| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.Conduit.A und HTML/Framer.DO.254Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.01.2014, 14:05
| #1 | |||
| |  PUP.Optional.Conduit.A und HTML/Framer.DO.254 Hallo allerseits! Ich habe jetzt seit (wahrscheinlich) schon ein paar Wochen Probleme mit Viren auf meinem Computer. Neulich habe ich jemandem per USB-Stick Dateien weitergegeben und derjenige hatte dann offenbar gleich eine Vielzahl von Viren-Warnungen auf seinem Laptop. Die Person hat mir das dann mitgeteilt und leider, leider habe ich erst dann bemerkt, dass Avira die eigentlich wöchentlich angesetzte Systemprüfung schon seit Wochen einfach nicht mehr gemacht hatte. Dann habe ich natürlich sofort Avira eine Systemprüfung machen lassen, wobei auch ganze 10 Viren (Malware) gefunden wurden. Soweit, so schlecht, aber leider wird's noch schlimmer: Leider lässt sich nämlich die Berichtsdatei (mit den 10 Funden) in Avira nicht öffnen - es kam gerade beim Aufrufen eine Fehlermeldung, dass die Datei nicht gefunden werden könne. Auch die "Ausgewählte Ereignisse exportieren"-Funktion bei den Ereignissen in Avira funktioniert nicht (ich habe schon gelesen, dass Letzteres bei Win 7 wohl häufiger vorkommt?). Bei Quarantäne funktioniert es dann aber doch: Zitat:
Die einzigen Symptome, die ich bisher habe, sind, dass mein Computer langsamer geworden ist und teils nicht reagiert sowie beim letzten Mal Hochfahren die Fehlermeldung "Cannot create System Shell Notification Icon". Hier auf jeden Fall das Malwarebytes-Logfile: Zitat:
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Shanghai (administrator) on SHANGHAI-PC on 15-01-2014 14:12:17
Running from C:\Users\Shanghai\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [oaojamcjux] - C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs [74064 2013-09-20] () <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oaojamcjux..vbs ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyServer: wew.wewzz.info:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64FF4B9384CFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spon.de/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {0F31B8DF-D225-4DCF-8372-A296640F6232} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {188166B1-EF6D-4768-A303-5AB95409DAB1} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
SearchScopes: HKCU - {47585EF1-04ED-4DE8-BD2F-C3F966B2A167} URL =
SearchScopes: HKCU - {76D381AD-211C-44F0-B291-75A316523EBB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9E00DC4A-8F77-4EE0-A235-D138EA1DEC0E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\13078437\npxbdsetup.dll ()
FF Plugin-x32: @baidu.com/npxbdyy - C:\Program Files (x86)\baidu\iQyBaiduVideoBrowser\Application\BaiduPlayerPlugin\npxbdyy.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Shanghai\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shanghai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-04-29]
FF Extension: Personas - C:\Users\Shanghai\AppData\Roaming\Mozilla\Firefox\Profiles\grfk10hp.default\Extensions\personas@christopher.beard.xpi [2012-02-16]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-02]
CHR Extension: (YouTube) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-02]
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0 [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-02]
CHR Extension: (AdBlock) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]
CHR Extension: (Chrome to Mobile) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.1_0 [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Gmail) - C:\Users\Shanghai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-05-09] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-12] (Windows (R) Win 7 DDK provider)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 14:12 - 2014-01-15 14:13 - 00023797 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Downloads\FRST64.exe
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:00 - 2014-01-14 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 21:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:51 - 2014-01-14 09:52 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:04 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:03 - 2014-01-12 16:04 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-15 00:36 - 00000224 _____ C:\Windows\setupact.log
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 15:00 - 2014-01-15 00:36 - 00002016 _____ C:\Windows\PFRO.log
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-15 13:08 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-11 19:19 - 2014-01-11 19:21 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{F9A64F7E-E673-4A9D-8153-FAAA3FA2BA0F}
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{0148E21F-A698-4A5A-8C6E-D8B18434C67A}
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{757E4A2F-0855-480C-B082-BE9CD2BBCA4F}
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{7D16F4ED-AA28-4465-AF66-A813E1CCF8C8}
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2014-01-02 13:48 - 2014-01-04 13:52 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2013-12-24 10:50 - 2013-12-24 10:50 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{694B2CC0-507B-42FD-A6CB-BE31C1656BF6}
2013-12-24 09:59 - 2013-12-24 10:01 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:58 - 2004-08-09 17:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\AMCap.exe
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-19 09:14 - 2013-12-19 09:01 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
==================== One Month Modified Files and Folders =======
2014-01-15 14:13 - 2014-01-15 14:12 - 00023797 _____ C:\Users\Shanghai\Downloads\FRST.txt
2014-01-15 14:12 - 2014-01-15 14:12 - 00000000 ____D C:\FRST
2014-01-15 14:11 - 2014-01-15 14:11 - 02076160 _____ (Farbar) C:\Users\Shanghai\Downloads\FRST64.exe
2014-01-15 13:29 - 2013-10-02 13:43 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 13:11 - 2012-02-16 20:06 - 01429986 _____ C:\Windows\WindowsUpdate.log
2014-01-15 13:08 - 2014-01-12 14:20 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-15 00:44 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 00:44 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 00:41 - 2011-04-11 18:26 - 00697322 _____ C:\Windows\system32\perfh007.dat
2014-01-15 00:41 - 2011-04-11 18:26 - 00148328 _____ C:\Windows\system32\perfc007.dat
2014-01-15 00:41 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 00:37 - 2013-10-02 13:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 00:36 - 2014-01-12 15:01 - 00000224 _____ C:\Windows\setupact.log
2014-01-15 00:36 - 2014-01-12 15:00 - 00002016 _____ C:\Windows\PFRO.log
2014-01-15 00:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 23:37 - 2011-05-07 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 21:02 - 2014-01-14 21:02 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Malwarebytes
2014-01-14 21:01 - 2014-01-14 21:01 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-14 21:01 - 2014-01-14 21:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 21:00 - 2014-01-14 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 20:59 - 2014-01-14 20:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shanghai\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 09:52 - 2014-01-14 09:51 - 01850847 _____ C:\Users\Shanghai\Desktop\IPR&China&WTO3.pptx
2014-01-14 08:56 - 2014-01-14 08:56 - 01103371 _____ C:\Users\Shanghai\Downloads\IPR presentation (2).pptx
2014-01-14 08:33 - 2014-01-14 08:33 - 01857200 _____ C:\Users\Shanghai\Downloads\IPR&China&WTO1.pptx
2014-01-13 02:40 - 2012-02-16 20:08 - 00000000 ___RD C:\Users\Shanghai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 02:38 - 2014-01-13 02:38 - 00277143 _____ C:\Users\Shanghai\AppData\Local\census.cache
2014-01-13 02:38 - 2014-01-13 02:38 - 00125622 _____ C:\Users\Shanghai\AppData\Local\ars.cache
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64.exe
2014-01-13 02:13 - 2014-01-13 02:13 - 02405664 _____ (Trend Micro Inc.) C:\Users\Shanghai\Downloads\HousecallLauncher64 (1).exe
2014-01-13 02:13 - 2014-01-13 02:13 - 00000036 _____ C:\Users\Shanghai\AppData\Local\housecall.guid.cache
2014-01-12 19:16 - 2013-09-09 18:46 - 00105984 ___SH C:\Users\Shanghai\Desktop\Thumbs.db
2014-01-12 19:05 - 2014-01-12 19:05 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation (1).pptx
2014-01-12 19:05 - 2014-01-12 19:04 - 01116325 _____ C:\Users\Shanghai\Downloads\IPR presentation.pptx
2014-01-12 17:59 - 2012-05-07 19:03 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Dropbox
2014-01-12 16:04 - 2014-01-12 16:04 - 00002045 _____ C:\Users\Shanghai\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-01-12 16:04 - 2014-01-12 16:04 - 00001989 _____ C:\Users\Shanghai\Desktop\Avira EU-Cleaner.lnk
2014-01-12 16:04 - 2014-01-12 16:03 - 02209056 _____ C:\Users\Shanghai\Downloads\avira-eu-cleaner_de.exe
2014-01-12 15:01 - 2014-01-12 15:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 14:40 - 2013-01-04 16:43 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\uTorrent
2014-01-12 14:40 - 2012-02-26 21:00 - 00000000 ____D C:\Windows\Minidump
2014-01-12 14:40 - 2012-02-20 01:14 - 00000000 ____D C:\Users\Shanghai\AppData\Local\CrashDumps
2014-01-12 14:40 - 2011-04-11 02:10 - 00000000 ____D C:\Windows\Panther
2014-01-12 14:30 - 2014-01-12 14:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 14:30 - 2014-01-12 14:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 14:29 - 2014-01-12 14:29 - 03571656 _____ (Piriform Ltd) C:\Users\Shanghai\Downloads\ccsetup409_slim.exe
2014-01-12 14:20 - 2014-01-12 14:20 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-01-12 14:20 - 2014-01-12 14:20 - 00001044 _____ C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spyware Terminator
2014-01-12 14:20 - 2014-01-12 14:20 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2014-01-12 14:19 - 2014-01-12 14:19 - 05049344 _____ (Crawler.com ) C:\Users\Shanghai\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-01-12 12:12 - 2014-01-12 12:12 - 01084616 _____ C:\Users\Shanghai\Downloads\IPR_Teil_Dirk.pptx
2014-01-12 12:11 - 2013-04-07 12:50 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Spotify
2014-01-12 12:10 - 2012-02-16 21:01 - 00000000 ____D C:\Users\Shanghai\AppData\Roaming\Skype
2014-01-11 19:21 - 2014-01-11 19:19 - 00080562 _____ C:\Users\Shanghai\Desktop\IPR1.pptx
2014-01-10 12:59 - 2014-01-10 12:59 - 21620224 _____ C:\Users\Shanghai\Downloads\FontPack1000_zh_CN (1).msi
2014-01-08 15:09 - 2012-11-24 06:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-08 15:09 - 2012-02-16 21:01 - 00000000 ____D C:\ProgramData\Skype
2014-01-05 00:56 - 2014-01-05 00:56 - 00011264 ___SH C:\Users\Shanghai\Downloads\Thumbs.db
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ___SD C:\Users\Shanghai\Documents\Meine Datenquellen
2014-01-04 13:52 - 2014-01-02 13:48 - 00178764 _____ C:\Users\Shanghai\Desktop\Kopie von Akquise-Adressen_SGB XII_Stand 2013-12-02.xlsx
2014-01-04 12:59 - 2014-01-04 12:59 - 00000425 _____ C:\Users\Shanghai\Downloads\John.vcf
2014-01-04 12:59 - 2014-01-04 12:59 - 00000366 _____ C:\Users\Shanghai\Downloads\Nolting.vcf
2014-01-04 11:05 - 2014-01-04 11:05 - 00094208 _____ C:\Users\Shanghai\Downloads\Ansprechpartner_SGB_II_SGB_III_SGB_XII.xls
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{F9A64F7E-E673-4A9D-8153-FAAA3FA2BA0F}
2014-01-03 18:55 - 2014-01-03 18:55 - 00000344 _____ C:\Users\Shanghai\Downloads\Meenen.vcf
2014-01-02 20:11 - 2014-01-02 20:11 - 00000357 _____ C:\Users\Shanghai\Downloads\Wöhler.vcf
2014-01-02 20:10 - 2014-01-02 20:10 - 00000383 _____ C:\Users\Shanghai\Downloads\Basse.vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000462 _____ C:\Users\Shanghai\Downloads\Fachdienst 202 - Ausländerangelegenheiten, Integration und Standesamtsaufsicht .vcf
2014-01-02 20:09 - 2014-01-02 20:09 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{0148E21F-A698-4A5A-8C6E-D8B18434C67A}
2014-01-02 19:30 - 2014-01-02 19:30 - 00000165 _____ C:\Users\Shanghai\Downloads\Frau_Marianne_Kreutzer.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000141 _____ C:\Users\Shanghai\Downloads\Herr_Ulrich_Senge.vcf
2014-01-02 19:28 - 2014-01-02 19:28 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{757E4A2F-0855-480C-B082-BE9CD2BBCA4F}
2014-01-02 19:21 - 2014-01-02 19:21 - 00000560 _____ C:\Users\Shanghai\Downloads\vCard_herr_r._oelkers_2014-01-02.vcf
2014-01-02 19:21 - 2014-01-02 19:21 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{7D16F4ED-AA28-4465-AF66-A813E1CCF8C8}
2014-01-02 17:12 - 2014-01-02 17:12 - 00000301 _____ C:\Users\Shanghai\Downloads\Barbara_Grusla.vcf
2013-12-27 03:05 - 2012-02-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-27 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-24 10:50 - 2013-12-24 10:50 - 00000000 ____D C:\Users\Shanghai\AppData\Local\{694B2CC0-507B-42FD-A6CB-BE31C1656BF6}
2013-12-24 10:02 - 2013-12-07 13:49 - 00000000 ____D C:\Users\Shanghai\Documents\Youcam
2013-12-24 10:01 - 2013-12-24 09:59 - 567183872 _____ C:\Users\Shanghai\Desktop\cup
2013-12-24 09:58 - 2013-12-24 09:58 - 00000000 ____D C:\Windows\Pixart
2013-12-24 09:57 - 2013-12-24 09:57 - 16690856 _____ C:\Users\Shanghai\Downloads\15354_02.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 03:23 - 2013-03-06 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 03:21 - 2012-10-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-19 09:01 - 2013-12-19 09:14 - 88635913 _____ C:\Users\Shanghai\Desktop\FINAL 1Wissensmanagement.pptx
2013-12-18 23:40 - 2013-04-07 12:52 - 00000000 ____D C:\Users\Shanghai\AppData\Local\Spotify
2013-12-17 12:37 - 2013-12-07 11:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 12:37 - 2013-12-07 11:51 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Files to move or delete:
====================
C:\Users\Shanghai\AppData\Local\Temp\oaojamcjux..vbs
Some content of TEMP:
====================
C:\Users\Shanghai\AppData\Local\Temp\avgnt.exe
C:\Users\Shanghai\AppData\Local\Temp\_is6FF3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 16:32
==================== End Of Log ============================
--- --- --- --- --- --- und die additional: Zitat:
Was braucht ihr, was soll ich löschen, wie soll ich vorgehen oder ist nach so langem Virenbefall sowieso davon auszugehen, dass eine Formatierung nötig sein wird  ? Ich bin mit meinen Latein wirklich am Ende und würde mich sehr sehr freuen, wenn sich jemand meines Problems annehmen würde. Vielen vielen Dank schonmal im Voraus! Lisa Geändert von wei.lisha (15.01.2014 um 14:23 Uhr) |
| Themen zu PUP.Optional.Conduit.A und HTML/Framer.DO.254 |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, administrator, anti-malware, antivir, appdata, avira funktioniert nicht, befall, ccsetup, dateien, device driver, dvdvideosoft ltd., fehlermeldung, formatierung, funktioniert nicht, gelöscht, hotspot, html/framer.do.254, internet, lnk/agent.ak, löschen, nicht mehr, nicht öffnen, not, programme, prüfen, pup.optional.conduit.a, registry, spyware, vbs/kryptik.n, öffnen |
Baum-Darstellung