Hallo!
Zur Info: Am Ende des MBAM-Suchlaufs kam mir vor, es wäre Quarantäne ausgewählt gewesen. Im Log steht jetzt allerdings bei einigen "Löschen bei Neustart".
Nach dem Neustart kam dann im Browser die Meldung, der Proxy-Server sei nicht erreichbar. Diesen habe ich dann aus den System-Einstellungen wieder entfernt. Nach einem weiteren Neustart nach AdwCleaner war der Proxy wieder drin und auch wieder erreichbar. Popups und inzwischen auch Links erscheinen wieder.
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 06.11.2014
Suchlauf-Zeit: 10:27:27
Logdatei: mbam1.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.06.04
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: sebastian
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338673
Verstrichene Zeit: 8 Min, 9 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.Pirrit, C:\Users\sebastian\AppData\Local\CompileMethodOpen\CompileMethodOpen.exe, 1780, Löschen bei Neustart, [91fbe157314b8bab36cc9e93af5653ad]
PUP.Optional.eDeals, C:\Windows\SysWOW64\ControlOCRSDK\ControlOCRSDK.exe, 740, Löschen bei Neustart, [1d6f58e0d3a96ccaf112f23f59ac7987]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 2
PUP.Optional.Pirrit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CompileMethodOpen.exe, In Quarantäne, [91fbe157314b8bab36cc9e93af5653ad],
PUP.Optional.eDeals, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ControlOCRSDK, In Quarantäne, [1d6f58e0d3a96ccaf112f23f59ac7987],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 2
PUP.Optional.Pirrit, C:\Users\sebastian\AppData\Local\CompileMethodOpen\CompileMethodOpen.exe, Löschen bei Neustart, [91fbe157314b8bab36cc9e93af5653ad],
PUP.Optional.eDeals, C:\Windows\SysWOW64\ControlOCRSDK\ControlOCRSDK.exe, Löschen bei Neustart, [1d6f58e0d3a96ccaf112f23f59ac7987],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
AdwCleaner Code:
# AdwCleaner v4.002 - Bericht erstellt am 06/11/2014 um 10:48:20
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : sebastian - WRK02
# Gestartet von : C:\Users\sebastian\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\sebastian\AppData\Local\CheckCode
Datei Gelöscht : C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\SI-App
Schlüssel Gelöscht : HKLM\SOFTWARE\RST
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SI-App
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RST
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 de)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [3483 octets] - [24/09/2014 07:00:42]
AdwCleaner[R1].txt - [1660 octets] - [17/10/2014 09:44:17]
AdwCleaner[R2].txt - [7129 octets] - [21/10/2014 07:34:58]
AdwCleaner[R3].txt - [7189 octets] - [21/10/2014 07:53:36]
AdwCleaner[R4].txt - [2081 octets] - [06/11/2014 10:44:38]
AdwCleaner[S0].txt - [2991 octets] - [24/09/2014 07:07:35]
AdwCleaner[S1].txt - [7196 octets] - [21/10/2014 07:58:02]
AdwCleaner[S2].txt - [1978 octets] - [06/11/2014 10:48:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2038 octets] ##########
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Professional x64
Ran by sebastian on 06.11.2014 at 10:53:51,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\sebastian\AppData\Roaming\mozilla\firefox\profiles\s6i66e5y.default\minidumps [229 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2014 at 10:56:51,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by sebastian (administrator) on WRK02 on 06-11-2014 10:59:36
Running from C:\Users\sebastian\Desktop
Loaded Profile: sebastian (Available profiles: sebastian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Schweighofer) C:\Program Files (x86)\Common Files\SMS Shared\SSCService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Windows\SysWOW64\CommandQuickSamba\CommandQuickSamba.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
() C:\Windows\SysWOW64\ProgramRepositoryWinsock\ProgramRepositoryWinsock.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [42336 2013-09-23] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [7168 2014-09-23] ()
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-3367216552-3421558178-891187020-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3367216552-3421558178-891187020-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:31117
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70FD996F8FBCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3367216552-3421558178-891187020-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 83.175.85.102 83.175.86.102
FireFox:
========
FF ProfilePath: C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\sebastian\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\sebastian\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-08-20]
FF Extension: Bookmark Favicon Changer - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2014-08-20]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-08-20]
FF Extension: FaviconizeTab - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2014-08-20]
FF Extension: MeasureIt - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-08-20]
FF Extension: Smartest Bookmarks Bar - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi [2014-08-20]
FF Extension: Adblock Plus - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-21]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\s6i66e5y.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://app.asana.com/0/6359346258980/6359346258980", "https://www.google.de/"
CHR Profile: C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]
CHR Extension: (Google Drive) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]
CHR Extension: (Google-Suche) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR Extension: (Google Mail) - C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 CommandQuickSamba; C:\Windows\SysWOW64\CommandQuickSamba\CommandQuickSamba.exe [60453 2014-09-17] () [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-29] (Citrix Online, LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ProgramRepositoryWinsock; C:\Windows\SysWOW64\ProgramRepositoryWinsock\ProgramRepositoryWinsock.exe [68096 2014-10-13] () [File not signed]
R2 SSCLizenzdienst; C:\Program Files (x86)\Common Files\SMS Shared\SSCService.exe [499200 2011-05-19] (Schweighofer) [File not signed]
S2 CompileSharewareSprite.exe; C:\Users\sebastian\AppData\Local\CompileSharewareSprite\CompileSharewareSprite.exe [X]
S2 PathRemoteStart.exe; C:\Users\sebastian\AppData\Local\PathRemoteStart\PathRemoteStart.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 10:59 - 2014-11-06 10:59 - 00017041 _____ () C:\Users\sebastian\Desktop\FRST.txt
2014-11-06 10:59 - 2014-11-05 08:35 - 02114560 _____ (Farbar) C:\Users\sebastian\Desktop\FRST64.exe
2014-11-06 10:56 - 2014-11-06 10:56 - 00000766 _____ () C:\Users\sebastian\Desktop\JRT.txt
2014-11-06 10:53 - 2014-11-06 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 10:52 - 2014-11-06 10:52 - 00002134 _____ () C:\Users\sebastian\Desktop\AdwCleaner[S2].txt
2014-11-06 10:52 - 2014-11-06 10:52 - 00000000 ____D () C:\Windows\SysWOW64\ProgramRepositoryWinsock
2014-11-06 10:52 - 2014-11-06 10:52 - 00000000 ____D () C:\Users\sebastian\AppData\Local\CheckCode
2014-11-06 10:52 - 2014-11-06 10:52 - 00000000 ____D () C:\Program Files (x86)\eDealPop
2014-11-06 10:37 - 2014-11-06 10:43 - 00001944 _____ () C:\Users\sebastian\Desktop\mbam.txt
2014-11-06 10:36 - 2014-11-06 10:35 - 01706939 _____ (Thisisu) C:\Users\sebastian\Desktop\JRT.exe
2014-11-06 10:36 - 2014-11-06 10:31 - 01998336 _____ () C:\Users\sebastian\Desktop\AdwCleaner_4.002.exe
2014-11-06 10:35 - 2014-11-06 10:35 - 01706939 _____ (Thisisu) C:\Users\sebastian\Downloads\JRT.exe
2014-11-06 10:31 - 2014-11-06 10:31 - 01998336 _____ () C:\Users\sebastian\Downloads\AdwCleaner_4.002.exe
2014-11-05 14:40 - 2014-11-05 14:40 - 00028519 _____ () C:\ComboFix.txt
2014-11-05 14:31 - 2014-11-05 14:41 - 00000000 ____D () C:\Qoobox
2014-11-05 14:31 - 2014-11-05 14:39 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 14:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 14:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 14:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 14:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 14:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 14:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 14:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 14:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 14:30 - 2014-11-05 14:30 - 05591672 ____R (Swearware) C:\Users\sebastian\Desktop\ComboFix.exe
2014-11-05 08:45 - 2014-11-05 08:47 - 00028066 _____ () C:\Users\sebastian\Documents\Addition.txt
2014-11-05 08:44 - 2014-11-06 10:59 - 00000000 ____D () C:\FRST
2014-11-05 08:44 - 2014-11-05 08:47 - 00040510 _____ () C:\Users\sebastian\Documents\FRST.txt
2014-11-05 08:44 - 2014-11-05 08:35 - 02114560 _____ (Farbar) C:\Users\sebastian\Documents\FRST64.exe
2014-11-04 10:34 - 2014-11-04 10:34 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\webex
2014-11-04 10:34 - 2014-11-04 10:34 - 00000000 ____D () C:\Users\sebastian\AppData\Local\WebEx
2014-11-04 10:34 - 2014-11-04 10:34 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-04 10:33 - 2014-11-04 10:33 - 00650560 _____ (Cisco WebEx LLC) C:\Users\sebastian\Downloads\Cisco_WebEx_Add-On.exe
2014-11-02 22:34 - 2014-11-02 22:34 - 00003222 _____ () C:\Users\sebastian\Desktop\Malwarebytes Bericht 021114.xml
2014-11-02 22:21 - 2014-11-02 22:22 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\sebastian\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-11-02 22:21 - 2014-11-02 22:21 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\sebastian\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-31 08:22 - 2014-10-31 08:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-22 13:52 - 2014-10-22 13:52 - 02341360 _____ (Fastviewer.com) C:\Users\sebastian\Downloads\FastClient.exe
2014-10-22 13:52 - 2014-10-22 13:52 - 02341360 _____ (Fastviewer.com) C:\Users\sebastian\Desktop\FastClient.exe
2014-10-22 07:10 - 2014-10-21 15:45 - 00005742 _____ () C:\Users\sebastian\Desktop\MultiData.Shell64.rdp
2014-10-22 07:10 - 2014-10-10 15:03 - 00001096 _____ () C:\Users\sebastian\Desktop\SRV-MD1.cer
2014-10-22 07:09 - 2014-10-22 07:09 - 00003337 _____ () C:\Users\sebastian\Desktop\MD-Zugang.zip
2014-10-21 07:34 - 2014-10-21 07:34 - 01962496 _____ () C:\Users\sebastian\Downloads\adwcleaner_4.001.exe
2014-10-21 07:32 - 2014-10-24 15:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Apple Computer
2014-10-21 07:32 - 2014-10-21 07:32 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Apple Computer
2014-10-21 07:32 - 2014-10-21 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-21 07:31 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-10-21 07:30 - 2014-10-21 07:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 07:30 - 2014-10-21 07:31 - 00000000 ____D () C:\Program Files\iTunes
2014-10-21 07:30 - 2014-10-21 07:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-21 07:30 - 2014-10-21 07:30 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Apple
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-21 07:30 - 2014-10-21 07:30 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-21 07:26 - 2014-10-21 07:26 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-21 07:26 - 2014-10-21 07:26 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-21 07:25 - 2014-10-21 07:30 - 00000000 ____D () C:\ProgramData\Apple
2014-10-21 07:23 - 2014-10-21 07:24 - 122418480 _____ (Apple Inc.) C:\Users\sebastian\Downloads\iTunes64Setup.exe
2014-10-17 09:25 - 2014-10-17 09:25 - 00000000 ___SD () C:\Users\sebastian\Documents\Meine Datenquellen
2014-10-17 05:11 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 05:11 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 05:11 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 05:11 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 05:11 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 05:11 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 05:11 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 05:11 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 05:11 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 05:11 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 05:10 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 05:10 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 05:10 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 05:10 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 05:10 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 05:10 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 05:10 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 05:10 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 05:10 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 05:10 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 05:10 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 05:10 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 05:10 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 05:10 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 05:10 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 05:10 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 05:10 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 05:10 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 05:10 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 05:10 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 05:10 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 05:10 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 05:10 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 05:10 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 05:10 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 05:10 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 05:10 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 05:10 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 05:10 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 05:10 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 05:10 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 05:10 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 05:10 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 05:10 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 05:10 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 05:10 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 05:10 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 05:10 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 05:10 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 05:10 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 05:10 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 05:10 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 05:10 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 05:10 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 05:10 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 05:10 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 05:10 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 05:10 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 05:10 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 05:10 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 05:10 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 05:10 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 05:10 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 05:10 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 05:10 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 05:10 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 05:10 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 05:10 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 05:10 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 05:10 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 05:10 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 05:10 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 05:10 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 05:10 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 05:10 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 05:10 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 05:10 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 05:10 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 05:10 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 05:10 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 05:10 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 05:09 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 05:09 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 05:09 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 05:09 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 05:09 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 05:09 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 05:09 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 05:09 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 05:09 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 05:09 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 05:09 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 05:09 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 05:09 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 05:09 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 05:09 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 05:09 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 05:09 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 07:01 - 2014-11-06 10:39 - 00000000 ____D () C:\Windows\SysWOW64\ControlOCRSDK
2014-10-13 18:20 - 2014-10-13 18:20 - 00000192 _____ () C:\Users\sebastian\Desktop\Adressliste vom 13.10.2014.csv
2014-10-08 10:01 - 2014-10-08 10:01 - 00000182 _____ () C:\Users\sebastian\Desktop\Agenda mit WD KW 42.url
2014-10-07 11:09 - 2014-10-07 11:30 - 00013406 _____ () C:\Users\sebastian\Documents\Vers-kosten-Übersicht DPD A u D vs GLS Angebot inkl Outdoorer 071014.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 10:57 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 10:57 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 10:54 - 2014-08-20 16:44 - 01139127 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 10:50 - 2014-08-20 18:53 - 00000000 ____D () C:\Users\sebastian\AppData\Local\FreePDF_XP
2014-11-06 10:50 - 2014-08-20 17:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 10:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 10:50 - 2009-07-14 05:51 - 00033752 _____ () C:\Windows\setupact.log
2014-11-06 10:49 - 2010-11-21 04:47 - 00027134 _____ () C:\Windows\PFRO.log
2014-11-06 10:48 - 2014-09-24 07:00 - 00000000 ____D () C:\AdwCleaner
2014-11-06 10:42 - 2014-09-29 08:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 10:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-11-06 10:06 - 2014-08-20 17:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 09:50 - 2014-08-20 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 08:54 - 2014-08-20 19:39 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Adobe
2014-11-05 18:09 - 2014-08-20 19:31 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Skype
2014-11-05 17:53 - 2014-08-21 01:01 - 00000600 _____ () C:\Users\sebastian\AppData\Local\PUTTY.RND
2014-11-05 14:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-05 14:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 14:14 - 2014-08-22 09:27 - 00002228 ____H () C:\Users\sebastian\Documents\Default.rdp
2014-11-05 13:17 - 2014-08-20 17:38 - 00000000 ____D () C:\Users\sebastian\Documents\PhraseExpress
2014-11-05 08:59 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-04 18:00 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-11-04 18:00 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-11-04 18:00 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 10:34 - 2014-08-20 17:54 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Mozilla
2014-11-03 15:27 - 2014-08-20 16:48 - 00000000 ____D () C:\Users\sebastian
2014-11-02 22:22 - 2014-09-29 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 22:22 - 2014-09-29 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 21:13 - 2014-08-20 17:25 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\globesystems
2014-11-02 18:39 - 2014-08-26 20:43 - 00000000 ____D () C:\Users\sebastian\AppData\Local\CrashDumps
2014-11-02 15:43 - 2014-08-20 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 17:13 - 2014-09-09 00:55 - 00000000 ____D () C:\Users\sebastian\AppData\Local\JDownloader v2.0
2014-10-31 07:15 - 2014-09-08 20:43 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410205392
2014-10-31 07:15 - 2014-09-08 20:43 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-30 17:23 - 2014-08-20 23:59 - 00000034 _____ () C:\Users\sebastian\AppData\Roaming\AdobeWLCMCache.dat
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 04:37 - 2014-08-20 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-24 04:37 - 2014-08-20 17:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 04:37 - 2014-08-20 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 08:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-21 10:02 - 2014-08-20 19:31 - 00000000 ____D () C:\ProgramData\Skype
2014-10-20 17:01 - 2014-08-20 17:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 17:01 - 2014-08-20 17:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 18:56 - 2014-08-21 01:54 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-19 16:03 - 2009-07-14 05:45 - 00654304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 16:01 - 2014-08-20 17:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 18:14 - 2014-08-20 22:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 18:10 - 2014-08-20 18:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 18:04 - 2014-08-20 18:08 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 14:43 - 2014-08-21 01:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\FileZilla
2014-10-16 11:58 - 2011-04-12 08:55 - 00000000 ____D () C:\Windows\CSC
2014-10-15 23:30 - 2014-09-18 15:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\RadioSure
2014-10-07 19:44 - 2014-09-17 13:49 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\ObviousIdea
Some content of TEMP:
====================
C:\Users\sebastian\AppData\Local\Temp\Quarantine.exe
C:\Users\sebastian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 12:33
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by sebastian at 2014-11-06 11:00:15
Running from C:\Users\sebastian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.21 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.21 - Balsamiq SRL) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eDealPop version 1.0 (HKLM-x32\...\eDealPop_is1) (Version: 1.0 - eDealPop)
Excel LaunchPad (HKLM-x32\...\{323D8331-6550-4AB0-85AD-2596D66F8697}) (Version: 2.2.0 - BitterMinion Development)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.0.7.0873 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Light Image Resizer 4.4.1.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.0 - ObviousIdea)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Access 2007 (HKLM-x32\...\Access) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mindjet 14 (HKLM-x32\...\{EDC6276F-C3A4-418A-8091-B29C191746B1}) (Version: 14.0.345 - Mindjet)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhraseExpress v7.0.167 (HKLM-x32\...\PhraseExpress_is1) (Version: 7.0.167 - Bartels Media)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartTools Publishing • Outlook E-Mail-Notizen Pro (HKLM-x32\...\SmartToolsE-Mail-Notizen Prov3.60) (Version: v3.60 - SmartTools Publishing)
Snagit 11 (HKLM-x32\...\{D0CC22F6-A67A-4083-A043-E0640CB7A4DF}) (Version: 11.2.1 - TechSmith Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Time-Organizer (HKLM-x32\...\{B227677E-00EA-4169-96E8-007D38A8D1B3}) (Version: - Holger Hirschfeldt EDV-Beratung)
Unternehmensmanager (HKLM-x32\...\{40ED8ACB-8A38-4C2B-A7A5-DDE01DB4CACC}) (Version: 2.10.0.61 - globesystems Business Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0015-0000-0000-0000000FF1CE}_Access_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-10-2014 07:52:33 Windows Update
30-10-2014 11:15:03 Windows Update
02-11-2014 14:58:59 Windows Update
05-11-2014 13:31:38 ComboFix created restore point
06-11-2014 07:56:08 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-05 14:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13406221-E99D-4E47-B627-3E3D5C32D172} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)
Task: {261AFB0B-EDD2-4B2E-89A7-FED245E682C9} - System32\Tasks\AdobeAAMUpdater-1.0-WRK02-sebastian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {44E17F3A-7BA4-40DE-B043-29E5304696E1} - System32\Tasks\Opera scheduled Autoupdate 1410205392 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {84C35A0C-D7F3-41AA-9DEB-9E88D5B0AB6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C7E685B-E9E3-4A05-A736-60A6F009F62F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-20] (Google Inc.)
Task: {D23AA523-F454-4B3E-AD8D-BDC8BFA5AE72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-05 11:56 - 2007-02-09 03:41 - 00014848 _____ () C:\Windows\System32\KOAZJS_L.dll
2013-03-05 11:56 - 2007-02-09 03:41 - 00014848 _____ () C:\Windows\System32\KOAZJJ_L.dll
2014-08-20 18:52 - 2012-06-21 06:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-08-21 01:35 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-09-17 13:44 - 2014-09-17 13:44 - 00060453 _____ () C:\Windows\SysWOW64\CommandQuickSamba\CommandQuickSamba.exe
2014-11-06 10:52 - 2014-09-23 12:52 - 00007168 _____ () C:\Program Files (x86)\eDealPop\eDealPop.exe
2014-11-06 10:52 - 2014-10-13 11:01 - 00068096 _____ () C:\Windows\SysWOW64\ProgramRepositoryWinsock\ProgramRepositoryWinsock.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 01:35 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PhraseExpress.lnk => C:\Windows\pss\PhraseExpress.lnk.CommonStartup
========================= Accounts: ==========================
Administrator (S-1-5-21-3367216552-3421558178-891187020-500 - Administrator - Disabled)
Gast (S-1-5-21-3367216552-3421558178-891187020-501 - Limited - Disabled)
sebastian (S-1-5-21-3367216552-3421558178-891187020-1000 - Administrator - Enabled) => C:\Users\sebastian
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-06 10:50:03.369
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-06 10:39:54.546
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-06 10:36:02.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-06 08:43:19.366
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-05 15:28:46.873
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-05 15:05:54.828
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-05 14:41:50.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-05 14:37:27.818
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 14:37:27.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 08:21:56.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 8098.55 MB
Available physical RAM: 6102.14 MB
Total Pagefile: 16195.29 MB
Available Pagefile: 14010.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:186.31 GB) (Free:43.53 GB) NTFS
Drive d: (Datenträger 2 klein) (Fixed) (Total:74.5 GB) (Free:20.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:138.12 GB) NTFS
Drive h: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:324.95 GB) NTFS
Drive x: () (Network) (Total:5488.02 GB) (Free:4402.1 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D529D529)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 8D0C1B78)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000A7766)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
