joerg_250SE | 03.04.2014 12:37 | Moin.
Inhalt der mbam.txt: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 03.04.2014
Suchlauf-Zeit: 09:57:54
Logdatei: MBAM_Suchlaufprotokoll.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.04.03.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Reni
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 255679
Verstrichene Zeit: 13 Min, 30 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\UPDATERESULTSALPHA.EXE, 3600, , [b14f39c750b0bd43d8b8212ae51c06fa]
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\UTILRESULTSALPHA.EXE, 2328, , [52ae916f21df3ac6ddb32e1d6d94b848]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 21
PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ResultsAlpha, , [b14f39c750b0bd43d8b8212ae51c06fa],
PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ResultsAlpha, , [52ae916f21df3ac6ddb32e1d6d94b848],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [9d63e51b9769b14fbe9c0e325aa852ae],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [6a96877910f02dd3f5852c14d72b28d8],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ResultsAlpha, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\PlusHDS9.1c, , [cc347d8354ace71960cbb7a6679b50b0],
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\ResultsAlpha, , [bf419f611be5936d035ebed3fc0721df],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.BHO, , [68982cd406fa11ef81988003b1528a76],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.Sandbox, , [ee12ea1698682cd49089770cad5609f7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.Sandbox.1, , [f50b08f857a90df3f326622152b11fe1],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, , [fb05f60a758bce32ae48312ddf23bb45],
PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlpha, , [49b7da26fa060cf4d290454c2bd8ad53],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [768a01ff956b9e62915c165520e26898],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [21df8a760bf537c946e9eb974ab96c94],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, , [3fc14eb2748cde22ec0b99c5758d5da3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HDSP2, , [45bbdd23ea16a15f727a16468c767090],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PlusHDS9.1c, , [956b60a014ecb94791737fdc38ca9a66],
Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401128050-820920979-265035122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, , [21df8a760bf537c946e9eb974ab96c94]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 7
PUP.Optional.ResultsAlpha.A, C:\Program Files\RESULTSALPHA, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\RESULTSALPHA\bin, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\RESULTSALPHA\bin\plugins, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\RESULTSALPHA\bin\TEMP, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.CrossRider.A, C:\Users\Reni\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\aaipilfmheplbcghignccoiiebekkdhe, , [2cd4c43cb749d42c18afc495857d08f8],
PUP.Optional.CrossRider.A, C:\Users\Reni\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\aaipilfmheplbcghignccoiiebekkdhe\1.26.34_0, , [2cd4c43cb749d42c18afc495857d08f8],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c, , [956b60a014ecb94791737fdc38ca9a66],
Dateien: 46
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\UPDATERESULTSALPHA.EXE, , [b14f39c750b0bd43d8b8212ae51c06fa],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\UTILRESULTSALPHA.EXE, , [52ae916f21df3ac6ddb32e1d6d94b848],
PUP.Optional.LiveSoftAction.A, C:\Users\Reni\Downloads\DELONGHI ESAM 3600 user guide provided through pdfretriever.com.exe, , [68985da37e82bf419d1e68abe41dad53],
PUP.Optional.Conduit.A, C:\Users\Reni\AppData\Local\DownloadGuide\SPIdentifier.exe, , [718f669aed139f619b166b997d84ff01],
PUP.Optional.Conduit.A, C:\Users\Reni\AppData\Local\DownloadGuide\Offers\sp-downloader.exe, , [59a709f7cc3445bb9b422ce8db267888],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\AED747CB-3711-4C32-A141-56F6AE28D4DE-1.JOB, , [827e649cf20e33cde5851c4153af827e],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\AED747CB-3711-4C32-A141-56F6AE28D4DE-2.JOB, , [d03040c0f60a817f01698ad3a85a1fe1],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\AED747CB-3711-4C32-A141-56F6AE28D4DE-3.JOB, , [fa064eb2619fbc44e08a8cd138ca2fd1],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\AED747CB-3711-4C32-A141-56F6AE28D4DE-4.JOB, , [db25e9178080679980ea75e8857dc33d],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\AED747CB-3711-4C32-A141-56F6AE28D4DE-5.JOB, , [1de38f7139c7a65a670326379c66956b],
PUP.Optional.ResultsAlpha.A, C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\extensions\{F727685B-ED90-4ADC-8EEC-8234574A91E6}.XPI, , [b64a30d0be42946c252e2c351ae854ac],
PUP.Optional.ResultsAlpha.A, C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\{F727685B-ED90-4ADC-8EEC-8234574A91E6}.XPI, , [f10f5ea2a55bc0401d36332e02004bb5],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\RESULTSALPHA.ICO, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\0, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\7za.exe, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\ResultsAlphaBHO.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\ResultsAlphaUninstall.exe, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\updateResultsAlpha.InstallState, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\7za.exe, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\BrowserAdapterS.7z, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\FilterApp_C.exe, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\sqlite3.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.InstallState, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\XTLS.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\XTLSApp.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\XTLSApp.exe, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.Bromon.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.BrowserAdapterS.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.CompatibilityChecker.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.FFUpdate.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.IEUpdate.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.ResultsAlpha.A, C:\Program Files\ResultsAlpha\bin\plugins\ResultsAlpha.PurBrowseG.dll, , [5aa624dc7f81d22e223e3c559a69a65a],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\52916.crx, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\52916.xpi, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\aed747cb-3711-4c32-a141-56f6ae28d4de-2.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\aed747cb-3711-4c32-a141-56f6ae28d4de-3.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\aed747cb-3711-4c32-a141-56f6ae28d4de-4.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\aed747cb-3711-4c32-a141-56f6ae28d4de-5.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\background.html, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\PlusHDS9.1c-bg.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\PlusHDS9.1c-codedownloader.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\PlusHDS9.1c.ico, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\Uninstall.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.PlusHD.A, C:\Program Files\PlusHDS9.1c\utils.exe, , [956b60a014ecb94791737fdc38ca9a66],
PUP.Optional.CrossRider.A, C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.aa54e453c130a47699333c5ec2aa914c59bd7cc899c7c44e9a03b042b92d363f0com52916.52916.pluginsurl", "hxxp://js.clientdataservice.com/plugin/apps/52916/plugins/094/ff/plugins.json");), ,[857bac54c739fe02e46959e3b05437c9]
PUP.Optional.CrossRider.A, C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1451262d221a92afc4262ec281f195e9");), ,[1ce44eb2a25e8080d67a043809fbd828]
Physische Sektoren: 0
(No malicious items detected)
(end) Logdatei AdwCleaner: Ich hatte die Befürchtung, zu früh auf "Löschen" gedrückt zu haben (also bevor der Suchlauf tatsächlich zu Ende war), deshalb habe ich nochmals einen zweiten Suchlauf gemacht.
Nach dem Durchlauf von AdwCleaner und dem Reboot war Avira wieder standardmäßig aktiviert und meldete sofort: "Der Zugriff auf die Datei C:\ProgramFiles\...\utilResultsAlpha.exe mit dem Virus TR/TrashGen wurde blockiert".
Durchgeführte Aktion: entfernen.
Ich poste die Logfiles beider AdwCleaner-Durchläufe. Zunächst AdwCleaner[S0].txt: Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 10:52:20
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Reni - RENI-PC
# Gestartet von : C:\Users\Reni\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Update ResultsAlpha
[#] Dienst Gelöscht : Util ResultsAlpha
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\Freeware.de
Ordner Gelöscht : C:\Users\Reni\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Reni\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Reni\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Reni\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Reni\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\Reni\AppData\Roaming\Babylon
Datei Gelöscht : C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\user.js
Datei Gelöscht : C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83329718-AF00-4CAE-95C8-E1A82CE60974}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44EDCF29-4E3B-43D3-BB24-0CE41C86E654}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1451262d221a92afc4262ec281f195e9");
*************************
AdwCleaner[R0].txt - [7122 octets] - [03/04/2014 10:09:29]
AdwCleaner[S0].txt - [6868 octets] - [03/04/2014 10:52:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6928 octets] ########## Nun die AdwCleaner[S1].txt des 2. Durchlaufs: Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 12:16:42
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Reni - RENI-PC
# Gestartet von : C:\Users\Reni\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [7122 octets] - [03/04/2014 10:09:29]
AdwCleaner[R1].txt - [919 octets] - [03/04/2014 11:16:56]
AdwCleaner[S0].txt - [7008 octets] - [03/04/2014 10:52:20]
AdwCleaner[S1].txt - [841 octets] - [03/04/2014 12:16:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [900 octets] ########## JRT meldet nach dem Starten "a bad module has been detected, reboot? -> ja". Anschließend musste ich Avira wieder händisch deaktivieren, dann lief JRT weiter.
Hier die JRT.txt: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by Reni on 03.04.2014 at 12:47:24,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\software"
Successfully deleted: [Folder] "C:\Program Files\resultsalpha"
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Reni\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 12:54:54,28
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier noch die frische FRST_03-04-2014_13-14-19.txt (eine "Additional" wurde diesmal nicht erzeugt):
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Reni (administrator) on RENI-PC on 03-04-2014 13:13:44
Running from C:\Users\Reni\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Users\Reni\AppData\Roaming\BupSystem\bup.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Dropbox, Inc.) C:\Users\Reni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
() C:\Program Files\HSPA USB MODEM\ModemApplication.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [OpwareSE2] - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5141512 2010-03-27] ()
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [362952 2010-03-27] ()
HKLM\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-401128050-820920979-265035122-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Reni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Reni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Reni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\Reni\AppData\Roaming\Mozilla\Firefox\Profiles\gttlaqlt.default\Extensions\security@protegere.org [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{72273571-743d-427e-a1c1-0538fbc2ddd3}] - C:\Program Files\LyricsSeeker\133.xpi
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [752184 2010-03-27] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2014-03-10] (Acronis)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 bupService; C:\Users\Reni\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-30] ()
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
==================== Drivers (Whitelisted) ====================
R3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-03] (Avira GmbH)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2014-03-10] (Acronis)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [117760 2011-02-25] (VIA Technologies, Inc.)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-30] (StdLib)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [164864 2011-02-25] (VIA Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Reni\AppData\Local\Temp\catchme.sys [X]
U3 DfSdkS;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 12:54 - 2014-04-03 12:54 - 00001271 _____ () C:\Users\Reni\Desktop\JRT.txt
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 12:18 - 2014-04-03 12:18 - 00000979 _____ () C:\Users\Reni\Desktop\AdwCleaner[S1].txt
2014-04-03 12:15 - 2014-04-03 12:16 - 01038974 _____ (Thisisu) C:\Users\Reni\Desktop\JRT.exe
2014-04-03 12:11 - 2014-04-03 12:11 - 00000919 _____ () C:\Users\Reni\Desktop\AdwCleaner[R1].txt
2014-04-03 11:15 - 2014-04-03 11:15 - 00007008 _____ () C:\Users\Reni\Desktop\AdwCleaner[S0].txt
2014-04-03 10:09 - 2014-04-03 12:16 - 00000000 ____D () C:\AdwCleaner
2014-04-03 10:07 - 2014-04-03 10:07 - 01426178 _____ () C:\Users\Reni\Desktop\adwcleaner.exe
2014-04-03 10:04 - 2014-04-03 10:04 - 00011517 _____ () C:\Users\Reni\Desktop\MBAM_Suchlaufprotokoll.txt
2014-04-03 09:41 - 2014-04-03 12:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 09:40 - 2014-04-03 09:40 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 09:40 - 2014-04-03 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 09:40 - 2014-04-03 09:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-03 09:40 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:40 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:40 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 09:35 - 2014-04-03 09:38 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Reni\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-02 10:55 - 2014-04-02 10:55 - 00046320 _____ () C:\ComboFix.txt
2014-04-02 10:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-02 10:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-02 10:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-02 10:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-02 10:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-02 10:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-02 10:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-02 10:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-02 10:20 - 2014-04-02 10:55 - 00000000 ____D () C:\Qoobox
2014-04-02 10:20 - 2014-04-02 10:53 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 09:54 - 2014-04-02 09:56 - 05192353 ____R (Swearware) C:\Users\Reni\Desktop\ComboFix.exe
2014-04-01 10:43 - 2014-04-01 10:45 - 00031610 _____ () C:\Users\Reni\Desktop\Addition.txt
2014-04-01 10:42 - 2014-04-03 13:13 - 00011990 _____ () C:\Users\Reni\Desktop\FRST.txt
2014-04-01 10:42 - 2014-04-03 13:13 - 00000000 ____D () C:\FRST
2014-04-01 10:40 - 2014-04-03 13:13 - 01145856 _____ (Farbar) C:\Users\Reni\Desktop\FRST.exe
2014-03-31 14:24 - 2014-04-02 10:58 - 00000000 ____D () C:\Users\Reni\Documents\Malware
2014-03-31 13:45 - 2014-03-31 13:45 - 00001063 _____ () C:\Users\Public\Desktop\HSPA USB MODEM.lnk
2014-03-31 13:45 - 2014-03-31 13:45 - 00000000 ____D () C:\Program Files\HSPA USB MODEM
2014-03-31 13:45 - 2011-06-20 09:00 - 00118272 _____ (TCT International Mobile Ltd) C:\Windows\system32\Drivers\AlcatelOTUsbnet.sys
2014-03-31 13:45 - 2011-06-20 09:00 - 00106112 _____ (TCT International Mobile Ltd) C:\Windows\system32\Drivers\jrdusbser.sys
2014-03-31 08:43 - 2014-04-03 12:44 - 00000370 _____ () C:\Windows\setupact.log
2014-03-31 08:43 - 2014-04-03 10:53 - 00002044 _____ () C:\Windows\PFRO.log
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 17:09 - 2014-03-30 17:33 - 00006482 _____ () C:\Users\Reni\Documents\Ereignisse.txt
2014-03-30 14:34 - 2014-03-30 14:34 - 00000000 ____D () C:\backup
2014-03-30 14:26 - 2014-03-30 16:42 - 00000000 ____D () C:\_Fotos Archiv
2014-03-30 14:26 - 2014-03-30 16:40 - 00000000 ____D () C:\_Fotos aktuell
2014-03-30 13:22 - 2014-03-30 16:13 - 00000000 ____D () C:\Program Files\TrayBackup
2014-03-30 13:22 - 2014-03-30 13:22 - 00000609 _____ () C:\Users\UpdatusUser\Desktop\TrayBackup.lnk
2014-03-30 13:22 - 2014-03-30 13:22 - 00000609 _____ () C:\Users\Reni\Desktop\TrayBackup.lnk
2014-03-30 13:22 - 2014-03-30 13:22 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayBackup
2014-03-30 13:21 - 2014-03-30 13:21 - 00467187 _____ () C:\Users\Reni\Downloads\trbsetup.exe
2014-03-30 13:14 - 2014-03-30 13:14 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-30 13:08 - 2014-03-30 13:08 - 00000492 _____ () C:\Users\Reni\Documents\cc_20140330_130801.reg
2014-03-30 13:02 - 2014-03-30 13:03 - 04787368 _____ (Piriform Ltd) C:\Users\Reni\Downloads\ccsetup412.exe
2014-03-30 11:59 - 2014-03-30 11:59 - 00000000 ____D () C:\Users\Reni\AppData\Local\Macromedia
2014-03-30 11:45 - 2014-04-03 12:44 - 00001574 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-5.job
2014-03-30 11:45 - 2014-04-03 12:44 - 00001480 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-1.job
2014-03-30 11:45 - 2014-04-03 12:44 - 00001418 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-2.job
2014-03-30 11:45 - 2014-03-30 11:45 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\Security System 2
2014-03-30 11:45 - 2014-03-30 11:45 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\BupSystem
2014-03-30 11:44 - 2014-04-03 12:44 - 00003100 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-3.job
2014-03-30 11:44 - 2014-04-03 12:44 - 00002348 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-4.job
2014-03-30 11:44 - 2014-04-03 11:45 - 00000000 ____D () C:\Program Files\PlusHDS9.1c
2014-03-30 11:43 - 2014-03-30 11:43 - 00000147 _____ () C:\Users\Reni\Desktop\Goodgame Empire.url
2014-03-30 11:22 - 2014-03-30 11:22 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download(2).exe
2014-03-30 11:21 - 2014-03-30 11:21 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download(1).exe
2014-03-30 11:20 - 2014-03-30 11:21 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download.exe
2014-03-29 17:02 - 2014-03-29 17:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:00 - 2014-03-29 16:00 - 00026786 _____ () C:\Users\Reni\Documents\Lesezeichen_20140329.html
2014-03-12 18:09 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 18:09 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 18:09 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 18:09 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 18:09 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 18:09 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 18:09 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 18:09 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 18:09 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 18:09 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 18:09 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 18:09 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 18:09 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 18:09 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 18:09 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 18:09 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 18:09 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 18:09 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 18:09 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 18:09 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 18:09 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 18:09 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 18:09 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:08 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:08 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:08 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-10 17:08 - 2014-03-10 17:08 - 00001294 _____ () C:\Users\Reni\Desktop\Computer Management.lnk
2014-03-10 17:01 - 2014-03-10 17:01 - 00000477 _____ () C:\Users\Reni\Desktop\System - Verknüpfung.lnk
2014-03-10 16:57 - 2014-03-10 17:50 - 00000000 ____D () C:\ProgramData\Acronis
2014-03-10 16:53 - 2014-03-10 16:53 - 00581984 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00166272 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00160704 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00002211 _____ () C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
2014-03-10 16:53 - 2014-03-10 16:53 - 00001115 _____ () C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
2014-03-10 16:52 - 2014-03-10 16:53 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-03-10 16:52 - 2014-03-10 16:52 - 00000000 ____D () C:\Program Files\Acronis
2014-03-10 16:49 - 2014-03-10 16:49 - 00002847 _____ () C:\Users\Reni\Desktop\Microsoft-Maus- und Tastatur-Center.lnk
2014-03-10 16:45 - 2014-03-10 16:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point32_01011.Wdf
2014-03-10 16:45 - 2014-03-10 16:45 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-03-10 16:38 - 2014-03-10 16:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
==================== One Month Modified Files and Folders =======
2014-04-03 13:13 - 2014-04-01 10:42 - 00011990 _____ () C:\Users\Reni\Desktop\FRST.txt
2014-04-03 13:13 - 2014-04-01 10:42 - 00000000 ____D () C:\FRST
2014-04-03 13:13 - 2014-04-01 10:40 - 01145856 _____ (Farbar) C:\Users\Reni\Desktop\FRST.exe
2014-04-03 12:54 - 2014-04-03 12:54 - 00001271 _____ () C:\Users\Reni\Desktop\JRT.txt
2014-04-03 12:53 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:53 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:51 - 2010-11-20 23:01 - 00009220 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 12:47 - 2014-04-03 09:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 12:44 - 2014-03-31 08:43 - 00000370 _____ () C:\Windows\setupact.log
2014-04-03 12:44 - 2014-03-30 11:45 - 00001574 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-5.job
2014-04-03 12:44 - 2014-03-30 11:45 - 00001480 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-1.job
2014-04-03 12:44 - 2014-03-30 11:45 - 00001418 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-2.job
2014-04-03 12:44 - 2014-03-30 11:44 - 00003100 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-3.job
2014-04-03 12:44 - 2014-03-30 11:44 - 00002348 _____ () C:\Windows\Tasks\aed747cb-3711-4c32-a141-56f6ae28d4de-4.job
2014-04-03 12:44 - 2013-02-19 12:39 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\Dropbox
2014-04-03 12:44 - 2012-10-28 17:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 12:44 - 2012-04-07 11:18 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 12:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 12:43 - 2013-06-15 20:27 - 01115008 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 12:35 - 2013-08-30 11:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 12:21 - 2012-04-07 11:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 12:18 - 2014-04-03 12:18 - 00000979 _____ () C:\Users\Reni\Desktop\AdwCleaner[S1].txt
2014-04-03 12:16 - 2014-04-03 12:15 - 01038974 _____ (Thisisu) C:\Users\Reni\Desktop\JRT.exe
2014-04-03 12:16 - 2014-04-03 10:09 - 00000000 ____D () C:\AdwCleaner
2014-04-03 12:11 - 2014-04-03 12:11 - 00000919 _____ () C:\Users\Reni\Desktop\AdwCleaner[R1].txt
2014-04-03 11:45 - 2014-03-30 11:44 - 00000000 ____D () C:\Program Files\PlusHDS9.1c
2014-04-03 11:15 - 2014-04-03 11:15 - 00007008 _____ () C:\Users\Reni\Desktop\AdwCleaner[S0].txt
2014-04-03 10:53 - 2014-03-31 08:43 - 00002044 _____ () C:\Windows\PFRO.log
2014-04-03 10:07 - 2014-04-03 10:07 - 01426178 _____ () C:\Users\Reni\Desktop\adwcleaner.exe
2014-04-03 10:04 - 2014-04-03 10:04 - 00011517 _____ () C:\Users\Reni\Desktop\MBAM_Suchlaufprotokoll.txt
2014-04-03 09:40 - 2014-04-03 09:40 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 09:40 - 2014-04-03 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 09:40 - 2014-04-03 09:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-03 09:38 - 2014-04-03 09:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Reni\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-02 10:58 - 2014-03-31 14:24 - 00000000 ____D () C:\Users\Reni\Documents\Malware
2014-04-02 10:55 - 2014-04-02 10:55 - 00046320 _____ () C:\ComboFix.txt
2014-04-02 10:55 - 2014-04-02 10:20 - 00000000 ____D () C:\Qoobox
2014-04-02 10:55 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-04-02 10:55 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 10:53 - 2014-04-02 10:20 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 10:52 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-02 10:02 - 2013-02-19 12:46 - 00000000 ___RD () C:\Users\Reni\Dropbox
2014-04-02 09:56 - 2014-04-02 09:54 - 05192353 ____R (Swearware) C:\Users\Reni\Desktop\ComboFix.exe
2014-04-01 10:45 - 2014-04-01 10:43 - 00031610 _____ () C:\Users\Reni\Desktop\Addition.txt
2014-04-01 10:40 - 2009-07-14 04:04 - 00000601 _____ () C:\Windows\win.ini
2014-03-31 13:45 - 2014-03-31 13:45 - 00001063 _____ () C:\Users\Public\Desktop\HSPA USB MODEM.lnk
2014-03-31 13:45 - 2014-03-31 13:45 - 00000000 ____D () C:\Program Files\HSPA USB MODEM
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 17:33 - 2014-03-30 17:09 - 00006482 _____ () C:\Users\Reni\Documents\Ereignisse.txt
2014-03-30 16:42 - 2014-03-30 14:26 - 00000000 ____D () C:\_Fotos Archiv
2014-03-30 16:40 - 2014-03-30 14:26 - 00000000 ____D () C:\_Fotos aktuell
2014-03-30 16:24 - 2012-03-19 19:14 - 00000000 ____D () C:\Games
2014-03-30 16:13 - 2014-03-30 13:22 - 00000000 ____D () C:\Program Files\TrayBackup
2014-03-30 14:34 - 2014-03-30 14:34 - 00000000 ____D () C:\backup
2014-03-30 13:22 - 2014-03-30 13:22 - 00000609 _____ () C:\Users\UpdatusUser\Desktop\TrayBackup.lnk
2014-03-30 13:22 - 2014-03-30 13:22 - 00000609 _____ () C:\Users\Reni\Desktop\TrayBackup.lnk
2014-03-30 13:22 - 2014-03-30 13:22 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayBackup
2014-03-30 13:21 - 2014-03-30 13:21 - 00467187 _____ () C:\Users\Reni\Downloads\trbsetup.exe
2014-03-30 13:14 - 2014-03-30 13:14 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-30 13:08 - 2014-03-30 13:08 - 00000492 _____ () C:\Users\Reni\Documents\cc_20140330_130801.reg
2014-03-30 13:03 - 2014-03-30 13:02 - 04787368 _____ (Piriform Ltd) C:\Users\Reni\Downloads\ccsetup412.exe
2014-03-30 13:03 - 2012-04-07 11:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-30 13:03 - 2012-03-19 18:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-30 12:35 - 2013-08-30 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-30 12:35 - 2013-08-30 11:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-30 11:59 - 2014-03-30 11:59 - 00000000 ____D () C:\Users\Reni\AppData\Local\Macromedia
2014-03-30 11:59 - 2012-03-16 16:42 - 00000000 ____D () C:\Users\Reni\AppData\Local\Adobe
2014-03-30 11:45 - 2014-03-30 11:45 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\Security System 2
2014-03-30 11:45 - 2014-03-30 11:45 - 00000000 ____D () C:\Users\Reni\AppData\Roaming\BupSystem
2014-03-30 11:43 - 2014-03-30 11:43 - 00000147 _____ () C:\Users\Reni\Desktop\Goodgame Empire.url
2014-03-30 11:22 - 2014-03-30 11:22 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download(2).exe
2014-03-30 11:21 - 2014-03-30 11:21 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download(1).exe
2014-03-30 11:21 - 2014-03-30 11:20 - 00674504 _____ () C:\Users\Reni\Downloads\CCleaner_Setup_Download.exe
2014-03-29 22:28 - 2012-04-16 16:46 - 00000000 ____D () C:\Users\Reni\Documents\Outlook
2014-03-29 21:47 - 2014-02-17 15:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 17:02 - 2014-03-29 17:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:00 - 2014-03-29 16:00 - 00026786 _____ () C:\Users\Reni\Documents\Lesezeichen_20140329.html
2014-03-23 21:18 - 2012-04-09 10:41 - 00000000 ____D () C:\Users\Reni\Documents\Steuerfälle
2014-03-19 10:34 - 2013-08-15 13:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:31 - 2012-03-17 16:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 14:31 - 2014-02-22 13:58 - 00002199 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-03-16 13:24 - 2013-11-28 18:05 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 19:21 - 2009-07-14 06:33 - 00437576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 19:20 - 2012-07-20 10:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 19:03 - 2012-05-23 14:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-10 17:50 - 2014-03-10 16:57 - 00000000 ____D () C:\ProgramData\Acronis
2014-03-10 17:15 - 2012-03-17 11:08 - 00115808 _____ () C:\Users\Reni\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-10 17:08 - 2014-03-10 17:08 - 00001294 _____ () C:\Users\Reni\Desktop\Computer Management.lnk
2014-03-10 17:01 - 2014-03-10 17:01 - 00000477 _____ () C:\Users\Reni\Desktop\System - Verknüpfung.lnk
2014-03-10 16:53 - 2014-03-10 16:53 - 00581984 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00166272 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00160704 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2014-03-10 16:53 - 2014-03-10 16:53 - 00002211 _____ () C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
2014-03-10 16:53 - 2014-03-10 16:53 - 00001115 _____ () C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
2014-03-10 16:53 - 2014-03-10 16:52 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-03-10 16:53 - 2012-05-21 18:31 - 00911680 _____ (Acronis) C:\Windows\system32\Drivers\tdrpm258.sys
2014-03-10 16:52 - 2014-03-10 16:52 - 00000000 ____D () C:\Program Files\Acronis
2014-03-10 16:49 - 2014-03-10 16:49 - 00002847 _____ () C:\Users\Reni\Desktop\Microsoft-Maus- und Tastatur-Center.lnk
2014-03-10 16:45 - 2014-03-10 16:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point32_01011.Wdf
2014-03-10 16:45 - 2014-03-10 16:45 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-03-10 16:38 - 2014-03-10 16:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-03-05 09:26 - 2014-04-03 09:40 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 09:40 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 09:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Reni\AppData\Local\temp\avgnt.exe
C:\Users\Reni\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 13:52
==================== End Of Log ============================ --- --- ---
Danke und viele Grüße gen Süden,
Jörg |