Wahrscheinlich ein aggressiver Trojaner

Thomas101 · 17.05.2014, 10:49

Hallo Experten,

habe wahrscheinlich einen Trojaner erwischt. Allerdings ist der Bildschirm nicht gesperrt.
Windows 7, 32
Ich kann nicht auf AntiVira und auf Mailwarebytes zugreiffen. Systemwiederherstellung nicht möglich. Abgesicherter Modus inkl. Eingabeaufforderung deaktiviert (Der Rechner wird heruntergefahren).

Habe vom USB-Stick FRST laufen lassen - nichts gebracht, s. Anhang.

ASWCLEANER hat auch nicht geholfen.

Eine Idee? Vielen Dank!

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by XXX (administrator) on XXX-PC on 17-05-2014 10:01:14
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Dropbox, Inc.) C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {14b7b1e5-95f3-11e1-8e4e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3767-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3785-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b37b9-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {7ca3b667-c5c1-11e2-960d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {936d83ee-a4fb-11e1-a35d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce72e2-a133-11e1-b85e-0022faa61dd8} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce7303-a133-11e1-b85e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {c426fd63-b138-11e1-b750-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd328a-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd3298-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c2825a-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c28268-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f54fd211-8fbf-11e1-8024-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f6591163-c3fd-11e1-9032-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a23zjih.lnk
ShortcutTarget: a23zjih.lnk -> C:\ProgramData\2992199F9A\hijz32a.cpp ()
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

mort · 17.05.2014, 11:36

Hallo Thomas101 und

Ich werde dir bei der Bereinigung des Computers helfen.

Arbeite meine Anleitungen nacheinander ab.
Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Die FRST.txt in den Code-Tags und die angehängt Datei sind beide nicht komplett. Versuche den Inhalt der FRST.txt nochmal in Code-Tags zu posten.

Thomas101 · 17.05.2014, 13:26

Vielen Dank! Noch ein Versuch. Jetzt ist die Datei sicher vollständig.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Name (administrator) on Name-PC on 17-05-2014 13:40:41
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Dropbox, Inc.) C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {14b7b1e5-95f3-11e1-8e4e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3767-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3785-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b37b9-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {7ca3b667-c5c1-11e2-960d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {936d83ee-a4fb-11e1-a35d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce72e2-a133-11e1-b85e-0022faa61dd8} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce7303-a133-11e1-b85e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {c426fd63-b138-11e1-b750-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd328a-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd3298-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c2825a-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c28268-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f54fd211-8fbf-11e1-8024-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f6591163-c3fd-11e1-9032-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a23zjih.lnk
ShortcutTarget: a23zjih.lnk -> C:\ProgramData\2992199F9A\hijz32a.cpp ()
Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.biblio.tu-muenchen.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD481FC06CA17CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3F08E8E3-5002-470A-AD83-EEE3F0C4813E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default
FF Homepage: hxxp://www.google.de/|about:newtab
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\searchplugins\freemaketb-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-20]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (No Name) - C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp [2014-05-17]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [340136 2012-04-02] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2012-04-02] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2012-04-02] (Avira GmbH)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2012-04-02] (Avira GmbH)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S2 Winmgmt; C:\ProgramData\2992199F9A\hijz32a.cpp [157184 2014-05-16] ()

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2012-04-02] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2012-04-02] (Avira GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 13:38 - 2014-05-17 13:38 - 00000056 _____ () C:\Windows\setupact.log
2014-05-17 13:38 - 2014-05-17 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 12:16 - 2014-05-17 12:24 - 00009183 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 10:53 - 2014-05-17 12:11 - 00000000 ____D () C:\AdwCleaner
2014-05-17 09:41 - 2014-05-17 10:01 - 00000000 ____D () C:\FRST
2014-05-16 23:32 - 2014-05-17 13:38 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 07:33 - 2014-05-15 07:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 07:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 06:14 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 06:14 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 06:14 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 06:14 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 06:14 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 06:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 06:14 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 06:14 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 06:14 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 06:14 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 06:14 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 06:14 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 06:14 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 06:13 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:36 - 2014-05-13 22:36 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint (1).pptx
2014-05-13 08:41 - 2014-05-13 08:41 - 00079749 _____ () C:\Users\Name\Downloads\RF PET Assembly 01.tif
2014-05-10 12:28 - 2014-05-10 12:29 - 00000000 ____D () C:\Users\Name\AppData\Roaming\WiseUpdate
2014-05-07 21:39 - 2014-05-07 21:39 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint.pptx
2014-05-07 04:40 - 2014-05-15 20:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Name\AppData\Roaming\DropboxMaster
2014-04-27 13:54 - 2014-04-27 13:54 - 00128596 _____ () C:\Users\Name\Desktop\20140427-1029197819-umsatz.csv
2014-04-27 11:23 - 2014-04-27 11:36 - 01607680 _____ () C:\Users\Name\Downloads\Biological Basis of BOLD.ppt
2014-04-26 17:37 - 2014-04-26 18:38 - 00033792 _____ () C:\Users\Name\Downloads\ECCN 2014 REFUND_Galldiks.xls
2014-04-25 11:23 - 2014-04-25 11:23 - 00013184 _____ () C:\Users\Name\Downloads\test cluster 1.xlsx
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-21 14:28 - 2012-03-14 05:00 - 00311296 _____ (CANON INC.) C:\Windows\system32\CNMLMAE.DLL
2014-04-18 09:17 - 2014-04-18 09:17 - 00029297 _____ () C:\Users\Name\Downloads\Amirhosein.rar
2014-04-17 12:28 - 2014-04-17 12:29 - 05133311 _____ () C:\Users\Name\Downloads\SEPA_Account_Converter.zip
2014-04-17 10:44 - 2014-04-17 10:44 - 00015867 _____ () C:\Users\Name\Downloads\Korrelation.ods
2014-04-17 10:42 - 2014-04-17 10:42 - 00013129 _____ () C:\Users\Name\Downloads\AD_gesmoothed_spatial_correlation.txt

==================== One Month Modified Files and Folders =======

2014-05-17 13:38 - 2014-05-17 13:38 - 00000056 _____ () C:\Windows\setupact.log
2014-05-17 13:38 - 2014-05-17 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 13:38 - 2014-05-16 23:32 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-17 13:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 12:24 - 2014-05-17 12:16 - 00009183 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 12:21 - 2009-07-14 06:34 - 00012432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 12:21 - 2009-07-14 06:34 - 00012432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 12:11 - 2014-05-17 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-17 10:01 - 2014-05-17 09:41 - 00000000 ____D () C:\FRST
2014-05-17 09:38 - 2012-05-13 18:50 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Dropbox
2014-05-17 09:24 - 2012-05-13 18:53 - 00000000 ___RD () C:\Users\Name\Dropbox
2014-05-17 00:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-05-16 19:29 - 2014-05-16 19:29 - 00080994 _____ () C:\Users\Name\Downloads\EANM Disclosure Statement Template.pptx
2014-05-16 07:12 - 2012-05-13 18:51 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 21:46 - 2012-04-14 09:56 - 00000000 ____D () C:\Users\Name\AppData\Roaming\PrimoPDF
2014-05-15 21:39 - 2012-04-02 15:03 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 21:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 21:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 20:46 - 2014-05-07 04:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 20:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 07:36 - 2012-04-02 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:33 - 2014-05-15 07:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 07:33 - 2013-07-19 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 07:31 - 2012-04-02 16:50 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 06:14 - 2012-04-11 14:56 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Skype
2014-05-13 22:36 - 2014-05-13 22:36 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint (1).pptx
2014-05-13 08:41 - 2014-05-13 08:41 - 00079749 _____ () C:\Users\Name\Downloads\RF PET Assembly 01.tif
2014-05-10 12:29 - 2014-05-10 12:28 - 00000000 ____D () C:\Users\Name\AppData\Roaming\WiseUpdate
2014-05-10 09:39 - 2013-11-09 21:00 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 09:39 - 2013-11-09 21:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 09:06 - 2014-05-15 06:14 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 06:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 21:39 - 2014-05-07 21:39 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint.pptx
2014-05-06 05:25 - 2014-05-15 07:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Name\AppData\Roaming\DropboxMaster
2014-04-27 13:54 - 2014-04-27 13:54 - 00128596 _____ () C:\Users\Name\Desktop\20140427-1029197819-umsatz.csv
2014-04-27 11:36 - 2014-04-27 11:23 - 01607680 _____ () C:\Users\Name\Downloads\Biological Basis of BOLD.ppt
2014-04-26 18:38 - 2014-04-26 17:37 - 00033792 _____ () C:\Users\Name\Downloads\ECCN 2014 REFUND_Galldiks.xls
2014-04-25 11:23 - 2014-04-25 11:23 - 00013184 _____ () C:\Users\Name\Downloads\test cluster 1.xlsx
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-18 15:24 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 09:17 - 2014-04-18 09:17 - 00029297 _____ () C:\Users\Name\Downloads\Amirhosein Jahani_CV.rar
2014-04-17 12:29 - 2014-04-17 12:28 - 05133311 _____ () C:\Users\Name\Downloads\SEPA_Account_Converter.zip
2014-04-17 10:44 - 2014-04-17 10:44 - 00015867 _____ () C:\Users\Name\Downloads\Korrelation.ods
2014-04-17 10:42 - 2014-04-17 10:42 - 00013129 _____ () C:\Users\Name\Downloads\AD_gesmoothed_spatial_correlation.txt

Files to move or delete:
====================
C:\ProgramData\z7_0ytr.pad


Some content of TEMP:
====================
C:\Users\Name\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwkv45z.dll
C:\Users\Name\AppData\Local\Temp\Quarantine.exe
C:\Users\Name\AppData\Local\Temp\u4Ij.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 06:14] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 18:53

==================== End Of Log ============================

--- --- ---

--- --- ---

Noch 2 Tage kann ich leider nicht warten.. Muss morgen arbeiten.
VG Thomas

mort · 17.05.2014, 17:04

Du musst keine zwei Tage warten.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a23zjih.lnk
ShortcutTarget: a23zjih.lnk -> C:\ProgramData\2992199F9A\hijz32a.cpp ()
S2 Winmgmt; C:\ProgramData\2992199F9A\hijz32a.cpp [157184 2014-05-16] ()
2014-05-16 23:32 - 2014-05-17 09:37 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\ProgramData\z7_0ytr.pad

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte noch einmal FRST.

Setze den Haken bei Additions.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues FRST.txt und Additions.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Thomas101 · 18.05.2014, 07:22

Vielen Dank!

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Name at 2014-05-17 19:42:19 Run:1
Running from G:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a23zjih.lnk
ShortcutTarget: a23zjih.lnk -> C:\ProgramData\2992199F9A\hijz32a.cpp ()
S2 Winmgmt; C:\ProgramData\2992199F9A\hijz32a.cpp [157184 2014-05-16] ()
2014-05-16 23:32 - 2014-05-17 09:37 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\ProgramData\z7_0ytr.pad
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value deleted successfully.
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a23zjih.lnk not found.
C:\ProgramData\2992199F9A\hijz32a.cpp => Moved successfully.
Winmgmt => Service restored successfully.

"C:\ProgramData\2992199F9A" directory move:

C:\ProgramData\2992199F9A\2193912002.dat => Moved successfully.
C:\ProgramData\2992199F9A\a23zjih.bbr => Moved successfully.
Could not move "C:\ProgramData\2992199F9A\a23zjihName.fdd" => Scheduled to move on reboot.
Could not move "C:\ProgramData\2992199F9A" directory. => Scheduled to move on reboot.

C:\ProgramData\z7_0ytr.pad => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-17 19:52:47)<=

C:\ProgramData\2992199F9A\a23zjihName.fdd => Is moved successfully.
C:\ProgramData\2992199F9A => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Name (administrator) on Name-PC on 17-05-2014 19:53:46
Running from G:\
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Dropbox, Inc.) C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {14b7b1e5-95f3-11e1-8e4e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3767-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b3785-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {605b37b9-c537-11e2-b8d8-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {7ca3b667-c5c1-11e2-960d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {936d83ee-a4fb-11e1-a35d-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce72e2-a133-11e1-b85e-0022faa61dd8} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {a5ce7303-a133-11e1-b85e-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {c426fd63-b138-11e1-b750-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd328a-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {d7bd3298-8f03-11e1-a4fe-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c2825a-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {e1c28268-7cf8-11e1-a141-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f54fd211-8fbf-11e1-8024-001f169bef1b} - F:\AutoRun.exe
HKU\S-1-5-21-2548039745-93218685-3263437999-1000\...\MountPoints2: {f6591163-c3fd-11e1-9032-001f169bef1b} - F:\AutoRun.exe
Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Name\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.biblio.tu-muenchen.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD481FC06CA17CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3F08E8E3-5002-470A-AD83-EEE3F0C4813E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default
FF Homepage: hxxp://www.google.de/|about:newtab
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\searchplugins\freemaketb-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-20]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (No Name) - C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp [2014-05-17]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [340136 2012-04-02] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2012-04-02] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2012-04-02] (Avira GmbH)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2012-04-02] (Avira GmbH)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2012-04-02] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2012-04-02] (Avira GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 19:43 - 2014-05-17 19:43 - 00000308 _____ () C:\Windows\PFRO.log
2014-05-17 13:38 - 2014-05-17 19:44 - 00000280 _____ () C:\Windows\setupact.log
2014-05-17 13:38 - 2014-05-17 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 12:16 - 2014-05-17 19:51 - 00164894 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 10:53 - 2014-05-17 12:11 - 00000000 ____D () C:\AdwCleaner
2014-05-17 09:41 - 2014-05-17 19:53 - 00000000 ____D () C:\FRST
2014-05-16 19:29 - 2014-05-16 19:29 - 00080994 _____ () C:\Users\Name\Downloads\EANM Disclosure Statement Template.pptx
2014-05-15 07:33 - 2014-05-15 07:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 07:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 06:14 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 06:14 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 06:14 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 06:14 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 06:14 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 06:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 06:14 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 06:14 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 06:14 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 06:14 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 06:14 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 06:14 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 06:14 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 06:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 06:13 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:36 - 2014-05-13 22:36 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint (1).pptx
2014-05-13 08:41 - 2014-05-13 08:41 - 00079749 _____ () C:\Users\Name\Downloads\RF PET Assembly 01.tif
2014-05-10 12:28 - 2014-05-10 12:29 - 00000000 ____D () C:\Users\Name\AppData\Roaming\WiseUpdate
2014-05-07 21:39 - 2014-05-07 21:39 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint.pptx
2014-05-07 04:40 - 2014-05-15 20:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Name\AppData\Roaming\DropboxMaster
2014-04-27 13:54 - 2014-04-27 13:54 - 00128596 _____ () C:\Users\Name\Desktop\20140427-1029197819-umsatz.csv
2014-04-27 11:23 - 2014-04-27 11:36 - 01607680 _____ () C:\Users\Name\Downloads\Biological Basis of BOLD.ppt
2014-04-26 17:37 - 2014-04-26 18:38 - 00033792 _____ () C:\Users\Name\Downloads\ECCN 2014 REFUND_Galldiks.xls
2014-04-25 11:23 - 2014-04-25 11:23 - 00013184 _____ () C:\Users\Name\Downloads\test cluster 1.xlsx
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-21 14:28 - 2012-03-14 05:00 - 00311296 _____ (CANON INC.) C:\Windows\system32\CNMLMAE.DLL
2014-04-18 09:17 - 2014-04-18 09:17 - 00029297 _____ () C:\Users\Name\Downloads\Amirhosein Jahani_CV.rar
2014-04-17 12:28 - 2014-04-17 12:29 - 05133311 _____ () C:\Users\Name\Downloads\SEPA_Account_Converter.zip
2014-04-17 10:44 - 2014-04-17 10:44 - 00015867 _____ () C:\Users\Name\Downloads\Korrelation_DMN-Template_ADs_HCs.ods
2014-04-17 10:42 - 2014-04-17 10:42 - 00013129 _____ () C:\Users\Name\Downloads\AD_gesmoothed_spatial_correlation.txt

==================== One Month Modified Files and Folders =======

2014-05-17 19:53 - 2014-05-17 09:41 - 00000000 ____D () C:\FRST
2014-05-17 19:53 - 2009-07-14 06:34 - 00012432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 19:53 - 2009-07-14 06:34 - 00012432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 19:51 - 2014-05-17 12:16 - 00164894 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 19:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-17 19:44 - 2014-05-17 13:38 - 00000280 _____ () C:\Windows\setupact.log
2014-05-17 19:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 19:43 - 2014-05-17 19:43 - 00000308 _____ () C:\Windows\PFRO.log
2014-05-17 17:56 - 2013-12-10 15:54 - 00000000 ____D () C:\Windows\pss
2014-05-17 13:38 - 2014-05-17 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 12:11 - 2014-05-17 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-17 09:38 - 2012-05-13 18:50 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Dropbox
2014-05-17 09:24 - 2012-05-13 18:53 - 00000000 ___RD () C:\Users\Name\Dropbox
2014-05-17 00:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-05-16 19:29 - 2014-05-16 19:29 - 00080994 _____ () C:\Users\Name\Downloads\EANM Disclosure Statement Template.pptx
2014-05-16 07:12 - 2012-05-13 18:51 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 21:46 - 2012-04-14 09:56 - 00000000 ____D () C:\Users\Name\AppData\Roaming\PrimoPDF
2014-05-15 21:39 - 2012-04-02 15:03 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 21:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 21:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 20:46 - 2014-05-07 04:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 20:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 07:36 - 2012-04-02 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:33 - 2014-05-15 07:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 07:33 - 2013-07-19 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 07:31 - 2012-04-02 16:50 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 06:14 - 2012-04-11 14:56 - 00000000 ____D () C:\Users\Name\AppData\Roaming\Skype
2014-05-13 22:36 - 2014-05-13 22:36 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint (1).pptx
2014-05-13 08:41 - 2014-05-13 08:41 - 00079749 _____ () C:\Users\Name\Downloads\RF PET Assembly 01.tif
2014-05-10 12:29 - 2014-05-10 12:28 - 00000000 ____D () C:\Users\Name\AppData\Roaming\WiseUpdate
2014-05-10 09:39 - 2013-11-09 21:00 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 09:39 - 2013-11-09 21:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 09:06 - 2014-05-15 06:14 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 06:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 21:39 - 2014-05-07 21:39 - 00449269 _____ () C:\Users\Name\Downloads\map_hotelCC_Vereint.pptx
2014-05-06 05:25 - 2014-05-15 07:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Name\AppData\Roaming\DropboxMaster
2014-04-27 13:54 - 2014-04-27 13:54 - 00128596 _____ () C:\Users\Name\Desktop\20140427-1029197819-umsatz.csv
2014-04-27 11:36 - 2014-04-27 11:23 - 01607680 _____ () C:\Users\Name\Downloads\Biological Basis of BOLD.ppt
2014-04-26 18:38 - 2014-04-26 17:37 - 00033792 _____ () C:\Users\Name\Downloads\ECCN 2014 REFUND_Galldiks.xls
2014-04-25 11:23 - 2014-04-25 11:23 - 00013184 _____ () C:\Users\Name\Downloads\test cluster 1.xlsx
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-21 14:29 - 2014-04-21 14:29 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-18 15:24 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 09:17 - 2014-04-18 09:17 - 00029297 _____ () C:\Users\Name\Downloads\Amirhosein Jahani_CV.rar
2014-04-17 12:29 - 2014-04-17 12:28 - 05133311 _____ () C:\Users\Name\Downloads\SEPA_Account_Converter.zip
2014-04-17 10:44 - 2014-04-17 10:44 - 00015867 _____ () C:\Users\Name\Downloads\Korrelation_DMN-Template_ADs_HCs.ods
2014-04-17 10:42 - 2014-04-17 10:42 - 00013129 _____ () C:\Users\Name\Downloads\AD_gesmoothed_spatial_correlation.txt

Some content of TEMP:
====================
C:\Users\Name\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsfll3z.dll
C:\Users\Name\AppData\Local\Temp\Quarantine.exe
C:\Users\Name\AppData\Local\Temp\u4Ij.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 06:14] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 18:53

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by Name at 2014-05-17 19:54:14
Running from G:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee 5.0 PowerPack (HKLM\...\{5058B085-AA79-41E5-A726-681B4C4B846E}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
amide-1.0.4-1 (HKLM\...\amide_is1) (Version:  - amide-users@lists.sourceforge.net)
Any Video Converter 3.3.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Avira AntiVir Professional (HKLM\...\Avira AntiVir Desktop) (Version: 10.2.0.1064 - Avira GmbH)
Battle City (HKLM\...\Battle City_is1) (Version:  - DemonikD)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Figurative Codes Game (HKLM\...\Figurative Codes Game) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
G*Power 3.1.7 (HKLM\...\{80A4F598-7460-41BC-AC15-B7E4545838E4}) (Version: 3.1.7 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version:  - NIH)
ImproveMemory (HKLM\...\ImproveMemory) (Version:  - )
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 de) (HKLM\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MRIcro (remove only) (HKLM\...\MRIcro) (Version:  - )
PASW Statistics 17.0 (HKLM\...\{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}) (Version: 17.0.2 - SPSS Inc.)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.201.0 - Tracker Software Products Ltd.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quick Startup 2.9.0.823 (HKLM\...\Quick Startup_is1) (Version:  - Glarysoft.com)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SigmaPlot 12.0 (HKLM\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.0 - Systat Software, Inc.)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sweet Home 3D version 3.7 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Registry Cleaner 8.03 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
WizCite for Microsoft Word v4.0 (HKCU\...\299DE5BE85220C1FC602745366B666086C2FE853) (Version: 4.0.0.68 - WizPatent)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {028ED104-A0EE-43ED-986F-66D0BD6CED13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {4F020DB6-DA78-4A19-AE7B-7610B78A17E6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DB27904D-0020-4C36-92E0-A4776AA404E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {DFA8E60A-38B4-4BA0-A938-7CD00C14A59B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-14 09:53 - 2011-03-01 00:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2012-04-02 15:11 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2012-04-02 15:24 - 2010-01-28 14:01 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-05-17 19:44 - 2014-05-17 19:44 - 00041984 _____ () c:\users\Name\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsfll3z.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Name\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a23zjih.lnk => C:\Windows\pss\a23zjih.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 06:46:21 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/17/2014 05:48:17 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/17/2014 01:40:46 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/17/2014 00:08:14 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/17/2014 09:15:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (05/17/2014 08:31:21 AM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/16/2014 07:05:05 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von Name-PC (169.254.207.106) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten .
Es wurden keine neuen Dateien geladen.

Error: (05/16/2014 03:27:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/16/2014 08:53:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (05/15/2014 09:36:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).


System errors:
=============
Error: (05/17/2014 07:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 07:44:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (05/17/2014 07:43:28 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/17/2014 07:43:28 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/17/2014 07:30:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (05/17/2014 06:48:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (05/17/2014 06:08:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (05/17/2014 06:07:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (05/17/2014 06:07:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (05/17/2014 06:06:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (05/17/2014 06:46:21 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/17/2014 05:48:17 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/17/2014 01:40:46 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/17/2014 00:08:14 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/17/2014 09:15:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (05/17/2014 08:31:21 AM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/16/2014 07:05:05 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Name-PC (169.254.207.106)Während des Herunterladens ist ein Fehler aufgetreten

Error: (05/16/2014 03:27:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (05/16/2014 08:53:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (05/15/2014 09:36:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3066.95 MB
Available physical RAM: 1666.46 MB
Total Pagefile: 6132.2 MB
Available Pagefile: 4400.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:228.01 GB) (Free:188.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:227.98 GB) (Free:125.6 GB) NTFS
Drive f: (Volume) (Fixed) (Total:931.51 GB) (Free:632.03 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 91DE03F7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=228 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=228 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 813847F0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Malwarebytes und Antivira konnte ich starten! Malwarebytes hat nichts gefunden, Avira läuft. Dass der Rechner sauber ist, bin ich mir aber nicht sicher..

Zu erwähnen ist, dass ich die Verbindung zum Internet extra ausgeschaltet habe, um einen evtl. Eingriff bzw. Datenverlust zu vermeiden. Habe alles über einen anderen Rechner + USB-S. gemacht.

Der abgesicherte Modus geht jetzt, die Systemwiederherstellung jedoch nicht. Kann es sein, dass der Virus Wiederherstellungszeitpunkte gelöscht hat? Oder diese weiterhin blockiert?
Vielen Dank.

mort · 18.05.2014, 10:56

Wie es aussieht sind die Wiederherstellungspunkte weg. Entfernen noch Adware und machen Kontrollscans.

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Thomas101 · 18.05.2014, 18:03

Schritt 1

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.208 - Bericht erstellt am 17/05/2014 um 10:53:20
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Name - Name-PC
# Gestartet von : F:\adwcleaner_3.208.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\user.js
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Level Quality Watcher
Ordner Gefunden : C:\Program Files\YourFileDownloader
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Name\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Name\AppData\Local\cool_mirage
Ordner Gefunden : C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp
Ordner Gefunden : C:\Users\Name\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Name\AppData\LocalLow\FreemakeTB
Ordner Gefunden : C:\Users\Name\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\Smartbar
Ordner Gefunden : C:\Users\Name\AppData\Roaming\YourFileDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FreemakeTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\f55dadde738ee43
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\kgficikadnmmefckdecajlmffkbagomp
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKCU\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\FreemakeTB
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kgficikadnmmefckdecajlmffkbagomp
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56777F79-C204-4765-9383-356558D6D2EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EB0380B-9203-467A-8C74-9299F1A39CA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\47lvqby8.default\prefs.js ]

Zeile gefunden : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Zeile gefunden : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_TMP_city", "MOUTAYIAKA");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_TMP_country", "CY");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_country", "CYPRUS");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_locId", "CYXX0115");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_location", "Moutayiaka, Cyprus");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_region", "OT");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Zeile gefunden : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Zeile gefunden : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"19°C\",\"temperatureClear\":\"19°C\",\"highTemperature\":\"19°C\",\"lowTemperature\":\"15°C\",\"feelsLike\":\"19°C\",[...]
Zeile gefunden : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.FirstTime", "true");
Zeile gefunden : user_pref("CT3214568.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT3214568.PG_ENABLE", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT3214568.SearchAppState.enc", "Mg==");
Zeile gefunden : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&CUI=UN56911530708031028&UM=1&q=");
Zeile gefunden : user_pref("CT3214568.UserID", "UN56911530708031028");
Zeile gefunden : user_pref("CT3214568.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT3214568.autoDisableScopes", -1);
Zeile gefunden : user_pref("CT3214568.browser.search.defaultthis.engineName", true);
Zeile gefunden : user_pref("CT3214568.defaultSearch", "true");
Zeile gefunden : user_pref("CT3214568.enableAlerts", "true");
Zeile gefunden : user_pref("CT3214568.enableFix404ByUser", "FALSE");
Zeile gefunden : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Zeile gefunden : user_pref("CT3214568.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT3214568.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT3214568.fixPageNotFoundErrorByUser", "true");
Zeile gefunden : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT3214568.fixUrls", true);
Zeile gefunden : user_pref("CT3214568.homepageuserchanged", true);
Zeile gefunden : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Zeile gefunden : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Zeile gefunden : user_pref("CT3214568.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Zeile gefunden : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT3214568.keyword", true);
Zeile gefunden : user_pref("CT3214568.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3214568&octid=CT3214568&SearchSource=15&CUI=UN56911530708031028&SSPV=EB_SSPV&Lay=1&UM=1[...]
Zeile gefunden : user_pref("CT3214568.lastVersion", "10.15.0.562");
Zeile gefunden : user_pref("CT3214568.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT3214568.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://FreemakeTB.OurToolbar.co[...]
Zeile gefunden : user_pref("CT3214568.openThankYouPage", "false");
Zeile gefunden : user_pref("CT3214568.openUninstallPage", "true");
Zeile gefunden : user_pref("CT3214568.search.searchAppId", "10000002");
Zeile gefunden : user_pref("CT3214568.search.searchCount", "0");
Zeile gefunden : user_pref("CT3214568.searchFromAddressBarEnabledByUser", "true");
Zeile gefunden : user_pref("CT3214568.searchInNewTabEnabledByUser", "true");
Zeile gefunden : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT3214568.searchUserMode", "1");
Zeile gefunden : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3214568\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreemakeTB.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreemakeTB\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365327264750");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_appsMetadata_lastUpdate", "1365327264744");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365327264610");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_location_lastUpdate", "1365527843960");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365527843909");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365327264700");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_searchAPI_lastUpdate", "1365327260512");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_serviceMap_lastUpdate", "1365527843578");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_setupAPI_lastUpdate", "1365327260081");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365327264654");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_toolbarSettings_lastUpdate", "1365527843769");
Zeile gefunden : user_pref("CT3214568.serviceLayer_services_translation_lastUpdate", "1365527843742");
Zeile gefunden : user_pref("CT3214568.settingsINI", true);
Zeile gefunden : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT3214568.showToolbarPermission", "false");
Zeile gefunden : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Zeile gefunden : user_pref("CT3214568.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT3214568.smartbar.homepage", true);
Zeile gefunden : user_pref("CT3214568.smartbar.isHidden", true);
Zeile gefunden : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Zeile gefunden : user_pref("CT3214568.startPage", "true");
Zeile gefunden : user_pref("CT3214568.toolbarBornServerTime", "7-4-2013");
Zeile gefunden : user_pref("CT3214568.toolbarCurrentServerTime", "9-4-2013");
Zeile gefunden : user_pref("CT3214568.toolbarDisabled", "true");
Zeile gefunden : user_pref("CT3214568.toolbarLoginClientTime", "Sun Apr 07 2013 11:34:25 GMT+0200");
Zeile gefunden : user_pref("CT3214568_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365528419001,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gefunden : user_pref("Smartbar.ConduitSearchEngineList", "FreemakeTB Customized Web Search");
Zeile gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&CUI=UN56911530708031028&UM=1&q=");
Zeile gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Zeile gefunden : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=121562&babsrc=HP_ss&mntrId=DC440022FAA61DD9");
Zeile gefunden : user_pref("avg.install.userSPSettings", "Delta Search");
Zeile gefunden : user_pref("browser.search.defaultenginename", "FreemakeTB Customized Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Delta Search");
Zeile gefunden : user_pref("browser.search.selectedEngine", "FreemakeTB Customized Web Search");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.id", "dc44c4220000000000000022faa61dd9");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15803");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.09:04:50");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13&CUI=UN56911530708031028&UM=1");
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&CUI=UN56911530708031028&UM=1&q=");
Zeile gefunden : user_pref("smartbar.machineId", "YRGBPLREML/VWK1HEVUWWPQQLEHKA7ISNM0JAQCJYGOAFW99EAITJRW4ZG9XHYSBCTK5ZDFAUFAQWWLS8P+TZW");
Zeile gefunden : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gefunden : user_pref("smartbar.originalSearchAddressUrl", "");
Zeile gefunden : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v34.0.1847.137

[ Datei : C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Extension] : kgficikadnmmefckdecajlmffkbagomp

*************************

AdwCleaner[R0].txt - [16851 octets] - [17/05/2014 10:53:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16912 octets] ##########