e4e83b58a58a97b85],
PUP.Optional.Breitschopp, C:\Users\Hofmann\Downloads\agsetup183se.exe, In Quarantäne, [bf0b42b182079e9851e4e26fff06bf41],
PUP.Optional.DownloadeGuide, C:\Users\Hofmann\Downloads\avery-zweckform-assistent.exe, In Quarantäne, [6f5bfcf74e3ba88e014d28d106fb2bd5],
PUP.Optional.WebSearch.A, C:\Users\Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\b64wqzt6.default\searchplugins\Web Search.xml, In Quarantäne, [c80249aacfbad75f5153841a6a99dd23],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe, Löschen bei Neustart, [3199b2415f2a86b012fa1352a65dfa06],
PUP.Optional.OpenCandy, C:\Users\Hofmann\AppData\Roaming\OpenCandy\DAC15790CAA74EF59D23B653A0990593\3130.ico, In Quarantäne, [5773ad466e1b003659c4b57929da1ee2],
PUP.Optional.OpenCandy, C:\Users\Hofmann\AppData\Roaming\OpenCandy\DAC15790CAA74EF59D23B653A0990593\Setup1004732_DE-1.exe, In Quarantäne, [5773ad466e1b003659c4b57929da1ee2],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [5575797a5e2b60d68a4bc899b350e818],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Settings.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\SignIn with Facebook.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\SignIn with Twitter.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Wajam Website.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\Ask.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\Google.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\IMDb.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\Shopping.com.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\TripAdvisor.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\Wikipedia.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Search\Yahoo!.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Amazon.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Argos.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Ebay.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Etsy.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\HomeDepot.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Ikea.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Lowe's.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Mercadolivre.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\MyShopping.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Sears.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Target.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Tesco.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Walmart.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Explore Social Shopping\Zalando.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhance\Uninstall Wajam\uninstall.lnk, In Quarantäne, [a12917dc4e3b65d195c2f17226dd58a8],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\uninstall.exe, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\amazon.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\argos.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\ask.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\bestbuy.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\ebay.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\etsy.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\facebook.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\favicon.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\google.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\homedepot.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\ikea.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\imdb.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\lowes.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\mercado.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\mysearchweb.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\myshopping.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\searchresult.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\sears.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\setting.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\settings.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\shopping.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\target.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\tesco.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\tripadvisor.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\twitter.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\wajam.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\walmart.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\wiki.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\yahoo.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\Logos\zalando.ico, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\5d3691962fd59d9bbe146317d1883bd4, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\db78a4297a5d21f81443b9fc187724d8, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\FiddlerCore.dll, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\makecert.exe, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\Newtonsoft.Json.dll, Löschen bei Neustart, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\wie, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\WJManifest, In Quarantäne, [d4f6ea098207211581d761028e754ab6],
PUP.Optional.SnapDo.A, C:\Users\Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\b64wqzt6.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg7SY8QIB6fFyv76fs6yy6NsFAwQuglbgIexL_iGXxCi7vOK1W&q=");), Ersetzt,[7357579c167388ae6630e6da8c79d62a]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) AdwCleaner: Code:
# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 17:34:35
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Hofmann - HOFMANN-PC
# Gestartet von : C:\Users\Hofmann\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Software
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Users\Hofmann\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Hofmann\AppData\Roaming\Tobit
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 2);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 15);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1394880106886");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "35214");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdoocyb");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "true");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "1f88638c-c48a-f04d-2add-e624c21ef8bd");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "07/02/2014");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1394695236");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1394872855508");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdoocyb");
[b64wqzt6.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtbwnztdp5nXPZvpzCX4E3Z7vvjzVSstlcClfOb7xzPZaLX2bxSp6jlFlpEjzSz_pmgmexasRmDgPGLzf2VKSeyYbxKgj5ByDOBwmg[...]
*************************
AdwCleaner[R0].txt - [5485 octets] - [05/01/2015 17:32:48]
AdwCleaner[S0].txt - [5426 octets] - [05/01/2015 17:34:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5486 octets] ########## JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hofmann on 05.01.2015 at 17:37:40,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ FireFox
Emptied folder: C:\Users\Hofmann\AppData\Roaming\mozilla\firefox\profiles\b64wqzt6.default\minidumps [53 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at 17:40:39,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Hofmann (administrator) on HOFMANN-PC on 05-01-2015 17:41:11
Running from C:\Users\Hofmann\Desktop
Loaded Profile: Hofmann (Available profiles: Hofmann)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
() C:\Users\Hofmann\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(telegate MEDIA AG) C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Herbst 2014\kstart32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RufiUpd.exe] => C:\Program Files (x86)\RufIdent Herbst 2014\RufiUpd.exe [250880 2014-07-29] ()
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1485096 2011-07-15] (Nero AG)
HKLM-x32\...\Run: [DMS-Kalenderchen] => C:\Users\Hofmann\Documents\Kalenderchen\Kalenderchen.exe [1445376 2005-07-20] (Daniel Manger Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-920650905-1512621059-2649446888-1000\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-920650905-1512621059-2649446888-1000\...\Run: [Amazon Music] => C:\Users\Hofmann\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2014 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch Herbst 2014 - Schnellstarter.lnk -> C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Herbst 2014\kstart32.exe (telegate MEDIA AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-920650905-1512621059-2649446888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49185;https=127.0.0.1:49185
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-920650905-1512621059-2649446888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-920650905-1512621059-2649446888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} -> C:\Program Files (x86)\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\Program Files (x86)\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel GmbH)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-920650905-1512621059-2649446888-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\b64wqzt6.default
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://news.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\b64wqzt6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-15]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-01-02]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13632 2013-08-25] ()
S2 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 17:40 - 2015-01-05 17:40 - 00000833 _____ () C:\Users\Hofmann\Desktop\JRT.txt
2015-01-05 17:37 - 2015-01-05 17:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 17:36 - 2015-01-05 17:36 - 00005586 _____ () C:\Users\Hofmann\Desktop\AdwCleaner[S0].txt
2015-01-05 17:32 - 2015-01-05 17:34 - 00000000 ____D () C:\AdwCleaner
2015-01-05 17:31 - 2015-01-05 17:31 - 00020607 _____ () C:\Users\Hofmann\Desktop\mbam.txt
2015-01-05 17:19 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 17:18 - 2015-01-05 17:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 17:18 - 2015-01-05 17:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 17:18 - 2015-01-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 17:18 - 2015-01-05 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 17:18 - 2015-01-05 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 17:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 17:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 17:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 17:16 - 2015-01-05 17:16 - 01707939 _____ (Thisisu) C:\Users\Hofmann\Downloads\JRT.exe
2015-01-05 17:16 - 2015-01-05 17:16 - 01707939 _____ (Thisisu) C:\Users\Hofmann\Desktop\JRT.exe
2015-01-05 17:15 - 2015-01-05 17:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hofmann\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-05 17:15 - 2015-01-05 17:15 - 02173952 _____ () C:\Users\Hofmann\Downloads\AdwCleaner_4.106.exe
2015-01-05 17:15 - 2015-01-05 17:15 - 02173952 _____ () C:\Users\Hofmann\Desktop\AdwCleaner_4.106.exe
2015-01-05 17:14 - 2015-01-05 17:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hofmann\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 19:39 - 2015-01-04 19:39 - 00016843 _____ () C:\Users\Hofmann\Desktop\ComboFix.txt
2015-01-04 19:30 - 2015-01-04 19:39 - 00000000 ____D () C:\Qoobox
2015-01-04 19:30 - 2015-01-04 19:37 - 00000000 ____D () C:\Windows\erdnt
2015-01-04 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-04 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-04 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-04 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-04 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-04 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-04 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-04 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-04 19:23 - 2015-01-04 19:23 - 05609858 ____R (Swearware) C:\Users\Hofmann\Desktop\ComboFix.exe
2015-01-04 19:23 - 2015-01-04 19:23 - 05609858 _____ (Swearware) C:\Users\Hofmann\Downloads\ComboFix.exe
2015-01-04 17:27 - 2015-01-04 17:27 - 00023772 _____ () C:\Users\Hofmann\Desktop\GMER_LOG.log
2015-01-04 17:11 - 2015-01-04 17:11 - 00380416 _____ () C:\Users\Hofmann\Downloads\Gmer-19357.exe
2015-01-04 17:11 - 2015-01-04 17:11 - 00380416 _____ () C:\Users\Hofmann\Desktop\Gmer-19357.exe
2015-01-04 17:06 - 2015-01-05 17:41 - 00011765 _____ () C:\Users\Hofmann\Desktop\FRST.txt
2015-01-04 17:06 - 2015-01-05 17:41 - 00000000 ____D () C:\FRST
2015-01-04 17:06 - 2015-01-04 17:08 - 00035070 _____ () C:\Users\Hofmann\Desktop\Addition.txt
2015-01-04 17:04 - 2015-01-04 17:04 - 02123776 _____ (Farbar) C:\Users\Hofmann\Downloads\FRST64.exe
2015-01-04 17:04 - 2015-01-04 17:04 - 02123776 _____ (Farbar) C:\Users\Hofmann\Desktop\FRST64.exe
2015-01-04 17:03 - 2015-01-04 17:03 - 00050477 _____ () C:\Users\Hofmann\Downloads\Defogger.exe
2015-01-04 17:03 - 2015-01-04 17:03 - 00050477 _____ () C:\Users\Hofmann\Desktop\Defogger.exe
2015-01-04 17:03 - 2015-01-04 17:03 - 00000476 _____ () C:\Users\Hofmann\Desktop\defogger_disable.log
2015-01-04 17:03 - 2015-01-04 17:03 - 00000000 _____ () C:\Users\Hofmann\defogger_reenable
2015-01-02 18:59 - 2015-01-02 18:59 - 00001642 _____ () C:\Users\Hofmann\Desktop\AZWizard - Verknüpfung.lnk
2015-01-02 18:52 - 2015-01-02 18:52 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\dlg
2015-01-02 18:48 - 2015-01-02 18:48 - 00000000 ____D () C:\Program Files (x86)\Avery
2015-01-02 18:45 - 2015-01-02 18:45 - 01174352 _____ () C:\Users\Hofmann\Downloads\Avery Zweckform Assistent - CHIP-Installer.exe
2015-01-02 18:27 - 2015-01-02 18:27 - 26868072 _____ (Avery Products Corp.) C:\Users\Hofmann\Downloads\Avery_Wizard_5_0_0_3026_5_de.exe
2015-01-02 17:19 - 2015-01-02 17:19 - 00003094 _____ () C:\Windows\System32\Tasks\{BD34E4B6-BC20-41EA-9D54-EED9E623F012}
2015-01-02 17:17 - 2015-01-02 17:17 - 00003042 _____ () C:\Windows\System32\Tasks\{FBB01BBD-884F-436D-ABAB-72BE3D5D83B6}
2015-01-02 17:05 - 2015-01-02 17:05 - 00003040 _____ () C:\Windows\System32\Tasks\{0E2065FE-7324-478F-BBA5-D5E80989416C}
2015-01-02 16:23 - 2015-01-02 17:10 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\Avery
2015-01-02 16:11 - 2015-01-02 16:11 - 00000000 __SHD () C:\Users\Hofmann\AppData\Local\EmieBrowserModeList
2015-01-02 16:10 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2015-01-02 16:10 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-12-31 12:33 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-31 12:33 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-31 12:33 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-31 12:33 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-30 17:08 - 2014-12-30 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-30 15:38 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-30 15:38 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-30 15:38 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-30 15:38 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-30 15:38 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-30 15:38 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-30 15:38 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-30 15:38 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-30 15:38 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-30 15:38 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-30 15:38 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-30 15:38 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-30 15:38 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-30 15:38 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-30 15:38 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-30 15:38 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-30 15:36 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-30 15:36 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-30 15:36 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-30 15:36 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-24 17:21 - 2014-12-24 17:21 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 17:23 - 2014-12-22 17:23 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
2014-12-22 17:23 - 2014-12-22 17:23 - 00001220 _____ () C:\Users\Public\Desktop\Amazon Music Importer.lnk
2014-12-22 17:23 - 2014-12-22 17:23 - 00000000 ____D () C:\Users\Hofmann\Documents\Amazon Music Importer
2014-12-22 17:23 - 2014-12-22 17:23 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\com.amazon.music.uploader
2014-12-22 17:23 - 2014-12-22 17:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-22 17:22 - 2014-12-22 17:22 - 09681000 _____ () C:\Users\Hofmann\Downloads\AmazonMusicImporterInstaller-3.1.0._V320648434_.exe
2014-12-21 17:13 - 2014-12-21 17:13 - 00001091 _____ () C:\Users\Public\Desktop\RufIdent 33.lnk
2014-12-21 17:13 - 2014-12-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RufIdent Herbst 2014
2014-12-21 17:13 - 2014-12-21 17:13 - 00000000 ____D () C:\Program Files (x86)\RufIdent Herbst 2014
2014-12-21 17:09 - 2014-12-21 17:09 - 00003300 _____ () C:\Windows\System32\Tasks\{961B81F5-3EDB-47F1-98BC-64D7C58C0F27}
2014-12-21 16:59 - 2014-12-21 16:59 - 00001349 _____ () C:\Users\Public\Desktop\Telefon- und Branchenbuch Herbst 2014 - Suchassistent.lnk
2014-12-21 16:59 - 2014-12-21 16:59 - 00001341 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telefon- und Branchenbuch Herbst 2014.lnk
2014-12-21 16:59 - 2014-12-21 16:59 - 00001329 _____ () C:\Users\Public\Desktop\Telefon- und Branchenbuch Herbst 2014.lnk
2014-12-18 09:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 14:28 - 2015-01-02 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 20:08 - 2014-12-10 20:08 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 19:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 19:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 19:49 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 19:49 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 19:49 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 19:49 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 19:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 19:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 19:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 19:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 17:04 - 2014-12-10 17:04 - 00000344 _____ () C:\Users\Hofmann\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-12-10 17:02 - 2014-12-10 17:02 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\dpdhl.versandhelfer
2014-12-10 17:02 - 2014-12-10 17:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-10 17:02 - 2014-12-10 17:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-10 10:11 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 10:11 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 10:11 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 10:11 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 10:11 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 10:11 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 10:11 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 10:11 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 10:11 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 10:11 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 10:11 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 10:11 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 10:11 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 10:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 10:11 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 10:11 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 10:11 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 10:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 10:11 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 10:11 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 10:11 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 10:11 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 10:11 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 10:11 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 10:11 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 10:11 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 10:11 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 10:11 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 10:11 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 10:11 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 10:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 10:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 10:11 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 10:11 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 10:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 10:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 10:11 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 10:11 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 10:11 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 10:11 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 10:11 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 10:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 10:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 10:11 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 10:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 10:11 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 10:11 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 10:11 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 10:11 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 10:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 10:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 10:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 10:11 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 10:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 10:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 10:11 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 10:11 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 10:11 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 10:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 10:11 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 10:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 10:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 10:11 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 10:11 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:11 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 10:10 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 10:10 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 10:10 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 10:10 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 10:10 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 10:10 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:10 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 10:10 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 10:10 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 10:10 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 10:10 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 10:10 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 10:10 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 10:10 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 17:35 - 2014-02-11 08:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 17:35 - 2014-02-07 20:17 - 00202406 _____ () C:\Windows\PFRO.log
2015-01-05 17:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 17:35 - 2009-07-14 05:51 - 00081045 _____ () C:\Windows\setupact.log
2015-01-05 17:34 - 2014-02-07 20:07 - 01480613 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 17:34 - 2009-07-14 05:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 17:34 - 2009-07-14 05:45 - 00024016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 17:33 - 2014-02-11 08:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 17:30 - 2014-02-09 13:44 - 00000000 ____D () C:\Users\Hofmann\Documents\Mein Steuer-Sparbuch Heute
2015-01-05 17:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-05 17:27 - 2014-08-18 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 19:37 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-04 18:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-04 17:03 - 2014-02-07 20:07 - 00000000 ____D () C:\Users\Hofmann
2015-01-03 09:53 - 2009-07-14 05:45 - 00360488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 16:16 - 2014-02-07 20:21 - 00096392 _____ () C:\Users\Hofmann\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 13:36 - 2014-10-02 16:38 - 00729088 ____N () C:\Users\Hofmann\Documents\wbpdaten.wbp
2015-01-01 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-31 15:43 - 2014-02-09 13:54 - 00000000 ____D () C:\Users\Hofmann\AppData\Local\Nero
2014-12-31 12:46 - 2014-02-09 14:23 - 00000000 ____D () C:\Users\Hofmann\Documents\Wondershare PDF to Word
2014-12-31 09:19 - 2014-02-07 20:42 - 00000000 ____D () C:\Users\Hofmann\AppData\Local\Thunderbird
2014-12-31 09:13 - 2014-02-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-30 15:58 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-30 15:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-25 10:12 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-22 17:28 - 2014-03-09 18:10 - 00000000 ____D () C:\Users\Hofmann\AppData\Local\Amazon Cloud Player
2014-12-22 12:46 - 2014-02-09 09:55 - 00000000 ____D () C:\Program Files (x86)\klickTel
2014-12-21 17:12 - 2014-02-09 09:13 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\klickTel
2014-12-21 17:10 - 2014-02-09 09:56 - 00000338 _____ () C:\Windows\ktel.ini
2014-12-21 17:10 - 2014-02-09 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\klickTel
2014-12-21 17:10 - 2014-02-08 14:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 09:08 - 2014-08-19 07:39 - 00000000 ____D () C:\Users\Hofmann\AppData\Local\Adobe
2014-12-18 09:07 - 2014-08-18 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-18 09:07 - 2014-02-10 12:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-18 09:07 - 2014-02-10 12:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 09:40 - 2009-07-14 18:58 - 00699190 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 09:40 - 2009-07-14 18:58 - 00149330 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 09:40 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 20:08 - 2014-05-06 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 20:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 19:54 - 2014-02-07 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 19:52 - 2014-02-07 20:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 19:50 - 2014-02-07 20:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:31 - 2014-02-08 15:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 17:02 - 2014-02-08 15:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-10 17:02 - 2014-02-08 15:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 17:01 - 2014-02-08 15:24 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\Adobe
2014-12-07 11:25 - 2014-02-09 14:18 - 00000000 ____D () C:\Users\Hofmann\AppData\Roaming\SKAT
Some content of TEMP:
====================
C:\Users\Hofmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Hofmann\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 11:25
==================== End Of Log ============================ --- --- ---
Gruß Thorsten |