| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.Conduit.A und HTML/Framer.DO.254Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.01.2014, 14:05
| #1 | |||
| |  PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo allerseits! Ich habe jetzt seit (wahrscheinlich) schon ein paar Wochen Probleme mit Viren auf meinem Computer. Neulich habe ich jemandem per USB-Stick Dateien weitergegeben und derjenige hatte dann offenbar gleich eine Vielzahl von Viren-Warnungen auf seinem Laptop. Die Person hat mir das dann mitgeteilt und leider, leider habe ich erst dann bemerkt, dass Avira die eigentlich wöchentlich angesetzte Systemprüfung schon seit Wochen einfach nicht mehr gemacht hatte. Dann habe ich natürlich sofort Avira eine Systemprüfung machen lassen, wobei auch ganze 10 Viren (Malware) gefunden wurden. Soweit, so schlecht, aber leider wird's noch schlimmer: Leider lässt sich nämlich die Berichtsdatei (mit den 10 Funden) in Avira nicht öffnen - es kam gerade beim Aufrufen eine Fehlermeldung, dass die Datei nicht gefunden werden könne. Auch die "Ausgewählte Ereignisse exportieren"-Funktion bei den Ereignissen in Avira funktioniert nicht (ich habe schon gelesen, dass Letzteres bei Win 7 wohl häufiger vorkommt?). Bei Quarantäne funktioniert es dann aber doch: Zitat:
Die einzigen Symptome, die ich bisher habe, sind, dass mein Computer langsamer geworden ist und teils nicht reagiert sowie beim letzten Mal Hochfahren die Fehlermeldung "Cannot create System Shell Notification Icon". Hier auf jeden Fall das Malwarebytes-Logfile: Zitat:
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Shanghai (administrator) on SHANGHAI-PC on 15-01-2014 14:12:17
Running from C:\Users\Shanghai\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll ()
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-04-29]
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-02]
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0 [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-02]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.1_0 [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Gmail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 14:12 - 2014-01-15 14:13 - 00023797 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Downloads\FRST64.exe
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:51 - 2014-01-14 09:52 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-15 00:36 - 00000224 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-15 00:36 - 00002016 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-15 13:08 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-11 19:19 - 2014-01-11 19:21 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{F9A64F7E-E673-4A9D-8153-FAAA3FA2BA0F}
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{0148E21F-A698-4A5A-8C6E-D8B18434C67A}
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{757E4A2F-0855-480C-B082-BE9CD2BBCA4F}
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{7D16F4ED-AA28-4465-AF66-A813E1CCF8C8}
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 10:50 - 2013-12-24 10:50 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{694B2CC0-507B-42FD-A6CB-BE31C1656BF6}
2013-12-24 09:59 - 2013-12-24 10:01 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-19 09:14 - 2013-12-19 09:01 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
==================== One Month Modified Files and Folders =======
2014-01-15 14:13 - 2014-01-15 14:12 - 00023797 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Downloads\FRST64.exe
2014-01-15 13:29 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 13:11 - 2012-02-16 20:06 - 01429986 _____ C:\Windows\WindowsUpdate.log
2014-01-15 13:08 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-15 00:44 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 00:44 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 00:41 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-15 00:41 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-15 00:41 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 00:37 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 00:36 - 2014-01-12 15:01 - 00000224 _____ C:\Windows\setupact.log
2014-01-15 00:36 - 2014-01-12 15:00 - 00002016 _____ C:\Windows\PFRO.log
2014-01-15 00:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:52 - 2014-01-14 09:51 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:40 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 17:59 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:11 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-11 19:21 - 2014-01-11 19:19 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{F9A64F7E-E673-4A9D-8153-FAAA3FA2BA0F}
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{0148E21F-A698-4A5A-8C6E-D8B18434C67A}
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{757E4A2F-0855-480C-B082-BE9CD2BBCA4F}
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{7D16F4ED-AA28-4465-AF66-A813E1CCF8C8}
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:50 - 2013-12-24 10:50 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{694B2CC0-507B-42FD-A6CB-BE31C1656BF6}
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 10:01 - 2013-12-24 09:59 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-19 09:01 - 2013-12-19 09:14 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
2013-12-18 23:40 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2013-12-17 12:37 - 2013-12-07 11:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Files to move or delete:
====================
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
C:\Users\Shanghai\AppData\Local\Temp\_is6FF3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:32
==================== End Of Log ============================
--- --- --- --- --- --- und die additional: Zitat:
Was braucht ihr, was soll ich löschen, wie soll ich vorgehen oder ist nach so langem Virenbefall sowieso davon auszugehen, dass eine Formatierung nötig sein wird  ? Ich bin mit meinen Latein wirklich am Ende und würde mich sehr sehr freuen, wenn sich jemand meines Problems annehmen würde. Vielen vielen Dank schonmal im Voraus! Lisa Geändert von wei.lisha (15.01.2014 um 14:23 Uhr) |
|
15.01.2014, 14:43
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.Conduit.A und HTML/Framer.DO.254 hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
|
15.01.2014, 15:20
| #3 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo!
__________________Vielen Dank für die schnelle Antwort schonmal! Fraut mich sehr  . Hier der gmer-logfile:Code:
ATTFilter ComboFix 14-01-14.02 - Shanghai 15.01.2014 15:09:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8105.5993 [GMT 1:00]
ausgeführt von:: c:\users\Shanghai\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\Roaming
c:\users\Shanghai\AppData\Roaming\baidu\hao123
c:\users\Shanghai\AppData\Roaming\baidu\hao123\hao123.ico
c:\windows\Downloaded Program Files\13078437
c:\windows\Downloaded Program Files\13078437\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\13078437\npxbdsetup.dll
c:\windows\Downloaded Program Files\88446872
c:\windows\Downloaded Program Files\88446872\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\88446872\npxbdsetup.dll
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.16_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-15 bis 2014-01-15 ))))))))))))))))))))))))))))))
.
.
2014-01-15 14:12 . 2014-01-15 14:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-15 14:12 . 2014-01-15 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-15 13:12 . 2014-01-15 13:12 -------- d-----w- C:\FRST
2014-01-14 20:02 . 2014-01-14 20:02 -------- d-----w- c:\users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 20:00 . 2014-01-14 20:00 -------- d-----w- c:\programdata\Malwarebytes
2014-01-14 20:00 . 2014-01-14 20:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-14 20:00 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-12 13:30 . 2014-01-12 13:30 -------- d-----w- c:\program files\CCleaner
2014-01-12 13:20 . 2014-01-12 13:20 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-01-12 13:20 . 2014-01-15 12:08 -------- d-----w- c:\programdata\Spyware Terminator
2014-01-12 13:20 . 2014-01-12 13:20 -------- d-----w- c:\users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 13:20 . 2014-01-12 13:20 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-12-24 08:58 . 2004-08-09 16:43 94208 ----a-w- c:\windows\AMCap.exe
2013-12-24 08:58 . 2013-12-24 08:58 -------- d-----w- c:\windows\Pixart
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-21 02:23 . 2013-03-06 11:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-21 02:23 . 2013-03-06 11:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-17 11:37 . 2013-12-07 10:51 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 11:37 . 2013-12-07 10:51 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 11:37 . 2013-12-07 10:51 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-15 15:56 . 2012-07-07 08:01 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 00:46 . 2013-12-11 00:46 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-11 00:46 . 2013-12-11 00:46 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-11 00:46 . 2013-12-11 00:46 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-11 00:46 . 2013-12-11 00:46 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-11 00:46 . 2013-12-11 00:46 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-11 00:46 . 2013-12-11 00:46 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-11 00:46 . 2013-12-11 00:46 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-11 00:46 . 2013-12-11 00:46 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-11 00:46 . 2013-12-11 00:46 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-11 00:46 . 2013-12-11 00:46 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-11 00:46 . 2013-12-11 00:46 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-11 00:46 . 2013-12-11 00:46 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-11 00:46 . 2013-12-11 00:46 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-11 00:46 . 2013-12-11 00:46 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-11 00:46 . 2013-12-11 00:46 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-11 00:46 . 2013-12-11 00:46 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-11 00:46 . 2013-12-11 00:46 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 00:46 . 2013-12-11 00:46 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-11 00:46 . 2013-12-11 00:46 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-11 00:46 . 2013-12-11 00:46 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-11 00:46 . 2013-12-11 00:46 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-11 00:46 . 2013-12-11 00:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-11 00:46 . 2013-12-11 00:46 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-11 00:46 . 2013-12-11 00:46 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-11 00:46 . 2013-12-11 00:46 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-11 00:46 . 2013-12-11 00:46 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-11 00:46 . 2013-12-11 00:46 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-11 00:46 . 2013-12-11 00:46 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-11 00:46 . 2013-12-11 00:46 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-11 00:46 . 2013-12-11 00:46 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-11 00:46 . 2013-12-11 00:46 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-11 00:46 . 2013-12-11 00:46 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-11 00:46 . 2013-12-11 00:46 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-11 00:46 . 2013-12-11 00:46 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-11 00:46 . 2013-12-11 00:46 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-11 00:46 . 2013-12-11 00:46 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-11 00:46 . 2013-12-11 00:46 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-11 00:46 . 2013-12-11 00:46 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-11 00:46 . 2013-12-11 00:46 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-11 00:46 . 2013-12-11 00:46 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-11 00:46 . 2013-12-11 00:46 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-11 00:46 . 2013-12-11 00:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-11 00:46 . 2013-12-11 00:46 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-11 00:46 . 2013-12-11 00:46 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-11 00:46 . 2013-12-11 00:46 413696 ----a-w- c:\windows\system32\html.iec
2013-12-11 00:46 . 2013-12-11 00:46 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 00:46 . 2013-12-11 00:46 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-11 00:46 . 2013-12-11 00:46 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-11 00:46 . 2013-12-11 00:46 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-11 00:46 . 2013-12-11 00:46 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-11 00:46 . 2013-12-11 00:46 235520 ----a-w- c:\windows\system32\url.dll
2013-12-11 00:46 . 2013-12-11 00:46 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-11 00:46 . 2013-12-11 00:46 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-11 00:46 . 2013-12-11 00:46 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-11 00:46 . 2013-12-11 00:46 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-11 00:46 . 2013-12-11 00:46 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-11 00:46 . 2013-12-11 00:46 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-11 00:46 . 2013-12-11 00:46 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-11 00:46 . 2013-12-11 00:46 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-15 15:59 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-15 15:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-15 15:59 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-15 15:59 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-15 15:59 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-15 15:59 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-15 15:59 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-15 15:59 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-15 15:59 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-15 15:59 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-15 15:59 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-15 15:59 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-15 15:59 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-15 15:59 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-15 15:59 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-15 15:59 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-15 15:59 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-15 15:59 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-15 15:59 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-15 15:59 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-15 15:59 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-15 15:59 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-15 15:59 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-15 15:59 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-14 16:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-14 16:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 11:01 . 2013-12-07 10:51 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-12 02:23 . 2013-12-14 16:19 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-14 16:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-14 16:19 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-14 16:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-14 16:19 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-14 16:19 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-14 16:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oaojamcjux"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2013-05-17 101728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IME14 CHS Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 81200]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
.
c:\users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
oaojamcjux..vbs [2013-9-20 74064]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2011-4-12 375296]
newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2012-2-17 931096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
IME File REG_SZ IMSCE14.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys;c:\windows\SYSNATIVE\DRIVERS\asvpndrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys;c:\windows\SYSNATIVE\DRIVERS\tapstrong.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;d:\programme\Avira\AntiVir Desktop\avwebg7.exe;d:\programme\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;d:\programme\Avira\AntiVir Desktop\sched.exe;d:\programme\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FFLIRKOG
*Deregistered* - fflirkog
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 13:54 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02 12:43]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shanghai\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"IME14 CHS Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 110896]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://spon.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = wew.wewzz.info:80
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Shanghai\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Zanzarah - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-15 15:14:34
ComboFix-quarantined-files.txt 2014-01-15 14:14
.
Vor Suchlauf: 12 Verzeichnis(se), 19.408.089.088 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 19.464.216.576 Bytes frei
.
- - End Of File - - A3C27310E559EFB35738EF4AB4A83F79
Tut mir Leid wegen der falschen Logfile-Eingabe in meinem ersten Post - soll ich die Sachen nochmal als Code einfügen? edit: Immer wieder mal was Neues: In der Taskleiste werden jetzt anstatt normalerweise so 8 oder 9 Symbolen nur noch 6 angezeigt. Avira zB auch nicht. Ist das unbedenklich? edit2: Letzteres Problem hat sich durch einen Neustart beheben lassen. Beste Grüße, Lisa Geändert von wei.lisha (15.01.2014 um 15:38 Uhr) |
|
16.01.2014, 09:02
| #4 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2014, 20:03
| #5 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo Schrauber, 1000 Dank mal wieder - hier die angeforderten logs: 1. FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Shanghai (administrator) on SHANGHAI-PC on 16-01-2014 19:51:43
Running from C:\Users\Shanghai\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Spotify Ltd) C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll No File
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-02]
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0 [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-02]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.1_0 [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-16 19:51 - 2014-01-16 19:51 - 00021468 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:28 - 2014-01-16 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 19:31 - 2014-01-15 19:33 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:08 - 2014-01-15 15:14 - 00000000 ____D C:\Qoobox
2014-01-15 15:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-15 15:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-15 15:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-15 15:07 - 2014-01-15 15:13 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:12 - 2014-01-15 14:13 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-15 13:10 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:10 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:51 - 2014-01-14 09:52 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-16 19:33 - 00000504 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-15 15:27 - 00002568 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-16 19:34 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-11 19:19 - 2014-01-11 19:21 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 09:59 - 2013-12-24 10:01 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-19 09:14 - 2013-12-19 09:01 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
==================== One Month Modified Files and Folders =======
2014-01-16 19:52 - 2014-01-16 19:51 - 00021468 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:41 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 19:41 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:39 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-16 19:39 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-16 19:39 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:34 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-16 19:33 - 2014-01-12 15:01 - 00000504 _____ C:\Windows\setupact.log
2014-01-16 19:33 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 19:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 19:32 - 2012-02-16 20:06 - 01885093 _____ C:\Windows\WindowsUpdate.log
2014-01-16 19:31 - 2014-01-16 19:28 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:29 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 16:11 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:41 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-16 12:47 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-15 20:01 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2014-01-15 19:33 - 2014-01-15 19:31 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:31 - 2009-07-14 05:45 - 00413128 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 15:27 - 2014-01-12 15:00 - 00002568 _____ C:\Windows\PFRO.log
2014-01-15 15:26 - 2013-08-07 10:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:25 - 2012-07-07 09:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:14 - 2014-01-15 15:08 - 00000000 ____D C:\Qoobox
2014-01-15 15:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-15 15:13 - 2014-01-15 15:07 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:13 - 2014-01-15 14:12 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:52 - 2014-01-14 09:51 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:40 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-11 19:21 - 2014-01-11 19:19 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 10:01 - 2013-12-24 09:59 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-19 09:01 - 2013-12-19 09:14 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
2013-12-17 12:37 - 2013-12-07 11:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Files to move or delete:
====================
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
C:\Users\Shanghai\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:32
==================== End Of Log ============================
--- --- --- --- --- --- 2. MBAM Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Shanghai :: SHANGHAI-PC [Administrator] Schutz: Aktiviert 16.01.2014 12:47:42 mbam-log-2014-01-16 (12-47-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263268 Laufzeit: 6 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 16/01/2014 um 19:31:22
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Shanghai - SHANGHAI-PC
# Gestartet von : C:\Users\Shanghai\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Ordner Gelöscht : C:\Users\Shanghai\AppData\Local\baidu
Ordner Gelöscht : C:\Users\Shanghai\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Shanghai\AppData\LocalLow\baidu
Ordner Gelöscht : C:\Users\Shanghai\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Shanghai\AppData\Roaming\baidu
Ordner Gelöscht : C:\Users\Shanghai\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v
[ Datei : C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\prefs.js ]
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3615 octets] - [16/01/2014 19:29:06]
AdwCleaner[S0].txt - [3426 octets] - [16/01/2014 19:31:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3486 octets] ##########
Und JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Shanghai on 16.01.2014 at 19:40:33,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoB878.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{0148E21F-A698-4A5A-8C6E-D8B18434C67A}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{016F8AC1-E720-460B-AABC-D2885FE1E0E7}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{0BE6A209-3418-491D-97BE-0042A7B62997}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{1390A96A-686D-45B8-A7E6-611055F224F8}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{174B7E2F-2FEE-4D31-B954-EB034046A2FB}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{1E9B2D0D-99E1-4CC2-B27D-BC69A66DC733}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{2A5CA257-05AF-466E-87E3-C39463E9BEB3}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{30CD4278-D741-4512-A5B5-20BCE2A6D366}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{390F0276-30DB-48A4-AB80-5A291AC022F8}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{469D521A-9440-480A-BD9F-7539F102684F}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{47F16648-B2EE-4DAC-B3A0-3FC0752666BE}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{497A575A-3A20-488E-AECD-08618F6E6685}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{532AA0B7-CECF-4030-BD73-8CB727C8A30E}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{58644C67-03BB-40D8-A3EB-112190239349}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{694B2CC0-507B-42FD-A6CB-BE31C1656BF6}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{6C55CA12-5993-4556-9081-6B14029C8FE7}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{6EBB6C22-C24F-4E60-A29B-8574DCE79CC2}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{706713C9-1691-4333-B9A0-798A53D8E8F7}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{757E4A2F-0855-480C-B082-BE9CD2BBCA4F}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{7D16F4ED-AA28-4465-AF66-A813E1CCF8C8}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{86C63434-C8E4-4ECB-B4D6-8E4E7C809F38}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{8CF8728D-1E8A-4013-A8CF-35842BAACCFE}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{9786353B-B5FD-462F-9AC8-45B3BFF22D0B}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{9FC274CE-492C-48B6-914E-75D89BA4A3A3}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{A7156C26-434E-4ABB-919C-902166FDCC74}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{AA8CC7AF-CD1F-48C5-AC43-DDD240161F4D}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{ABFAB850-BCBA-463C-AF4A-46E09CF9A320}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{C09ABCA1-7332-4C89-ACA9-46F20646DB2F}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{C1C38A08-81FE-4D25-A62C-F3DFE391CDEC}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{CCC410E4-9F44-4AAF-A209-E066867DD548}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{D75896B3-56FB-4B65-8BF4-8C431DDAF421}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{DB4BCB2D-FBE6-4582-B22F-79D152E1A7BB}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{E2658524-C632-4A71-93B7-2B8B08201585}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{E9F135D1-105E-4D10-9FFD-CD2DCE349520}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{EA93C867-06A7-4818-A1E4-F5B4AB498D09}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{EE150598-2DD8-4743-95B4-6AE4E477F040}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{F209EF13-AD80-4797-BB4D-3A6EEC10AFC8}
Successfully deleted: [Empty Folder] C:\Users\Shanghai\appdata\local\{F9A64F7E-E673-4A9D-8153-FAAA3FA2BA0F}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2014 at 19:47:41,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Einmal mehr: Vielen Dank! Beste Grüße, Lisa |
|
17.01.2014, 16:30
| #6 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> PUP.Optional.Conduit.A und HTML/Framer.DO.254 |
|
17.01.2014, 22:11
| #7 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo schrauber! Danke mal wieder ! Leider scheint (noch) nicht alles okay zu sein - ESET hat Trojaner gefunden. Insgesamt hab ich aber den Eindruck, dass der Computer sich wieder "normaler" benutzen lässt. Hier das log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6c522799901c1245906907047037f843
# engine=16694
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-17 07:20:53
# local_time=2014-01-17 08:20:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 14734 4871980 7508 0
# compatibility_mode=5893 16776574 100 94 3576578 141616303 0 0
# compatibility_mode=7937 16777214 28 75 457212 25031701 0 0
# scanned=202386
# found=5
# cleaned=0
# scan_time=10676
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Kryptik.N trojan" ac=I fn="C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs"
sh=EECEAC69EF16D68815E5D9D876054A575B3AA961 ft=0 fh=0000000000000000 vn="VBS/Kryptik.N trojan" ac=I fn="C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs"
sh=6D6E078A19A96FBB1F2CDA24E10C740E1060F5F6 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="D:\Documents\Studium1\Master\ManeKo\v1_Case Studies.lnk"
sh=6D6E078A19A96FBB1F2CDA24E10C740E1060F5F6 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="F:\Master\ManeKo\v1_Case Studies.lnk"
sh=C7E46EEBFEC0C037B51854413244FED440307654 ft=0 fh=0000000000000000 vn="VBS/Kryptik.N trojan" ac=I fn="F:\SHANGHAI-PC\Backup Set 2014-01-12 190001\Backup Files 2014-01-12 190001\Backup files 1.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Mozilla Thunderbird (24.2.0) Google Chrome 31.0.1650.63 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe MALWAREBYTES' ANTI-MALWARE MBAMSCHEDULER.EXE `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Shanghai (administrator) on SHANGHAI-PC on 17-01-2014 22:02:26
Running from C:\Users\Shanghai\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Spotify Ltd) C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Shanghai\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll No File
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-02]
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0 [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-02]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.1_0 [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-16 19:51 - 2014-01-17 22:02 - 00022057 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:28 - 2014-01-16 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 19:31 - 2014-01-15 19:33 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:08 - 2014-01-15 15:14 - 00000000 ____D C:\Qoobox
2014-01-15 15:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-15 15:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-15 15:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-15 15:07 - 2014-01-15 15:13 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:12 - 2014-01-15 14:13 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-15 13:10 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:10 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:51 - 2014-01-14 09:52 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-17 12:51 - 00000560 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-15 15:27 - 00002568 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-17 12:51 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-11 19:19 - 2014-01-11 19:21 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 09:59 - 2013-12-24 10:01 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-19 09:14 - 2013-12-19 09:01 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
==================== One Month Modified Files and Folders =======
2014-01-17 22:03 - 2014-01-16 19:51 - 00022057 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 21:52 - 2012-02-16 20:06 - 01932025 _____ C:\Windows\WindowsUpdate.log
2014-01-17 21:51 - 2012-06-19 17:35 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Tropico 4
2014-01-17 21:29 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 18:29 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-17 17:20 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-17 17:20 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-17 17:20 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 17:18 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-17 12:59 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 12:59 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 12:51 - 2014-01-12 15:01 - 00000560 _____ C:\Windows\setupact.log
2014-01-17 12:51 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-17 12:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:31 - 2014-01-16 19:28 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 16:11 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:41 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 20:01 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2014-01-15 19:33 - 2014-01-15 19:31 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:31 - 2009-07-14 05:45 - 00413128 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 15:27 - 2014-01-12 15:00 - 00002568 _____ C:\Windows\PFRO.log
2014-01-15 15:26 - 2013-08-07 10:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:25 - 2012-07-07 09:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:14 - 2014-01-15 15:08 - 00000000 ____D C:\Qoobox
2014-01-15 15:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-15 15:13 - 2014-01-15 15:07 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:13 - 2014-01-15 14:12 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:52 - 2014-01-14 09:51 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:40 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-11 19:21 - 2014-01-11 19:19 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 10:01 - 2013-12-24 09:59 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-19 09:01 - 2013-12-19 09:14 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
Files to move or delete:
====================
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
C:\Users\Shanghai\AppData\Local\Temp\Quarantine.exe
C:\Users\Shanghai\AppData\Local\Temp\SIntf16.dll
C:\Users\Shanghai\AppData\Local\Temp\SIntf32.dll
C:\Users\Shanghai\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:32
==================== End Of Log ============================
--- --- --- Tut mir Leid, dass ich meinen Computer so verhunzt habe :'D! Was muss jetzt noch getan werden? Besten Dank und viele Grüße, Lisa |
|
18.01.2014, 08:35
| #8 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2014, 15:25
| #9 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo schrauber! Hier der fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014 01
Ran by Shanghai at 2014-01-18 15:13:48 Run:1
Running from C:\Users\Shanghai\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs
HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
*****************
C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\oaojamcjux => Value deleted successfully.
Could not move "C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs" => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-18 15:17:03)<=
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs => Is moved successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Shanghai (administrator) on SHANGHAI-PC on 18-01-2014 15:23:59
Running from C:\Users\Shanghai\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Spotify Ltd) C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-11] (Spotify Ltd)
HKCU\...\Run: [oaojamcjux] - wscript.exe //B "C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs" <===== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll No File
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-02]
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0 [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-02]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.1_0 [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-16 19:51 - 2014-01-18 15:24 - 00021533 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:28 - 2014-01-16 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 19:31 - 2014-01-15 19:33 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:08 - 2014-01-15 15:14 - 00000000 ____D C:\Qoobox
2014-01-15 15:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-15 15:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-15 15:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-15 15:07 - 2014-01-15 15:13 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:12 - 2014-01-18 15:17 - 00000000 ____D C:\FRST
2014-01-15 14:12 - 2014-01-15 14:13 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-15 13:10 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:10 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:51 - 2014-01-14 09:52 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-18 15:15 - 00000672 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-18 13:30 - 00003402 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-18 13:34 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-11 19:19 - 2014-01-11 19:21 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-19 09:14 - 2013-12-19 09:01 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
==================== One Month Modified Files and Folders =======
2014-01-18 15:24 - 2014-01-16 19:51 - 00021533 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-18 15:23 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 15:23 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 15:21 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-18 15:21 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-18 15:21 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 15:19 - 2012-02-16 20:06 - 01972013 _____ C:\Windows\WindowsUpdate.log
2014-01-18 15:17 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-18 15:15 - 2014-01-12 15:01 - 00000672 _____ C:\Windows\setupact.log
2014-01-18 15:15 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 15:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 15:13 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 14:29 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 13:34 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-18 13:30 - 2014-01-12 15:00 - 00003402 _____ C:\Windows\PFRO.log
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 21:51 - 2012-06-19 17:35 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Tropico 4
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-17 17:18 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:31 - 2014-01-16 19:28 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 16:11 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 15:27 - 2014-01-16 15:27 - 01615760 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO7.pptx
2014-01-16 13:41 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-16 13:39 - 2014-01-16 13:39 - 01616607 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO6.pptx
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 20:01 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2014-01-15 19:33 - 2014-01-15 19:31 - 01876009 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO4.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:31 - 2009-07-14 05:45 - 00413128 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 15:26 - 2013-08-07 10:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:25 - 2012-07-07 09:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:14 - 2014-01-15 15:08 - 00000000 ____D C:\Qoobox
2014-01-15 15:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-15 15:13 - 2014-01-15 15:07 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:13 - 2014-01-15 14:12 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:52 - 2014-01-14 09:51 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-11 19:21 - 2014-01-11 19:19 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-19 09:01 - 2013-12-19 09:14 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
C:\Users\Shanghai\AppData\Local\Temp\Quarantine.exe
C:\Users\Shanghai\AppData\Local\Temp\SIntf16.dll
C:\Users\Shanghai\AppData\Local\Temp\SIntf32.dll
C:\Users\Shanghai\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:32
==================== End Of Log ============================
--- --- --- Danke ! Beste Grüße, Lisa |
|
19.01.2014, 10:07
| #10 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [oaojamcjux] - wscript.exe //B "C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs" <===== ATTENTION
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2014, 12:58
| #11 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo schrauber! Ganz besonders dickes Dankeschön für die Hilfe auch am Sonntag ! Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014
Ran by Shanghai at 2014-01-19 12:48:25 Run:2
Running from C:\Users\Shanghai\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [oaojamcjux] - wscript.exe //B "C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs" <===== ATTENTION
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\oaojamcjux => Value deleted successfully.
"C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs" => File/Directory not found.
==== End of Fixlog ====
... und hier das FRST-log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by Shanghai (administrator) on SHANGHAI-PC on 19-01-2014 12:53:08
Running from C:\Users\Shanghai\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Shanghai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll No File
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-26]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-26]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-12]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2013-10-05]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Google Mail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-26]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-19 12:50 - 2014-01-19 12:50 - 00448512 _____ (OldTimer Tools) C:\Users\Shanghai\Desktop\TFC.exe
2014-01-19 12:48 - 2014-01-19 12:48 - 00000000 ____D C:\Users\Shanghai\Desktop\FRST-OlderVersion
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-16 19:51 - 2014-01-19 12:53 - 00020407 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:28 - 2014-01-16 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:08 - 2014-01-15 15:14 - 00000000 ____D C:\Qoobox
2014-01-15 15:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-15 15:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-15 15:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-15 15:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-15 15:07 - 2014-01-15 15:13 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:12 - 2014-01-19 12:48 - 00000000 ____D C:\FRST
2014-01-15 14:12 - 2014-01-15 14:13 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:11 - 2014-01-19 12:48 - 02076672 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-15 13:10 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:10 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:10 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-18 15:15 - 00000672 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-18 13:30 - 00003402 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-18 13:34 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
==================== One Month Modified Files and Folders =======
2014-01-19 12:53 - 2014-01-16 19:51 - 00020407 _____ C:\Users\Shanghai\Desktop\FRST.txt
2014-01-19 12:50 - 2014-01-19 12:50 - 00448512 _____ (OldTimer Tools) C:\Users\Shanghai\Desktop\TFC.exe
2014-01-19 12:50 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-19 12:48 - 2014-01-19 12:48 - 00000000 ____D C:\Users\Shanghai\Desktop\FRST-OlderVersion
2014-01-19 12:48 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-19 12:48 - 2014-01-15 14:11 - 02076672 _____ (Farbar) C:\Users\Shanghai\Desktop\FRST64.exe
2014-01-19 12:46 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 18:29 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 15:23 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 15:23 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 15:21 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-18 15:21 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-18 15:21 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 15:19 - 2012-02-16 20:06 - 01990221 _____ C:\Windows\WindowsUpdate.log
2014-01-18 15:15 - 2014-01-12 15:01 - 00000672 _____ C:\Windows\setupact.log
2014-01-18 15:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 15:13 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 13:34 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-18 13:30 - 2014-01-12 15:00 - 00003402 _____ C:\Windows\PFRO.log
2014-01-17 21:57 - 2014-01-17 21:57 - 00987425 _____ C:\Users\Shanghai\Desktop\SecurityCheck.exe
2014-01-17 21:51 - 2012-06-19 17:35 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Tropico 4
2014-01-17 17:20 - 2014-01-17 17:20 - 02347384 _____ (ESET) C:\Users\Shanghai\Downloads\esetsmartinstaller_enu.exe
2014-01-17 17:18 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-16 19:47 - 2014-01-16 19:47 - 00004981 _____ C:\Users\Shanghai\Desktop\JRT.txt
2014-01-16 19:40 - 2014-01-16 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-16 19:39 - 2014-01-16 19:39 - 01037068 _____ (Thisisu) C:\Users\Shanghai\Desktop\JRT.exe
2014-01-16 19:34 - 2014-01-16 19:34 - 00003574 _____ C:\Users\Shanghai\Desktop\AdwCleaner[S0].txt
2014-01-16 19:31 - 2014-01-16 19:28 - 00000000 ____D C:\AdwCleaner
2014-01-16 19:27 - 2014-01-16 19:27 - 01236282 _____ C:\Users\Shanghai\Desktop\adwcleaner.exe
2014-01-16 16:11 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 12:48 - 2014-01-16 12:48 - 01881879 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO5.pptx
2014-01-15 20:01 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2014-01-15 19:02 - 2014-01-15 19:02 - 01554891 _____ C:\Users\Shanghai\Downloads\IPR presentation (4).pptx
2014-01-15 18:54 - 2014-01-15 18:54 - 01554359 _____ C:\Users\Shanghai\Downloads\IPR presentation (3).pptx
2014-01-15 15:31 - 2009-07-14 05:45 - 00413128 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 15:26 - 2013-08-07 10:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:25 - 2012-07-07 09:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:14 - 2014-01-15 15:14 - 00031208 _____ C:\ComboFix.txt
2014-01-15 15:14 - 2014-01-15 15:08 - 00000000 ____D C:\Qoobox
2014-01-15 15:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-15 15:13 - 2014-01-15 15:07 - 00000000 ____D C:\Windows\erdnt
2014-01-15 15:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-15 15:05 - 2014-01-15 15:05 - 05165717 ____R (Swearware) C:\Users\Shanghai\Desktop\ComboFix.exe
2014-01-15 15:01 - 2014-01-15 15:01 - 00028453 _____ C:\Users\Shanghai\Desktop\Gmer.txt
2014-01-15 14:24 - 2014-01-15 14:24 - 00377856 _____ C:\Users\Shanghai\Downloads\oo3ubflv.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00377856 _____ C:\Users\Shanghai\Downloads\gmer_2.1.19163.exe
2014-01-15 14:13 - 2014-01-15 14:13 - 00029625 _____ C:\Users\Shanghai\Downloads\Addition.txt
2014-01-15 14:13 - 2014-01-15 14:12 - 00040910 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 00:04
==================== End Of Log ============================
Beste Grüße, Lisa |
|
20.01.2014, 11:04
| #12 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254 noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2014, 12:20
| #13 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo! Ich glaube nicht ! Also es scheint sich alles wieder normal zu verhalten - vielen, vielen Dank dafür! Ich weiß, ich hab dich schon lang genug in Beschlag genommen, aber vielleicht hast du ja noch den ein oder anderen Tipp, wie ich meinen Computer am besten aufstelle, damit das nach Möglichkeit nicht nochmal passiert? Vielen Dank noch einmal - ich werd mich mit ner kleinen Spende beim Trojaner-Board erkenntlich zeigen . Ich freu mich!Beste Grüße, Lisa |
|
21.01.2014, 09:43
| #14 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2014, 02:03
| #15 |
| | PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo schrauber! Ich hab das mal ne Woche hier so laufen lassen, um sicher zu gehen, und es scheint alles perfekt zu sein !Muss man bei der Verwendung von winpatrol noch irgendetwas wissen? 10000 Mal Danke! Beste Grüße, Lisa |
|
| Themen zu PUP.Optional.Conduit.A und HTML/Framer.DO.254 |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, administrator, anti-malware, antivir, appdata, avira funktioniert nicht, befall, ccsetup, dateien, device driver, dvdvideosoft ltd., fehlermeldung, formatierung, funktioniert nicht, gelöscht, hotspot, html/framer.do.254, internet, lnk/agent.ak, löschen, nicht mehr, nicht öffnen, not, programme, prüfen, pup.optional.conduit.a, registry, spyware, vbs/kryptik.n, öffnen |
Linear-Darstellung
