| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ungewollte Spigot Yahoo search StartseiteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.12.2013, 11:20
| #1 |
 |  ungewollte Spigot Yahoo search Startseite Ich habe vor etwa 1ner Woche den Youtube Downloader installiert und mit Ihnen weitere Programme, die ich sofort wieder gelöscht habe. Bisher ist mir jedoch nicht gelungen die Startseite endgültig abzuändern. Habe bereits mehrere Programme danach drüber laufen lassen, aber da nichts geholfen hat, habe ich diese wieder mit dem CCleaner deinstalliert...  Hier die von euch erwünschten Logscans: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:02 on 04/12/2013 (Jule)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2013 01
Ran by Jule (administrator) on MASF on 04-12-2013 23:10:02
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
========================== Services (Whitelisted) =================
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-01 00:23 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Code:
ATTFilter ==================== One Month Modified Files and Folders =======
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 22:45 - 2009-09-21 14:06 - 01796749 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:24 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 22:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-02 15:24 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-01 00:23 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 10:05 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-04 21:34
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2013 01
Ran by Jule (administrator) on MASF on 04-12-2013 23:10:02
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
========================== Services (Whitelisted) =================
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
Code:
ATTFilter ==================== One Month Created Files and Folders ========
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-01 00:23 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
==================== One Month Modified Files and Folders =======
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 22:45 - 2009-09-21 14:06 - 01796749 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:24 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 22:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-02 15:24 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-01 00:23 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 10:05 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-04 21:34
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-05 00:23:02
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149.05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jule\AppData\Local\Temp\ugddypob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8875C000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x887A5000, 0x510, 0x40000040]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe[2368] kernel32.dll!CreateThread + 1A 769CCB28 4 Bytes CALL 004558C5 C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
|
05.12.2013, 11:56
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ungewollte Spigot Yahoo search Startseite Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.12.2013, 13:19
| #3 |
| | ungewollte Spigot Yahoo search Startseite Leider habe ich alles mit dem CCleaner gelöscht. Der log vom iobit malware fighter ist sicher unbrauchbar...
__________________Code:
ATTFilter IObit Malware Fighter
OS: Windows Vista
Version: 2.2.0.16
Define Version: 1291
Time Elapsed: 01:42:57
Objects Scanned: 90013
Threats Found: 0
Save Time: 30.11.2013 13:28:30
|Name|Type|Description|ID|
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:55:05, on 04.12.2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16520) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe E:\##tex\HiJackThis204.exe C:\Windows\system32\conime.exe C:\Program Files\SumatraPDF\SumatraPDF.exe C:\Program Files\SumatraPDF\SumatraPDF.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit Malware Fighter\IMF.exe" /autostart O4 - HKCU\..\Run: [f.lux] "C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe C:\Users\Jule\IBM\Lotus\Symphony\.sodc\ O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User 'Default user') O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit Malware Fighter\IMFsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- End of file - 7366 bytes ich keinen Log finden und der soeben geöffnete Skript ist leer  Geändert von julekai (05.12.2013 um 13:41 Uhr) |
|
05.12.2013, 14:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.12.2013, 19:26
| #5 |
| | ungewollte Spigot Yahoo search Startseite Ich habe alles so gemacht, wie in der Anleitung beschrieben. Das Programm hat leider nichts finden können  Soll ich das ganze nochmal ohne Internetverbindung im Abgesicherten Modus durchlaufen lassen oder spielt das keine Rolle?  Spybot Search hatte einige Ergebnisse, aber ich wüsste leider nicht wie ich an das Log rankommen sollte, falls es das überhaupt irgendwo zu finden gibt... Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.12.05.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jule :: MASF [administrator]
05.12.2013 17:24:28
mbar-log-2013-12-05 (17-24-28).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 225989
Time elapsed: 1 hour(s), 45 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Vom ADWCleaner habe ich allerdings noch mehr mit den Endungen [R1] [R2] [S0] [S1]. Das ist die größte Datei. Die Endung lautet [R0] Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 30/11/2013 um 23:56:00
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Jule - MASF
# Gestartet von : E:\##tex\adwcleaner313.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : HssSrv
Dienst Gefunden : hsstrayservice
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\hotspot shield
Ordner Gefunden C:\Program Files\hotspot shield
Ordner Gefunden C:\ProgramData\AGI
Ordner Gefunden C:\Users\Jule\AppData\Local\PackageAware
Ordner Gefunden C:\Users\Jule\AppData\Local\Smartbar
Ordner Gefunden C:\Users\Jule\AppData\Local\Temp\Smartbar
Ordner Gefunden C:\Users\Jule\AppData\LocalLow\Hotbar
Ordner Gefunden C:\Users\Jule\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hotspot shield
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Hotbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\hotspotshield
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshield
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\smartbarbackup
Schlüssel Gefunden : HKCU\Software\smartbarlog
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Schlüssel Gefunden : HKLM\Software\hotspotshield
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16520
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=6a62ce86-63c7-708b-c4c4-1f529e1ba35f&searchtype=ds&q={searchTerms}&installDate=29/11/2013
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\prefs.js ]
Zeile gefunden : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gefunden : user_pref("extensions.helperbar.LastHiddenTime", 23095340);
Zeile gefunden : user_pref("extensions.helperbar.SmartbarDisabled", true);
Zeile gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gefunden : user_pref("extensions.helperbar.Visibility", true);
Zeile gefunden : user_pref("extensions.helperbar.countryiso", "de");
Zeile gefunden : user_pref("extensions.helperbar.downloadprovider", "tuguu");
Zeile gefunden : user_pref("extensions.helperbar.installationid", "6a62ce86-63c7-708b-c4c4-1f529e1ba35f");
Zeile gefunden : user_pref("extensions.helperbar.installdate", "29/11/2013");
Zeile gefunden : user_pref("extensions.helperbar.publisher", "tuguu");
-\\ Google Chrome v
[ Datei : C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9199 octets] - [30/11/2013 23:56:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9259 octets] ##########
Ich hoffe es lässt sich noch etwas machen...? Geändert von julekai (05.12.2013 um 19:54 Uhr) |
|
06.12.2013, 01:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite adwcleaner und JRT neu runterladen!! Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> ungewollte Spigot Yahoo search Startseite |
|
06.12.2013, 11:40
| #7 |
| | ungewollte Spigot Yahoo search Startseite Ok, hier die Logs: Log 1 Code:
ATTFilter # AdwCleaner v3.014 - Bericht erstellt am 06/12/2013 um 10:35:57
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Jule - MASF
# Gestartet von : C:\Users\Jule\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16520
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9339 octets] - [30/11/2013 23:56:00]
AdwCleaner[R1].txt - [1023 octets] - [01/12/2013 00:08:09]
AdwCleaner[R2].txt - [1144 octets] - [01/12/2013 00:19:09]
AdwCleaner[R3].txt - [1309 octets] - [06/12/2013 10:34:00]
AdwCleaner[S0].txt - [8544 octets] - [01/12/2013 00:01:21]
AdwCleaner[S1].txt - [1085 octets] - [01/12/2013 00:09:59]
AdwCleaner[S2].txt - [1230 octets] - [06/12/2013 10:35:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1290 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jule on 06.12.2013 at 10:59:51.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Jule\appdata\local\slick savings"
~~~ FireFox
Emptied folder: C:\Users\Jule\AppData\Roaming\mozilla\firefox\profiles\qctezl56.default\minidumps [82 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.12.2013 at 11:13:03.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2013
Ran by Jule (administrator) on MASF on 06-12-2013 11:16:03
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
========================== Services (Whitelisted) =================
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 17:23 - 2013-12-05 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 17:23 - 2013-12-05 17:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:19 - 2013-12-05 19:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:16 - 2013-12-05 17:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:14 - 2013-12-04 23:15 - 00036780 _____ C:\Users\Jule\Desktop\Addition.txt
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-06 11:16 - 00011183 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-06 11:15 - 01405939 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-06 10:36 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
==================== One Month Modified Files and Folders =======
2013-12-06 11:18 - 2013-12-04 23:10 - 00011183 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-06 11:15 - 2013-12-04 23:07 - 01405939 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-06 11:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-06 10:38 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 10:38 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 10:38 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 10:36 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-12-06 10:36 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 22:57 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-12-05 19:19 - 2013-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 19:19 - 2013-12-05 17:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:23 - 2013-12-05 17:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:18 - 2013-12-05 17:16 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 13:37 - 2009-11-02 18:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-05 00:23 - 2009-09-21 14:06 - 01799889 _____ C:\Windows\WindowsUpdate.log
2013-12-04 23:27 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:15 - 2013-12-04 23:14 - 00036780 _____ C:\Users\Jule\Desktop\Addition.txt
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\Quarantine.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-06 10:46
==================== End Of Log ============================
Eine Addition.txt wurde nicht erzeugt. War auch nicht angekreuzt. Soll ich den Scan nochmal durchführen? Geändert von julekai (06.12.2013 um 11:58 Uhr) |
|
06.12.2013, 13:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite Ja mach mal bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2013, 13:32
| #9 |
| | ungewollte Spigot Yahoo search Startseite Dein Wunsch sei mir Befehl frst log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2013
Ran by Jule (administrator) on MASF on 06-12-2013 13:23:40
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
========================== Services (Whitelisted) =================
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-06 13:23 - 2013-12-06 13:23 - 00000000 ____D C:\Users\Jule\Desktop\FRST-OlderVersion
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 17:23 - 2013-12-05 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 17:23 - 2013-12-05 17:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:19 - 2013-12-05 19:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:16 - 2013-12-05 17:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-06 13:24 - 00011072 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-06 13:23 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-06 13:23 - 01058547 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-06 10:36 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
==================== One Month Modified Files and Folders =======
2013-12-06 13:24 - 2013-12-04 23:10 - 00011072 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-06 13:23 - 2013-12-06 13:23 - 00000000 ____D C:\Users\Jule\Desktop\FRST-OlderVersion
2013-12-06 13:23 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-06 13:23 - 2013-12-04 23:07 - 01058547 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-06 13:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 12:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-06 12:37 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 12:37 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:38 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 10:36 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-12-06 10:36 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 22:57 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-12-05 19:19 - 2013-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 19:19 - 2013-12-05 17:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:23 - 2013-12-05 17:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:18 - 2013-12-05 17:16 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 13:37 - 2009-11-02 18:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-05 00:23 - 2009-09-21 14:06 - 01799889 _____ C:\Windows\WindowsUpdate.log
2013-12-04 23:27 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\Quarantine.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-06 10:46
==================== End Of Log ============================
addition log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-12-2013
Ran by Jule at 2013-12-06 13:27:50
Running from C:\Users\Jule\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
==================== Installed Programs ======================
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Apple Application Support (Version: 1.5.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.06(T))
Bonjour (Version: 3.0.0.2)
Canon MP510 Benutzerregistrierung
Canvas 11 (Version: 11.00.1173)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Previews Common (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Czech (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Danish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Dutch (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Finnish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization French (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization German (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Greek (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Hungarian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Italian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Japanese (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Korean (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Norwegian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Polish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Portuguese (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Russian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Spanish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Swedish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Thai (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Turkish (Version: 2007.0621.1715.28924)
CCC Help Chinese Standard (Version: 2007.0621.1714.28924)
CCC Help Chinese Traditional (Version: 2007.0621.1714.28924)
CCC Help Czech (Version: 2007.0621.1714.28924)
CCC Help Danish (Version: 2007.0621.1714.28924)
CCC Help Dutch (Version: 2007.0621.1714.28924)
CCC Help English (Version: 2007.0621.1714.28924)
CCC Help Finnish (Version: 2007.0621.1714.28924)
CCC Help French (Version: 2007.0621.1714.28924)
CCC Help German (Version: 2007.0621.1714.28924)
CCC Help Greek (Version: 2007.0621.1714.28924)
CCC Help Hungarian (Version: 2007.0621.1714.28924)
CCC Help Italian (Version: 2007.0621.1714.28924)
CCC Help Japanese (Version: 2007.0621.1714.28924)
CCC Help Korean (Version: 2007.0621.1714.28924)
CCC Help Norwegian (Version: 2007.0621.1714.28924)
CCC Help Polish (Version: 2007.0621.1714.28924)
CCC Help Portuguese (Version: 2007.0621.1714.28924)
CCC Help Russian (Version: 2007.0621.1714.28924)
CCC Help Spanish (Version: 2007.0621.1714.28924)
CCC Help Swedish (Version: 2007.0621.1714.28924)
CCC Help Thai (Version: 2007.0621.1714.28924)
CCC Help Turkish (Version: 2007.0621.1714.28924)
ccc-core-static (Version: 2007.0621.1715.28924)
ccc-utility (Version: 2007.0621.1715.28924)
CCleaner (Version: 3.12)
CD/DVD Drive Acoustic Silencer (Version: 2.00.02)
Citavi 4 (Version: 4.2.0.11)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus Web Player (Version: 2.0.0)
doPDF 6.2 printer
DraftSight (Version: 8.2.301)
Emdedded IR Driver (Version: 0.0.0.6C)
f.lux
Foxit Reader (Version: 6.0.4.719)
Free YouTube Download version 3.2.18.1128 (Version: 3.2.18.1128)
GPL Ghostscript (Version: 9.10)
IBM Lotus Symphony (Version: 1.3.09157)
Intel Matrix Storage Manager
IObit Malware Fighter (Version: 2.2)
IrfanView (remove only)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
Kingsoft Office 2012 (8.1.0.3375) (Version: 8.1.0.3375)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2000 Premium (Version: 9.00.2816)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Visio 2010 (Version: 14.0.7015.1000)
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.6612.1000)
Microsoft Visio Premium 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MiKTeX 2.9 (HKCU Version: 2.9)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 6.5.1)
Ontrack EasyRecovery Professional (Version: 10.0.5.6)
OpenOffice.org 3.3 (Version: 3.3.9567)
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5433)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0187)
Recuva (Version: 1.40)
Revo Uninstaller 1.95 (Version: 1.95)
Roadkil's Unstoppable Copier Version 4.2
Serif DrawPlus 4.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shockwave
Skins (Version: 2007.0621.1715.28924)
Skype™ 5.10 (Version: 5.10.116)
Spybot - Search & Destroy (Version: 2.0.12)
SumatraPDF (Version: 2.4)
Synaptics Pointing Device Driver (Version: 10.0.1.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)
Texmaker
TIPCI (Version: 2.00.0001)
TOSHIBA ConfigFree (Version: 7.00.29)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA DVD PLAYER (Version: 1.00.24A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C)
TOSHIBA Hardware Setup (Version: 1.48.0.11C)
Toshiba Online Product Information (Version: 1.00.0009)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD03))
TOSHIBA Supervisor Password (Version: 1.48.0.8C)
TOSHIBA Supervisorkennwort (Version: 1.48.0.8C)
TOSHIBA Value Added Package (Version: 1.0.24)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Utility Common Driver (Version: 0.0.1.1C)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
==================== Restore Points =========================
30-11-2013 15:26:35 Driver Booster : Realtek High Definition Audio
30-11-2013 15:36:25 Removed IObit Apps Toolbar v8.3.
30-11-2013 23:31:35 IObit Uninstaller restore point
01-12-2013 17:34:32 Geplanter Prüfpunkt
04-12-2013 19:29:12 IObit Uninstaller restore point
04-12-2013 19:45:38 IObit Uninstaller restore point
==================== Hosts content: ==========================
2006-11-02 11:23 - 2013-01-15 16:01 - 00445178 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31830DF6-4671-46CD-9253-1B21864E52DF} - System32\Tasks\Registration Trigger IBM Lotus Symphony Task => C:\Program Files\IBM Lotus Symphony\framework\rcp\rcplauncher.exe [2009-05-05] ()
Task: {38757A9C-E1B4-4088-B0D8-EE3207DF0031} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3A061B1D-3192-42CE-852E-67FCC3889567} - System32\Tasks\{2E2EA250-2E30-4810-A4A9-3A003F79248C} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {5D69ECF2-C53E-4494-90D7-A7114C7CC130} - System32\Tasks\{EB6E0E21-C667-4AD9-95AF-D29D49871B68} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/go/help.faq.installer?LastError=1618
Task: {710A2204-564E-4190-B17B-19A8B4FF444B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {79FB67D8-77D6-4B65-8E3C-6AAC7AB19A7D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jule => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {810E46A0-622B-4805-AC6A-B423692C589E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {86908681-6287-4538-9B94-AF9C268BCEDD} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9D53C720-97ED-4261-8B5C-CE1F38ADED98} - System32\Tasks\Google Updater and Installer => C:\Users\Jule\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9EB99301-3EA4-490C-9D6F-FFDD5092E387} - System32\Tasks\File Helper => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe [2009-10-13] ()
Task: {BF86556D-9C50-48A5-9E5A-594193D80D1E} - System32\Tasks\WpsUpdateTask_Jule => C:\Program Files\Kingsoft Office\office6\wpsupdate.exe [2013-06-05] (Kingsoft Corp. Ltd.)
Task: {CB47C0DA-6F27-431D-9B24-2DE2DA882356} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CDB48552-B9D8-4EFB-A136-506372D469A8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FC744C72-7DA3-4099-BD4B-3A9F0BFB4844} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\File Helper.job => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Jule.job => C:\Program Files\Kingsoft Office\office6\wpsupdate.exe
==================== Loaded Modules (whitelisted) =============
2007-07-12 09:54 - 2007-06-21 10:27 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02400323 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\vcl645mi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01794123 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\udkservice1.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00073794 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\vos3MSC.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01749055 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\sal3.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00098304 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\uwinapi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00147524 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\reg3.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01437784 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\log4pt.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02981961 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\svt645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01224776 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\tk645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 06660166 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\sfx645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02326598 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sb645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00299083 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\xcr645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00413764 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\so645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00286792 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\go645mi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00647244 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\basicservice.uno.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00049230 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\jvmaccess3MSC.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02854984 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\ucpchelp1.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00286720 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xerces-depdom_2_6.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00036864 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xslt4cMessages_1_7_0.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00032837 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\rmcxt3.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01716292 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sax.uno.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01601610 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\desktp645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00397382 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\ofa645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 08671299 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\svx645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01921103 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\i18npool645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00204883 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\oleautobridge.uno.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00094283 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\emser645mi.dll
2013-01-15 13:11 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-15 13:11 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-15 13:11 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-15 13:11 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-15 13:11 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-02-28 18:36 - 2013-11-18 19:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-13 18:25 - 2013-07-17 23:56 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-12-06 13:25:50.473
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:49.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:47.814
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:46.483
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:45.120
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:43.776
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:42.466
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 13:25:41.142
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 11:19:33.264
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-06 11:19:31.956
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 2045.69 MB
Available physical RAM: 926.65 MB
Total Pagefile: 4328.64 MB
Available Pagefile: 3200.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.88 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:74.22 GB) (Free:2.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TOSHIBA) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT32
Drive e: (Data) (Fixed) (Total:73.36 GB) (Free:19.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: A0A8BD18)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
==================== End Of Log ============================
|
|
06.12.2013, 22:02
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.12.2013, 14:49
| #11 |
| | ungewollte Spigot Yahoo search Startseite Hallo Cosinus, anbei die Mbar logdatei. Der Scan mit Eset brachte keine Ergebnisse. Grüße, julekai Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.06.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jule :: MASF [Administrator] 06.12.2013 23:35:25 mbam-log-2013-12-06 (23-35-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222662 Laufzeit: 43 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jule\AppData\Local\Temp\Temporary files\parent.txt (PUP.Optional.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jule\AppData\Local\Temp\Temporary files\software\Installer.exe (PUP.Optional.Linkury.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jule\AppData\Local\Temp\Temporary files\software\PricePeep.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jule\AppData\Local\Temp\is-5FOQ8.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jule\AppData\Local\Temp\is-SCPA8.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\63f740.msi (PUP.Optional.SmartBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.12.2013, 16:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite Nur Reste, bitte TFC anwenden: TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.12.2013, 11:17
| #13 |
| | ungewollte Spigot Yahoo search Startseite Hallo Cosinus, TFC hat Dateien finden können und diese auch entfernt. Leider ist das Anfangsproblem, die yahoo search website immer noch aktuell  Das System wurde auch neugestartet. Du hast gemeint, dass keine Programme dabei laufen sollten, heißt das ich sollte die Schnellstarterprogramme (bei Vista kleine Symbole u. rechts) auch alle beenden? Ich habe mir mittlerweile auch einen anderen Forenbeitrag zu snap.do (das Programm war bei mir auch drauf) angesehen in dem zu lesen war, Registry Einträge sollten nicht gelöscht werden. - Genau das habe ich jedoch mit dem CCleaner getan - Wenn die Ursache, dass die Startseite nicht gelöscht werden konnte, damit zu tun hat, gibt es dann aus deiner Sicht überhaupt noch Möglichkeiten die Startseite loszuwerden oder hilft da nur noch ein neues System??? Bisher stört die Startseite nicht sehr, aber der Scheinfrieden ist sicher nicht von Dauer... Vielen Dank schonmal für die Software Empfehlung =) Wenn das ein geeignetes Tool zum Blocken der Startseite ist, funktioniert das auch wenn es auf der zweiten Festplatte des PC`s installiert ist? Grüße, julekai Hallo & einen schönen Adventssonntag  ich habe mittlerweile mal tfc ausprobiert, während die Schnellstarterprogramme beendet wurden - leider ohne Erfolg. Grüße und nochmals vielen Dank für deine Hilfestellungen, julekai Geändert von julekai (07.12.2013 um 21:15 Uhr) |
|
08.12.2013, 17:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ungewollte Spigot Yahoo search Startseite Gehts jetzt nur noch um die Yahoo Seite die ungewollt geöffnet wird? In welchen Browsern? Und bitte ein frisches FRST Log posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.12.2013, 18:13
| #15 |
| | ungewollte Spigot Yahoo search Startseite Hallo  Ich bin mir nicht sicher ob noch weitere Probleme bestehen bzw. hinzugekommen sind. Heute nachmittag habe ich mir die Vollversion-Magix-Foto-Grafik-Designer-7-SE_62965327.html aus dem Chip Adventskalender installiert und das Internet funktionierte nicht richtig. Dabei habe ich mich sehr viel auf Yahoo Internetseiten aufgehalten. Auf Youtube konnte ich erst keine Videovorschaubilder sehen, dass ging dann später. Das Laden der Yahoo Seiten hat immer länger gedauert bis dann schließlich auch bei anderen Seiten bis zum Neustart nichts mehr ging. Der Pfeil/Kreis in der URL-leiste zeigte zwar an, dass die Seiten geladen werden, aber es ist nichts weiter passiert.... Die Seiten konnten zum Schluß gar nicht mehr neu geladen werden. Nach dem Neustart ist bisher noch nichts davon zu merken. Was mich auch etwas skeptisch macht sind im addition aufgelistete Seiten wie diese hier: 010402.com; www.0scan.com; 100sexlinks.com; www.00hq.com FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 02
Ran by Jule (administrator) on MASF on 08-12-2013 18:33:25
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
========================== Services (Whitelisted) =================
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-08 14:20 - 2013-12-08 14:20 - 00000000 ____D C:\Users\Jule\AppData\Roaming\MAGIX
2013-12-08 14:19 - 2013-12-08 14:19 - 00000000 ____D C:\Users\Jule\AppData\Local\Xara
2013-12-08 14:15 - 2013-12-08 14:18 - 00000000 ____D C:\Program Files\MAGIX Foto_Grafik_Designer_7_SE
2013-12-08 14:15 - 2013-12-08 14:15 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-12-07 19:03 - 2013-12-07 19:03 - 00448512 _____ (OldTimer Tools) C:\Users\Jule\Desktop\TFC.exe
2013-12-07 00:33 - 2013-12-07 00:33 - 00000000 ____D C:\Program Files\ESET
2013-12-06 23:31 - 2013-12-06 23:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-06 23:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-06 23:29 - 2013-12-06 23:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jule\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-06 13:27 - 2013-12-06 13:29 - 00026674 _____ C:\Users\Jule\Desktop\Addition.txt
2013-12-06 13:23 - 2013-12-08 17:56 - 00000000 ____D C:\Users\Jule\Desktop\FRST-OlderVersion
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 17:23 - 2013-12-05 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:19 - 2013-12-05 19:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:16 - 2013-12-05 17:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-08 18:35 - 00011174 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-08 17:56 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-08 17:56 - 01060441 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-06 10:36 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-07 00:24 - 00265728 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
==================== One Month Modified Files and Folders =======
2013-12-08 18:35 - 2013-12-04 23:10 - 00011174 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-08 18:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 17:56 - 2013-12-06 13:23 - 00000000 ____D C:\Users\Jule\Desktop\FRST-OlderVersion
2013-12-08 17:56 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-08 17:56 - 2013-12-04 23:07 - 01060441 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-08 17:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-08 17:49 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 17:49 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 17:46 - 2011-08-30 10:21 - 00651304 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-08 17:46 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 16:43 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-08 16:40 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-12-08 15:56 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-08 14:20 - 2013-12-08 14:20 - 00000000 ____D C:\Users\Jule\AppData\Roaming\MAGIX
2013-12-08 14:19 - 2013-12-08 14:19 - 00000000 ____D C:\Users\Jule\AppData\Local\Xara
2013-12-08 14:18 - 2013-12-08 14:15 - 00000000 ____D C:\Program Files\MAGIX Foto_Grafik_Designer_7_SE
2013-12-08 14:15 - 2013-12-08 14:15 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-12-08 14:15 - 2007-04-16 07:36 - 00000000 ____D C:\ProgramData\MAGIX
2013-12-08 14:14 - 2007-07-12 20:02 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-12-08 13:19 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-12-08 11:55 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-12-07 19:03 - 2013-12-07 19:03 - 00448512 _____ (OldTimer Tools) C:\Users\Jule\Desktop\TFC.exe
2013-12-07 14:44 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-07 00:33 - 2013-12-07 00:33 - 00000000 ____D C:\Program Files\ESET
2013-12-07 00:24 - 2013-11-30 13:35 - 00265728 _____ C:\Windows\PFRO.log
2013-12-07 00:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Globalization
2013-12-06 23:31 - 2013-12-06 23:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-06 23:29 - 2013-12-06 23:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jule\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-06 13:29 - 2013-12-06 13:27 - 00026674 _____ C:\Users\Jule\Desktop\Addition.txt
2013-12-06 11:13 - 2013-12-06 11:13 - 00000842 _____ C:\Users\Jule\Desktop\JRT.txt
2013-12-06 10:59 - 2013-12-06 10:59 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 10:58 - 2013-12-06 10:58 - 01034531 _____ (Thisisu) C:\Users\Jule\Desktop\JRT.exe
2013-12-06 10:36 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-12-06 10:33 - 2013-12-06 10:33 - 01110034 _____ C:\Users\Jule\Desktop\adwcleaner.exe
2013-12-05 22:57 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-12-05 19:19 - 2013-12-05 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 19:19 - 2013-12-05 17:19 - 00000000 ____D C:\Users\Jule\Desktop\mbar
2013-12-05 17:20 - 2013-12-05 17:20 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 17:18 - 2013-12-05 17:16 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jule\Desktop\mbar-1.07.0.1007.exe
2013-12-05 13:37 - 2009-11-02 18:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-05 00:23 - 2013-12-05 00:23 - 00001393 _____ C:\Users\Jule\Desktop\gmer.log
2013-12-05 00:23 - 2009-09-21 14:06 - 01799889 _____ C:\Windows\WindowsUpdate.log
2013-12-04 23:18 - 2013-12-04 23:18 - 00377856 _____ C:\Users\Jule\Desktop\gmer_2.1.19163.exe
2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-08 17:53
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-12-2013 02
Ran by Jule at 2013-12-08 18:38:25
Running from C:\Users\Jule\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Apple Application Support (Version: 1.5.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.06(T))
Bonjour (Version: 3.0.0.2)
Canon MP510 Benutzerregistrierung
Canvas 11 (Version: 11.00.1173)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Previews Common (Version: 2007.0621.1715.28924)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Czech (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Danish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Dutch (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Finnish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization French (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization German (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Greek (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Hungarian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Italian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Japanese (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Korean (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Norwegian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Polish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Portuguese (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Russian (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Spanish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Swedish (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Thai (Version: 2007.0621.1715.28924)
Catalyst Control Center Localization Turkish (Version: 2007.0621.1715.28924)
CCC Help Chinese Standard (Version: 2007.0621.1714.28924)
CCC Help Chinese Traditional (Version: 2007.0621.1714.28924)
CCC Help Czech (Version: 2007.0621.1714.28924)
CCC Help Danish (Version: 2007.0621.1714.28924)
CCC Help Dutch (Version: 2007.0621.1714.28924)
CCC Help English (Version: 2007.0621.1714.28924)
CCC Help Finnish (Version: 2007.0621.1714.28924)
CCC Help French (Version: 2007.0621.1714.28924)
CCC Help German (Version: 2007.0621.1714.28924)
CCC Help Greek (Version: 2007.0621.1714.28924)
CCC Help Hungarian (Version: 2007.0621.1714.28924)
CCC Help Italian (Version: 2007.0621.1714.28924)
CCC Help Japanese (Version: 2007.0621.1714.28924)
CCC Help Korean (Version: 2007.0621.1714.28924)
CCC Help Norwegian (Version: 2007.0621.1714.28924)
CCC Help Polish (Version: 2007.0621.1714.28924)
CCC Help Portuguese (Version: 2007.0621.1714.28924)
CCC Help Russian (Version: 2007.0621.1714.28924)
CCC Help Spanish (Version: 2007.0621.1714.28924)
CCC Help Swedish (Version: 2007.0621.1714.28924)
CCC Help Thai (Version: 2007.0621.1714.28924)
CCC Help Turkish (Version: 2007.0621.1714.28924)
ccc-core-static (Version: 2007.0621.1715.28924)
ccc-utility (Version: 2007.0621.1715.28924)
CCleaner (Version: 3.12)
CD/DVD Drive Acoustic Silencer (Version: 2.00.02)
Citavi 4 (Version: 4.2.0.11)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus Web Player (Version: 2.0.0)
doPDF 6.2 printer
DraftSight (Version: 8.2.301)
Emdedded IR Driver (Version: 0.0.0.6C)
ESET Online Scanner v3
f.lux
Foxit Reader (Version: 6.0.4.719)
Free YouTube Download version 3.2.18.1128 (Version: 3.2.18.1128)
GPL Ghostscript (Version: 9.10)
IBM Lotus Symphony (Version: 1.3.09157)
Intel Matrix Storage Manager
IrfanView (remove only)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
Kingsoft Office 2012 (8.1.0.3375) (Version: 8.1.0.3375)
MAGIX Foto & Grafik Designer 7 SE (Version: 7.1.2.26041)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2000 Premium (Version: 9.00.2816)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Visio 2010 (Version: 14.0.7015.1000)
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.6612.1000)
Microsoft Visio Premium 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MiKTeX 2.9 (HKCU Version: 2.9)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Notepad++ (Version: 6.5.1)
Ontrack EasyRecovery Professional (Version: 10.0.5.6)
OpenOffice.org 3.3 (Version: 3.3.9567)
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5433)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0187)
Recuva (Version: 1.40)
Revo Uninstaller 1.95 (Version: 1.95)
Roadkil's Unstoppable Copier Version 4.2
Serif DrawPlus 4.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shockwave
Skins (Version: 2007.0621.1715.28924)
Skype™ 5.10 (Version: 5.10.116)
Spybot - Search & Destroy (Version: 2.0.12)
SumatraPDF (Version: 2.4)
Synaptics Pointing Device Driver (Version: 10.0.1.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)
Texmaker
TIPCI (Version: 2.00.0001)
TOSHIBA ConfigFree (Version: 7.00.29)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA DVD PLAYER (Version: 1.00.24A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C)
TOSHIBA Hardware Setup (Version: 1.48.0.11C)
Toshiba Online Product Information (Version: 1.00.0009)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD03))
TOSHIBA Supervisor Password (Version: 1.48.0.8C)
TOSHIBA Supervisorkennwort (Version: 1.48.0.8C)
TOSHIBA Value Added Package (Version: 1.0.24)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Utility Common Driver (Version: 0.0.1.1C)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
==================== Restore Points =========================
30-11-2013 23:31:35 IObit Uninstaller restore point
01-12-2013 17:34:32 Geplanter Prüfpunkt
04-12-2013 19:29:12 IObit Uninstaller restore point
04-12-2013 19:45:38 IObit Uninstaller restore point
07-12-2013 10:40:47 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 11:23 - 2013-01-15 16:01 - 00445178 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31830DF6-4671-46CD-9253-1B21864E52DF} - System32\Tasks\Registration Trigger IBM Lotus Symphony Task => C:\Program Files\IBM Lotus Symphony\framework\rcp\rcplauncher.exe [2009-05-05] ()
Task: {38757A9C-E1B4-4088-B0D8-EE3207DF0031} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3A061B1D-3192-42CE-852E-67FCC3889567} - System32\Tasks\{2E2EA250-2E30-4810-A4A9-3A003F79248C} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {5D69ECF2-C53E-4494-90D7-A7114C7CC130} - System32\Tasks\{EB6E0E21-C667-4AD9-95AF-D29D49871B68} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/go/help.faq.installer?LastError=1618
Task: {710A2204-564E-4190-B17B-19A8B4FF444B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {79FB67D8-77D6-4B65-8E3C-6AAC7AB19A7D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jule => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {810E46A0-622B-4805-AC6A-B423692C589E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {86908681-6287-4538-9B94-AF9C268BCEDD} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9D53C720-97ED-4261-8B5C-CE1F38ADED98} - System32\Tasks\Google Updater and Installer => C:\Users\Jule\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9EB99301-3EA4-490C-9D6F-FFDD5092E387} - System32\Tasks\File Helper => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe [2009-10-13] ()
Task: {BF86556D-9C50-48A5-9E5A-594193D80D1E} - System32\Tasks\WpsUpdateTask_Jule => C:\Program Files\Kingsoft Office\office6\wpsupdate.exe [2013-06-05] (Kingsoft Corp. Ltd.)
Task: {CB47C0DA-6F27-431D-9B24-2DE2DA882356} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CDB48552-B9D8-4EFB-A136-506372D469A8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FC744C72-7DA3-4099-BD4B-3A9F0BFB4844} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\File Helper.job => C:\Program Files\File Helper\1.1.0.4\FileHelper.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Jule.job => C:\Program Files\Kingsoft Office\office6\wpsupdate.exe
==================== Loaded Modules (whitelisted) =============
2007-07-12 09:54 - 2007-06-21 10:27 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02400323 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\vcl645mi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01794123 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\udkservice1.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00073794 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\vos3MSC.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01749055 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\sal3.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00098304 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\uwinapi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00147524 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\reg3.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 01437784 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\log4pt.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02981961 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\svt645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01224776 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\tk645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 06660166 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\sfx645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02326598 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sb645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00299083 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\xcr645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00413764 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\so645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00286792 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\go645mi.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00647244 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\basicservice.uno.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00049230 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\jvmaccess3MSC.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 02854984 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\ucpchelp1.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00286720 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xerces-depdom_2_6.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00036864 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xslt4cMessages_1_7_0.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00032837 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\rmcxt3.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01716292 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sax.uno.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01601610 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\desktp645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00397382 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\ofa645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 08671299 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\svx645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 01921103 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\i18npool645mi.dll
2010-11-16 23:29 - 2010-11-16 23:29 - 00204883 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\oleautobridge.uno.dll
2010-11-16 23:30 - 2010-11-16 23:30 - 00094283 _____ () C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\emser645mi.dll
2012-02-28 18:36 - 2013-11-18 19:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-13 18:25 - 2013-07-17 23:56 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2013-11-22 15:24 - 2013-11-22 15:24 - 16237448 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/08/2013 05:46:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/08/2013 05:46:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/08/2013 04:43:32 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/08/2013 10:50:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/08/2013 10:50:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/08/2013 10:08:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/08/2013 10:08:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/07/2013 08:30:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/07/2013 08:30:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/07/2013 06:53:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (12/08/2013 05:47:26 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/08/2013 05:45:23 PM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 05:45:23 PM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 05:45:23 PM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 04:43:30 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/08/2013 10:50:54 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/08/2013 10:49:38 AM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 10:49:37 AM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 10:49:37 AM) (Source: atikmdag) (User: )
Description: Unknown EDID version
Error: (12/08/2013 10:48:37 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (12/08/2013 05:46:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/08/2013 05:46:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/08/2013 04:43:32 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/08/2013 10:50:30 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/08/2013 10:50:29 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/08/2013 10:08:19 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/08/2013 10:08:19 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/07/2013 08:30:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/07/2013 08:30:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
Error: (12/07/2013 06:53:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
CodeIntegrity Errors:
===================================
Date: 2013-12-08 18:37:28.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:27.638
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:26.307
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:24.968
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:23.646
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:22.305
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:20.954
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-08 18:37:19.630
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-07 00:06:40.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-07 00:06:39.077
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 2045.69 MB
Available physical RAM: 961.02 MB
Total Pagefile: 4330.64 MB
Available Pagefile: 3101.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.14 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:74.22 GB) (Free:1.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:73.36 GB) (Free:19.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: A0A8BD18)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich habe grad mal eine eurer Anleitungen zu FRST gefunden, allerdings wird da das Addition Log auch nicht weiter erwähnt. (http://www.trojaner-board.de/132035-...scan-tool.html) Sollte der Scan in meinen Fall auch erst nach einem Start von Windows durch die erweiterten Startoptionen durchgeführt werden? Achso, ich benutze nur mozilla firefox. Ich habe die im Betreff genannte Zeile bereits mehrere Male aus der Chronik entfernt ("Seite komplett vergessen"), aber sie taucht auch nach dem Scan mit TFC wieder auf`s Neue auf. Viele Grüße, julekai Geändert von julekai (08.12.2013 um 18:59 Uhr) |
|
| Themen zu ungewollte Spigot Yahoo search Startseite |
| .dll, administrator, adobe, bonjour, browser, downloader, explorer, firefox, flash player, helper, home, homepage, installation, malware, mozilla, plug-in, realtek, registry, rundll, services.exe, software, spigot yahoo search hijacker, svchost.exe, temp, usb, windows, winlogon.exe, yahoo search, youtube downloader |
Linear-Darstellung
