Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After almost every Click in Chrome another Tab opens with spam


  • This topic is locked This topic is locked
10 replies to this topic

#1 JanPC

JanPC

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 26 August 2015 - 09:44 AM

Hello,

 

I hope I give you all Information you'll need :)

 

As stated in the Title, after almost every click another Tab opens with spam and my Antivirussoftware blocks here.sendevent or dome Website tr553.com. 

I uninstaled a few Browserplugins and run a few Scanners, but the System is still there.

Feel free to ask me additional questions and thank you for helping!

 

Jan

 

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015 02
durchgeführt von xxx (Administrator) auf XXX-PC (26-08-2015 16:21:59)
Gestartet von C:\Users\xxx\Downloads
Geladene Profile: xxx (Verfügbare Profile: xxx)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\xxx\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(iDevDirect.com L.L.C.) C:\Program Files\CommissionAlert\CommissionAlert.exe
() C:\Program Files\Launchy\Launchy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9914984 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Akamai NetSession Interface] => C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [f.lux] => C:\Users\xxx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-16] (Microsoft Corporation)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-06-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CommissionAlert.lnk [2014-12-12]
ShortcutTarget: CommissionAlert.lnk -> C:\Program Files\CommissionAlert\CommissionAlert.exe (iDevDirect.com L.L.C.)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-11-06]
ShortcutTarget: Launchy.lnk -> C:\Program Files\Launchy\Launchy.exe ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000 -> {A74DA58F-BC10-4995-AACB-8C1426E16883} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52DA0F48-EAC2-41C9-8B3C-81A0D841EAB9}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--1.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--2.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--3.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--4.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--5.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar-.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar.xml [2014-11-19]
FF Extension: Add to Search Bar - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-11-19]
FF Extension: Lightbeam - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-12-02]
FF Extension: KGen - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\kgen@elitwork.com.xpi [2014-12-01]
FF Extension: MozBar - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\toolbar@seomoz.org.xpi [2015-07-23]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-11-04]
 
Chrome: 
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cahoots) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\acajoolgbgnpbmefodjcfbbfahnhhanp [2015-08-24]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-11-03]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (OneTab) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-12-11]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Kein Name) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2015-08-26]
CHR Extension: (Page Analytics (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-04-29]
CHR Extension: (AdBlock) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-04]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2014-04-29]
CHR Extension: (Show / hide passwords) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlainjaalmfjjpjmedhchmaclcbbbpe [2014-11-25]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-11-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-04]
CHR Extension: (The Great Suspender) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-26]
CHR Extension: (TopicHeads - Text Checker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncpgiafoaodmfjnhajaojhhdjmaoaah [2014-11-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-20]
CHR Extension: (Ghostery) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-19]
CHR Extension: (Session Manager) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-04]
CHR HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 thsvdjpr; C:\Windows\system32\Drivers\thsvdjpr.sys [411552 2014-04-29] (AVAST Software)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 aylyoidx; \??\C:\Windows\system32\drivers\aylyoidx.sys [X]
S1 brihpfxf; \??\C:\Windows\system32\drivers\brihpfxf.sys [X]
S1 bsfdklqx; \??\C:\Windows\system32\drivers\bsfdklqx.sys [X]
S1 ejvruvey; \??\C:\Windows\system32\drivers\ejvruvey.sys [X]
S1 gjzpeemv; \??\C:\Windows\system32\drivers\gjzpeemv.sys [X]
S1 hbujpcpc; \??\C:\Windows\system32\drivers\hbujpcpc.sys [X]
S1 inaatnog; \??\C:\Windows\system32\drivers\inaatnog.sys [X]
S1 jcxakzuj; \??\C:\Windows\system32\drivers\jcxakzuj.sys [X]
S1 kbeuazvb; \??\C:\Windows\system32\drivers\kbeuazvb.sys [X]
S1 lenmqhnq; \??\C:\Windows\system32\drivers\lenmqhnq.sys [X]
S1 lgfcgtsm; \??\C:\Windows\system32\drivers\lgfcgtsm.sys [X]
S1 lygwpwxb; \??\C:\Windows\system32\drivers\lygwpwxb.sys [X]
S1 muoznemg; \??\C:\Windows\system32\drivers\muoznemg.sys [X]
S1 qptegblo; \??\C:\Windows\system32\drivers\qptegblo.sys [X]
S1 tmfwqttr; \??\C:\Windows\system32\drivers\tmfwqttr.sys [X]
S1 tozpgmgn; \??\C:\Windows\system32\drivers\tozpgmgn.sys [X]
S1 tvtoomqx; \??\C:\Windows\system32\drivers\tvtoomqx.sys [X]
S1 wnhtcufj; \??\C:\Windows\system32\drivers\wnhtcufj.sys [X]
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-08-26 16:21 - 2015-08-26 16:27 - 00031963 _____ C:\Users\xxx\Downloads\FRST.txt
2015-08-26 16:21 - 2015-08-26 16:22 - 00000000 ____D C:\FRST
2015-08-26 16:21 - 2015-08-26 16:21 - 01690112 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-08-26 16:17 - 2015-08-26 16:17 - 02186752 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2015-08-26 16:01 - 2015-08-26 16:01 - 01605632 _____ C:\Users\xxx\Downloads\adwcleaner_5.003.exe
2015-08-26 14:11 - 2015-08-26 14:11 - 00099521 _____ C:\Users\xxx\Downloads\278752.csv
2015-08-26 13:16 - 2015-08-26 16:21 - 00000020 ____H C:\Users\xxx\Documents\DatabasePowercigs.kdb.lock
2015-08-26 11:00 - 2015-08-26 16:07 - 00005536 _____ C:\Windows\PFRO.log
2015-08-26 11:00 - 2015-08-26 16:07 - 00000168 _____ C:\Windows\setupact.log
2015-08-26 11:00 - 2015-08-26 11:00 - 00000000 _____ C:\Windows\setuperr.log
2015-08-26 09:33 - 2015-08-26 16:08 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-26 09:31 - 2015-08-26 09:31 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-26 09:31 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-26 09:31 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 09:31 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 09:29 - 2015-08-26 09:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-26 09:28 - 2015-08-26 09:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-25 17:22 - 2015-08-25 17:22 - 00001472 _____ C:\Users\xxx\AppData\Local\recently-used.xbel
2015-08-25 17:14 - 2015-08-26 09:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 18:18 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 18:18 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-24 09:07 - 2015-08-24 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-24 09:07 - 2015-08-24 09:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-19 09:43 - 2015-08-24 10:14 - 00000000 ____D C:\Users\xxx\Downloads\AlteDWNS
2015-08-19 08:47 - 2015-08-25 15:49 - 00000000 ____D C:\Users\xxx\Desktop\BIlderrauchenfürterror
2015-08-18 09:05 - 2015-08-18 11:02 - 01253948 _____ C:\Users\xxx\Desktop\Links 180082015.xlsx
2015-08-17 18:20 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 16:58 - 2015-08-17 16:59 - 00000000 ____D C:\Users\xxx\Desktop\OnPageExport
2015-08-17 10:44 - 2015-08-17 10:45 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-08-17 09:25 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-17 09:25 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-17 09:25 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-17 09:25 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-17 09:25 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 09:25 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-17 09:25 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 09:25 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-17 09:25 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 09:25 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-17 09:25 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-17 09:25 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-17 09:25 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-17 09:25 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-17 09:25 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-17 09:25 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-17 09:25 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-17 09:25 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 09:25 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-17 09:25 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-17 09:25 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-17 09:25 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-17 09:25 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-17 09:25 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-17 09:24 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 09:24 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 09:24 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-17 09:24 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-17 09:24 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-17 09:24 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-17 09:24 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-17 09:24 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-17 09:24 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-17 09:24 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-17 09:24 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-17 09:24 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-17 09:24 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-17 09:24 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-17 09:24 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-17 09:24 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-17 09:24 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-17 09:24 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-17 09:24 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-17 09:24 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-17 09:24 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-17 09:24 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-17 09:24 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-17 09:24 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-17 09:24 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-17 09:24 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-17 09:24 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-17 09:24 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-17 09:24 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-17 09:24 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-17 09:24 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-17 09:24 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-17 09:24 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 09:24 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 09:23 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 09:23 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 09:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-17 09:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-05 09:58 - 2015-08-05 15:50 - 00000000 ____D C:\Users\xxx\Desktop\Umfrage
2015-08-04 14:15 - 2015-08-04 17:38 - 00081602 _____ C:\Users\xxx\Desktop\Microsoft Excel Worksheet (neu).xlsx
2015-08-03 13:47 - 2015-08-03 13:50 - 00000000 ____D C:\Users\xxx\Desktop\gScrapr
2015-07-31 10:42 - 2015-07-31 11:54 - 00000000 ____D C:\Users\xxx\AppData\OICE_15_974FA576_32C1D314_2D8A
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-08-26 16:22 - 2014-04-16 08:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2015-08-26 16:17 - 2015-05-21 09:53 - 01576901 _____ C:\Windows\WindowsUpdate.log
2015-08-26 16:08 - 2014-04-29 09:21 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 16:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 16:05 - 2015-04-01 17:00 - 00000000 ____D C:\AdwCleaner
2015-08-26 16:04 - 2009-07-14 06:34 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 16:04 - 2009-07-14 06:34 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 15:30 - 2014-04-29 09:21 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 13:14 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 11:17 - 2015-07-10 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-26 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Branding
2015-08-26 09:04 - 2014-04-29 15:01 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2015-08-26 09:00 - 2014-09-30 17:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-25 17:23 - 2014-11-04 18:07 - 00000000 ____D C:\Users\xxx\.gimp-2.8
2015-08-25 17:22 - 2014-11-04 18:09 - 00000000 ____D C:\Users\xxx\AppData\Local\gtk-2.0
2015-08-25 10:22 - 2014-03-20 10:27 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2015-08-25 09:27 - 2015-04-20 11:39 - 00013304 _____ C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2015-08-25 09:17 - 2015-04-08 16:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-24 18:15 - 2014-11-03 18:51 - 00012828 _____ C:\Users\xxx\Documents\DatabasePowercigs.kdb
2015-08-24 12:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-08-24 11:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-24 10:04 - 2014-04-13 15:46 - 00000000 ____D C:\Program Files\Canon
2015-08-24 10:01 - 2015-05-12 09:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Add-in Express
2015-08-24 10:01 - 2014-03-20 10:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-24 09:08 - 2014-04-16 08:47 - 00000000 ____D C:\ProgramData\Skype
2015-08-24 09:07 - 2014-10-15 09:07 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 10:44 - 2014-11-03 10:13 - 00000000 ____D C:\Users\xxx\Desktop\JMA
2015-08-19 09:42 - 2014-11-18 19:13 - 00000000 ___RD C:\Users\xxx\Desktop\Progs
2015-08-19 09:41 - 2015-07-13 17:40 - 00000000 ____D C:\Users\xxx\Desktop\LinkChecker
2015-08-19 08:50 - 2015-02-05 19:04 - 00000000 ____D C:\Users\xxx\Desktop\E-Zig BLOG
2015-08-18 15:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-18 14:34 - 2014-11-19 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 11:05 - 2015-01-30 14:17 - 00000000 ____D C:\Users\xxx\Desktop\Disavow
2015-08-18 09:08 - 2015-05-05 16:10 - 00010449 _____ C:\Users\xxx\Desktop\SeoTools.config.xml
2015-08-18 08:52 - 2009-07-14 06:33 - 00467200 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-18 08:50 - 2014-03-20 16:53 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-18 08:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-17 09:09 - 2014-04-28 19:22 - 00000000 ____D C:\Users\xxx\AppData\Local\Akamai
2015-08-06 16:38 - 2015-05-08 09:22 - 00000000 ____D C:\Users\xxx\AppData\Local\NPE
2015-08-03 13:51 - 2015-06-26 14:40 - 00000000 ____D C:\Users\xxx\Desktop\PowerCigs
2015-08-03 13:50 - 2014-11-04 10:17 - 00000000 ____D C:\Users\xxx\Desktop\SEO
2015-08-03 11:03 - 2015-07-10 11:08 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-03 11:03 - 2015-07-10 11:08 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-30 08:52 - 2014-04-29 14:04 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-04-20 11:39 - 2015-08-25 09:27 - 0013304 _____ () C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2014-05-20 09:26 - 2015-02-17 10:26 - 0000095 _____ () C:\Users\xxx\AppData\Roaming\WB.CFG
2015-08-25 17:22 - 2015-08-25 17:22 - 0001472 _____ () C:\Users\xxx\AppData\Local\recently-used.xbel
2015-06-23 09:48 - 2015-06-23 09:48 - 0007631 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2015-04-07 15:34 - 2015-04-07 15:34 - 0000032 RSHOT () C:\Users\xxx\AppData\Local\t70rc.dat
2014-04-30 11:19 - 2014-04-30 11:19 - 0210004 _____ () C:\ProgramData\1398849393.bdinstall.bin
2015-04-17 09:49 - 2015-04-17 09:49 - 0037629 _____ () C:\ProgramData\1429256950.bdinstall.bin
2015-04-17 10:43 - 2015-04-17 10:43 - 0097677 _____ () C:\ProgramData\1429256957.bdinstall.bin
2014-11-13 10:54 - 2014-11-13 10:54 - 0000008 __RSH () C:\ProgramData\sysqcl1131236454.dat
 
Einige Dateien in TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2015-08-24 12:40
 
==================== Ende vom FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 31 August 2015 - 07:07 AM

Hey, :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • JRT.txt
  • AdwCleaner[C1].txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 JanPC

JanPC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 31 August 2015 - 08:44 AM

Done :)

 

Malwarebytes Anti-Malware:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Suchlaufdatum: 31.08.2015
Suchlaufzeit: 14:09
Protokolldatei: MalwarebytesLog.txt
Administrator: Ja
 
Version: 2.1.8.1057
Malware-Datenbank: v2015.08.31.01
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
 
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxx
 
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309449
Abgelaufene Zeit: 17 Min., 22 Sek.
 
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
 
Prozesse: 0
(keine bösartigen Elemente erkannt)
 
Module: 0
(keine bösartigen Elemente erkannt)
 
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
 
Registrierungswerte: 0
(keine bösartigen Elemente erkannt)
 
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
 
Ordner: 0
(keine bösartigen Elemente erkannt)
 
Dateien: 4
PUP.Optional.PricePeep, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Löschen bei Neustart, [421b0d02dbb062d416534d5ae42002fe], 
PUP.Optional.PricePeep, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Löschen bei Neustart, [6df0f41bd1ba20160a5f63448d7750b0], 
PUP.Optional.ReMarkable, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Löschen bei Neustart, [2e2feb24008bcd69127f6c3d34d0c43c], 
PUP.Optional.ReMarkable, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Löschen bei Neustart, [2e2fae61d8b31f17d8b990199e66ad53], 
 
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
 
 
(end)
 
Junkware Removal Tool:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Professional x86
Ran by xxx on 31.08.2015 at 15:01:38,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\1398849393.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1429256950.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1429256957.bdinstall.bin
Successfully deleted: [File] C:\Users\xxx\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage
Successfully deleted: [File] C:\Users\xxx\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\xxx\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg
 
[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
klbibkeccnjlkjkiokjodocebajanakg
 
[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  klbibkeccnjlkjkiokjodocebajanakg
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2015 at 15:04:18,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner:
 
# AdwCleaner v5.004 - Bericht erstellt 31/08/2015 um 15:37:58
# Aktualisiert 26/08/2015 von Xplode
# Datenbank : 2015-08-30.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : xxx - XXX-PC
# Gestarted von : C:\Users\xxx\Downloads\AdwCleaner.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum
 
***** [ Dienste ] *****
 
 
***** [ Ordner ] *****
 
[-] Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp
 
***** [ Dateien ] *****
 
[-] Datei Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eakacpaijcpapndcfffdgphdiccmpknp
[-] Datei Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] Datei Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
 
***** [ Verknüpfungen ] *****
 
 
***** [ Geplante Tasks ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
 
***** [ Internetbrowser ] *****
 
 
*************************
 
:: Winsock Einstellungen zurückgesetzt
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1236 Bytes] ##########
 
 
Thank you for your Time!
 
Jan
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 31 August 2015 - 08:59 AM

Hi,

frst.pngfrstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 JanPC

JanPC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 31 August 2015 - 09:06 AM

Gemacht :)

 

Adittion:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-08-2015
durchgeführt von xxx (2015-08-31 16:02:40)
Gestartet von C:\Users\xxx\Downloads
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-1007796920-3790521198-3768304699-500 - Administrator - Disabled)
Gast (S-1-5-21-1007796920-3790521198-3768304699-501 - Limited - Disabled)
xxx (S-1-5-21-1007796920-3790521198-3768304699-1000 - Administrator - Enabled) => C:\Users\xxx
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten 
 
manuell deinstalliert werden.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - 
 
Atheros Communications Inc.)
Avira (HKLM\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Flux) (Version:  - )
FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Image Editor Packages (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Image Editor Packages) (Version:  - ) <==== ACHTUNG
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KeePass Password Safe 1.28 (HKLM\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl)
Launchy 2.5 (HKLM\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft 
 
Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 
 
10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime 
 
(x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 4.1 - Screaming Frog Ltd)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Xenu's Link Sleuth (HKLM\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat 
 
aufgelistet wird.)
 
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users
 
\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
 
==================== Wiederherstellungspunkte =========================
 
17-08-2015 18:19:26 Windows Update
18-08-2015 10:08:58 AbleBits.com Duplicate Remover for Microsoft Excel wird entfernt
18-08-2015 10:10:22 Removed Visual Studio 2012 x86 Redistributables
24-08-2015 09:04:22 Windows Update
24-08-2015 09:59:59 AbleBits.com Duplicate Remover for Microsoft Excel wird entfernt
24-08-2015 10:02:14 Removed Graphviz
24-08-2015 18:17:53 Windows Update
31-08-2015 09:14:03 Windows Update
31-08-2015 15:01:42 JRT Pre-Junkware Removal
 
==================== Hosts Inhalt: ==========================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat 
 
aufgelistet wird.)
 
Task: {2CDDC507-BFA6-4290-AA7A-4AC1EAA6BA1D} - System32\Tasks\{770405B0-DCFD-4182-A5EA-ABE2521D03CA} => pcalua.exe -a C:\Users\xxx\AppData\Local
 
\Temp\Temp1_ME_Win7-64_Win7_Vista64_Vista_XP64_XP(7.0.4.1197)[1].zip\ME(7.0.4.1197)\setup.exe
Task: {3E80F59D-1490-464B-AB8F-6FA13870A106} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files
 
\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {40FF97D9-EDCF-42BD-A0BB-FEF1E70E7FC8} - System32\Tasks\PC Frog Crawl => C:\Program Files\Screaming Frog SEO Spider
 
\ScreamingFrogSEOSpider.exe [2015-07-15] (Screaming Frog)
Task: {4BB75F9D-CDFB-45DB-8E1A-4318E187ADA4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft 
 
Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {4F5FCF13-2D83-4562-99A9-C59208C94396} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft 
 
Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8B0A7D1A-0AAF-4B35-9E6F-9BDA398E0AC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-
 
08-31] (Google Inc.)
Task: {BD1884A0-64AE-4D31-BD6F-74A6BF9C6537} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 
 
15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C4BC6445-5AAE-47B6-9BFA-E1DE3462F650} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe 
 
[2015-08-31] (Google Inc.)
Task: {D74402A4-8E49-4F52-B4EC-3D7633D9F5BF} - System32\Tasks\Asrsetup => D:\ASRSetup.exe
Task: {DCB3750D-4105-43AD-AE3E-5687C2A6971E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program 
 
Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F7DC5D9B-66A5-4015-A74A-B883BBD8E6A6} - System32\Tasks\{14A51FD3-267D-458A-965A-751B3F399718} => pcalua.exe -a "D:\Drivers\Rapid Storage 
 
Technology\Intel\Win7-64_Win7_Vista64_Vista_XP64_XP(1.0.1.0.1008_PV)\iata_cd.exe" -d "D:\Drivers\Rapid Storage Technology\Intel\Win7-
 
64_Win7_Vista64_Vista_XP64_XP(1.0.1.0.1008_PV)"
Task: {FE4651A7-7281-4908-9323-80BFB3A8C445} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files
 
\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FE949790-31A7-4AAF-A8E7-5FC9580A525A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform 
 
Ltd)
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht 
 
verschoben.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\price meter updater.job.73372.gzquar => C:\Users\xxx\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2015-04-08 16:57 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-04-08 09:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-08 09:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-08 09:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-08 09:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-08 09:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-02 17:20 - 2015-06-02 17:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-03-20 08:18 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-08 16:57 - 2015-04-08 16:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00380928 _____ () C:\Program Files\Launchy\Launchy.exe
2014-11-06 10:27 - 2009-12-16 23:13 - 08314880 _____ () C:\Program Files\Launchy\QtGui4.dll
2014-11-06 10:27 - 2009-12-16 22:54 - 02236416 _____ () C:\Program Files\Launchy\QtCore4.dll
2014-11-06 10:27 - 2009-12-16 22:56 - 00712704 _____ () C:\Program Files\Launchy\QtNetwork4.dll
2014-11-06 10:27 - 2009-12-17 01:18 - 00233472 _____ () C:\Program Files\Launchy\imageformats\qmng4.dll
2014-11-06 10:27 - 2010-11-10 20:39 - 00081920 _____ () C:\Program Files\Launchy\plugins\calcy.dll
2014-11-06 10:27 - 2010-11-10 20:39 - 00090112 _____ () C:\Program Files\Launchy\plugins\controly.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00024064 _____ () C:\Program Files\Launchy\plugins\gcalc.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00094208 _____ () C:\Program Files\Launchy\plugins\runner.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00057344 _____ () C:\Program Files\Launchy\plugins\verby.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00122880 _____ () C:\Program Files\Launchy\plugins\weby.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
2015-08-17 10:44 - 2015-08-17 10:44 - 00153768 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-08-17 10:44 - 2015-08-17 10:44 - 00023208 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-05-29 09:09 - 2015-05-29 09:09 - 00008704 _____ () C:\Users\xxx\AppData\Roaming\Thunderbird\Profiles\gjltl7nv.default\extensions
 
\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
AlternateDataStreams: C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML:OECustomProperty
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17945308.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17945308.sys => ""="Driver"
 
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
MSCONFIG\startupfolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An 
 
OneNote senden.lnk.Startup
MSCONFIG\startupreg: 5E8DDC1D58AE8A9246DA6F6C297F8E456117A4BC._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --
 
type=service
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: XFastUsb => C:\Program Files\XFastUsb\XFastUsb.exe
 
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat 
 
aufgelistet wird.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DD69B79E-4593-4A9C-9023-D4DEAA60293F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DF500115-AA95-477F-BC4D-58EEBE29AD03}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx
 
\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5971E087-EAF8-40C0-A8E7-16F2E6159AC9}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx
 
\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1429BD23-876A-40DB-A2F8-96731ED14094}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx
 
\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1E34218D-562B-45FD-93A0-DB70DCB0CE1A}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx
 
\appdata\local\akamai\netsession_win.exe
FirewallRules: [{933AA5D7-34AE-46BE-B1D1-CEEE0B5C4610}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{97D3A4B7-E355-4587-962B-2FADE421ABB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E1B6CA9-28DF-4E91-940D-698188735FA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{296E5C71-A091-4822-A401-504DBBA9168D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0DF52532-D867-414F-B403-5BD14E05FA0B}] => (Allow) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EA21D729-1926-47DF-9C94-D4ECBF82BD40}] => (Allow) %ProgramFiles%\Microsoft Office 15\root\office15\OUTLOOK.EXE
FirewallRules: [{D2CA5383-4BB4-4029-88E8-EB14EEF33C07}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update 
 
service
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
Name: 2-Bay Personal Cloud Storage
Description: 2-Bay Personal Cloud Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (08/31/2015 03:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner.exe, Version 5.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den 
 
Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 1d60
 
Startzeit: 01d0e3edf06f1a06
 
Endzeit: 3
 
Anwendungspfad: C:\Users\xxx\Downloads\AdwCleaner.exe
 
Berichts-ID: 9c4ea667-4fe3-11e5-8206-bc5ff4017ccc
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
 
Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT 
 
: 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der 
 
Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element 
 
nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der 
 
Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
 
 
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
Details:
Der Inhaltsindexkatalog 
 
ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch 
 
Neuerstellung des Indexes automatisch zu beheben.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
 
Details:
0x%08x (0xc0041800 - Die 
 
Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
 
Systemfehler:
=============
Error: (08/31/2015 03:41:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-
 
18LocalHost (unter Verwendung von LRPC)
 
Error: (08/31/2015 03:40:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom
 
Error: (08/31/2015 03:38:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109
 
Error: (08/31/2015 03:38:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053
 
Error: (08/31/2015 03:38:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Druckwarteschlange erreicht.
 
Error: (08/31/2015 03:38:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart 
 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056
 
Error: (08/31/2015 03:37:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 
 
10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (08/31/2015 03:37:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 
 
300000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (08/31/2015 03:37:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende 
 
Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (08/31/2015 03:37:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende 
 
Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
Microsoft Office:
=========================
Error: (08/31/2015 03:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe5.0.0.41d6001d0e3edf06f1a063C:\Users\xxx\Downloads\AdwCleaner.exe9c4ea667-4fe3-11e5-8206-bc5ff4017ccc
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) 
 
(0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) 
 
(0xc0041801)
Search.JetPropStore
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) 
 
(0xc0041800)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 89%
Installierter physikalischer RAM: 3050.66 MB
Verfügbarer physikalischer RAM: 327.47 MB
Summe virtueller Speicher: 6097.57 MB
Verfügbarer virtueller Speicher: 1820.57 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:413.06 GB) NTFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 538732CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== Ende vom Addition.txt ============================

Attached Files



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 01 September 2015 - 03:29 AM

Hey,

alles fit?
 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    Task: C:\Windows\Tasks\price meter updater.job.73372.gzquar => C:\Users\xxx\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
    S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
    S1 aylyoidx; \??\C:\Windows\system32\drivers\aylyoidx.sys [X]
    S1 brihpfxf; \??\C:\Windows\system32\drivers\brihpfxf.sys [X]
    S1 bsfdklqx; \??\C:\Windows\system32\drivers\bsfdklqx.sys [X]
    S1 ejvruvey; \??\C:\Windows\system32\drivers\ejvruvey.sys [X]
    S1 gjzpeemv; \??\C:\Windows\system32\drivers\gjzpeemv.sys [X]
    S1 hbujpcpc; \??\C:\Windows\system32\drivers\hbujpcpc.sys [X]
    S1 inaatnog; \??\C:\Windows\system32\drivers\inaatnog.sys [X]
    S1 jcxakzuj; \??\C:\Windows\system32\drivers\jcxakzuj.sys [X]
    S1 kbeuazvb; \??\C:\Windows\system32\drivers\kbeuazvb.sys [X]
    S1 lenmqhnq; \??\C:\Windows\system32\drivers\lenmqhnq.sys [X]
    S1 lgfcgtsm; \??\C:\Windows\system32\drivers\lgfcgtsm.sys [X]
    S1 lygwpwxb; \??\C:\Windows\system32\drivers\lygwpwxb.sys [X]
    S1 muoznemg; \??\C:\Windows\system32\drivers\muoznemg.sys [X]
    S1 qptegblo; \??\C:\Windows\system32\drivers\qptegblo.sys [X]
    S1 tmfwqttr; \??\C:\Windows\system32\drivers\tmfwqttr.sys [X]
    S1 tozpgmgn; \??\C:\Windows\system32\drivers\tozpgmgn.sys [X]
    S1 tvtoomqx; \??\C:\Windows\system32\drivers\tvtoomqx.sys [X]
    S1 wnhtcufj; \??\C:\Windows\system32\drivers\wnhtcufj.sys [X]
    C:\Windows\system32\Drivers\AsrCDDrv.sys
    C:\Windows\system32\drivers\aylyoidx.sys
    C:\Windows\system32\drivers\brihpfxf.sys
    C:\Windows\system32\drivers\bsfdklqx.sys
    C:\Windows\system32\drivers\ejvruvey.sys
    C:\Windows\system32\drivers\gjzpeemv.sys
    C:\Windows\system32\drivers\hbujpcpc.sys
    C:\Windows\system32\drivers\inaatnog.sys
    C:\Windows\system32\drivers\jcxakzuj.sys
    C:\Windows\system32\drivers\kbeuazvb.sys
    C:\Windows\system32\drivers\lenmqhnq.sys
    C:\Windows\system32\drivers\lgfcgtsm.sys
    C:\Windows\system32\drivers\lygwpwxb.sys
    C:\Windows\system32\drivers\muoznemg.sys
    C:\Windows\system32\drivers\qptegblo.sys
    C:\Windows\system32\drivers\tmfwqttr.sys
    C:\Windows\system32\drivers\tozpgmgn.sys
    C:\Windows\system32\drivers\tvtoomqx.sys
    C:\Windows\system32\drivers\wnhtcufj.sys
    2015-04-07 15:34 - 2015-04-07 15:34 - 0000032 RSHOT () C:\Users\xxx\AppData\Local\t70rc.dat
    2014-11-13 10:54 - 2014-11-13 10:54 - 0000008 __RSH () C:\ProgramData\sysqcl1131236454.dat
    C:\Users\xxx\AppData\Local\Temp\avgnt.exe
    C:\Users\xxx\AppData\Local\Temp\sqlite3.dll
    end
  • Click File, Save As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 3

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FixLog
  • ESET Online Scan log
  • FRST.txt
  • Addition.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 JanPC

JanPC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 01 September 2015 - 06:32 AM

Hey Machiavelli,

 

Joah läuft... Wetter is klasse, dann ist's immer besser ;)

 

  • FixLog:
Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-08-2015
durchgeführt von xxx (2015-09-01 11:46:46) Run:1
Gestartet von C:\Users\xxx\Downloads
Geladene Profile: xxx (Verfügbare Profile: xxx)
Start-Modus: Normal
 
==============================================
 
fixlist Inhalt:
*****************
start
CreateRestorePoint:
Task: C:\Windows\Tasks\price meter updater.job.73372.gzquar => C:\Users\xxx\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 aylyoidx; \??\C:\Windows\system32\drivers\aylyoidx.sys [X]
S1 brihpfxf; \??\C:\Windows\system32\drivers\brihpfxf.sys [X]
S1 bsfdklqx; \??\C:\Windows\system32\drivers\bsfdklqx.sys [X]
S1 ejvruvey; \??\C:\Windows\system32\drivers\ejvruvey.sys [X]
S1 gjzpeemv; \??\C:\Windows\system32\drivers\gjzpeemv.sys [X]
S1 hbujpcpc; \??\C:\Windows\system32\drivers\hbujpcpc.sys [X]
S1 inaatnog; \??\C:\Windows\system32\drivers\inaatnog.sys [X]
S1 jcxakzuj; \??\C:\Windows\system32\drivers\jcxakzuj.sys [X]
S1 kbeuazvb; \??\C:\Windows\system32\drivers\kbeuazvb.sys [X]
S1 lenmqhnq; \??\C:\Windows\system32\drivers\lenmqhnq.sys [X]
S1 lgfcgtsm; \??\C:\Windows\system32\drivers\lgfcgtsm.sys [X]
S1 lygwpwxb; \??\C:\Windows\system32\drivers\lygwpwxb.sys [X]
S1 muoznemg; \??\C:\Windows\system32\drivers\muoznemg.sys [X]
S1 qptegblo; \??\C:\Windows\system32\drivers\qptegblo.sys [X]
S1 tmfwqttr; \??\C:\Windows\system32\drivers\tmfwqttr.sys [X]
S1 tozpgmgn; \??\C:\Windows\system32\drivers\tozpgmgn.sys [X]
S1 tvtoomqx; \??\C:\Windows\system32\drivers\tvtoomqx.sys [X]
S1 wnhtcufj; \??\C:\Windows\system32\drivers\wnhtcufj.sys [X]
C:\Windows\system32\Drivers\AsrCDDrv.sys
C:\Windows\system32\drivers\aylyoidx.sys
C:\Windows\system32\drivers\brihpfxf.sys
C:\Windows\system32\drivers\bsfdklqx.sys
C:\Windows\system32\drivers\ejvruvey.sys
C:\Windows\system32\drivers\gjzpeemv.sys
C:\Windows\system32\drivers\hbujpcpc.sys
C:\Windows\system32\drivers\inaatnog.sys
C:\Windows\system32\drivers\jcxakzuj.sys
C:\Windows\system32\drivers\kbeuazvb.sys
C:\Windows\system32\drivers\lenmqhnq.sys
C:\Windows\system32\drivers\lgfcgtsm.sys
C:\Windows\system32\drivers\lygwpwxb.sys
C:\Windows\system32\drivers\muoznemg.sys
C:\Windows\system32\drivers\qptegblo.sys
C:\Windows\system32\drivers\tmfwqttr.sys
C:\Windows\system32\drivers\tozpgmgn.sys
C:\Windows\system32\drivers\tvtoomqx.sys
C:\Windows\system32\drivers\wnhtcufj.sys
2015-04-07 15:34 - 2015-04-07 15:34 - 0000032 RSHOT () C:\Users\xxx\AppData\Local\t70rc.dat
2014-11-13 10:54 - 2014-11-13 10:54 - 0000008 __RSH () C:\ProgramData\sysqcl1131236454.dat
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\sqlite3.dll
end
*****************
 
Wiederherstellungspunkt wurde erfolgreich erstellt.
C:\Windows\Tasks\price meter updater.job.73372.gzquar => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wert erfolgreich entfernt
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Schlüssel nicht gefunden. 
AsrCDDrv => service erfolgreich entfernt
aylyoidx => service erfolgreich entfernt
brihpfxf => service erfolgreich entfernt
bsfdklqx => service erfolgreich entfernt
ejvruvey => service erfolgreich entfernt
gjzpeemv => service erfolgreich entfernt
hbujpcpc => service erfolgreich entfernt
inaatnog => service erfolgreich entfernt
jcxakzuj => service erfolgreich entfernt
kbeuazvb => service erfolgreich entfernt
lenmqhnq => service erfolgreich entfernt
lgfcgtsm => service erfolgreich entfernt
lygwpwxb => service erfolgreich entfernt
muoznemg => service erfolgreich entfernt
qptegblo => service erfolgreich entfernt
tmfwqttr => service erfolgreich entfernt
tozpgmgn => service erfolgreich entfernt
tvtoomqx => service erfolgreich entfernt
wnhtcufj => service erfolgreich entfernt
"C:\Windows\system32\Drivers\AsrCDDrv.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\aylyoidx.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\brihpfxf.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\bsfdklqx.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\ejvruvey.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\gjzpeemv.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\hbujpcpc.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\inaatnog.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\jcxakzuj.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\kbeuazvb.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\lenmqhnq.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\lgfcgtsm.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\lygwpwxb.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\muoznemg.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\qptegblo.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\tmfwqttr.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\tozpgmgn.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\tvtoomqx.sys" => Datei/Ordner nicht gefunden.
"C:\Windows\system32\drivers\wnhtcufj.sys" => Datei/Ordner nicht gefunden.
C:\Users\xxx\AppData\Local\t70rc.dat => erfolgreich verschoben
C:\ProgramData\sysqcl1131236454.dat => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Temp\avgnt.exe => erfolgreich verschoben
"C:\Users\xxx\AppData\Local\Temp\sqlite3.dll" => Datei/Ordner nicht gefunden.
 
==== Ende vom Fixlog 11:47:44 ====
 
 
 
  • ESET Online Scan log
C:\AdwCleaner\Quarantine\C\Program Files\Linkey\ChromeExtension\ChromeExtension.crx.vir Win32/AztecMedia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Linkey\IEExtension\iedll64.dll.55548.gzquar a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Settings Manager\systemk\tbicon.exe.55558.gzquar a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\xxx\AppData\Local\Mysearchdial\1.8.29.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\xxx\AppData\Local\PriceMeter\uninst.exe.55580.gzquar a variant of Win32/DealPly.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\xxx\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js JS/Astromenda.A potentially unwanted application
C:\Users\xxx\Downloads\AlteDWNS\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\xxx\Downloads\AlteDWNS\chromepass_1.26.zip a variant of Win32/PSWTool.ChromePass.A potentially unsafe application
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer (1).exe a variant of Win32/DownloadSponsor.C potentially unwanted application
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
C:\Users\xxx\Downloads\AlteDWNS\Thunderbird Portable - CHIP-Installer.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
C:\Users\xxx\Downloads\AlteDWNS\VLC media player 32 Bit - CHIP-Installer.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
C:\Windows\Installer\MSI9D5C.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
 

 

 

 

FRST

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2015
durchgeführt von xxx (Administrator) auf XXX-PC (01-09-2015 13:27:13)
Gestartet von C:\Users\xxx\Downloads
Geladene Profile: xxx (Verfügbare Profile: xxx)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\xxx\AppData\Local\FluxSoftware\Flux\flux.exe
(Akamai Technologies, Inc.) C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(iDevDirect.com L.L.C.) C:\Program Files\CommissionAlert\CommissionAlert.exe
() C:\Program Files\Launchy\Launchy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Screaming Frog) C:\Program Files\Screaming Frog SEO Spider\ScreamingFrogSEOSpider.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_40\bin\javaw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9914984 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Akamai NetSession Interface] => C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [f.lux] => C:\Users\xxx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-06-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CommissionAlert.lnk [2014-12-12]
ShortcutTarget: CommissionAlert.lnk -> C:\Program Files\CommissionAlert\CommissionAlert.exe (iDevDirect.com L.L.C.)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-11-06]
ShortcutTarget: Launchy.lnk -> C:\Program Files\Launchy\Launchy.exe ()
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52DA0F48-EAC2-41C9-8B3C-81A0D841EAB9}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000 -> {A74DA58F-BC10-4995-AACB-8C1426E16883} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--1.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--2.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--3.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--4.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar--5.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar-.xml [2014-11-19]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\searchplugins\google-scholar.xml [2014-11-19]
FF Extension: Add to Search Bar - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-11-19]
FF Extension: MozBar - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\toolbar@seomoz.org.xpi [2015-07-23]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dbbopz2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-11-04]
 
Chrome: 
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cahoots) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\acajoolgbgnpbmefodjcfbbfahnhhanp [2015-08-24]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-11-03]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (OneTab) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-12-11]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Kein Name) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2015-08-31]
CHR Extension: (Page Analytics (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-04-29]
CHR Extension: (AdBlock) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-04]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2014-04-29]
CHR Extension: (Show / hide passwords) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlainjaalmfjjpjmedhchmaclcbbbpe [2014-11-25]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-11-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-04]
CHR Extension: (TopicHeads - Text Checker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncpgiafoaodmfjnhajaojhhdjmaoaah [2014-11-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-20]
CHR Extension: (Ghostery) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-19]
CHR Extension: (Session Manager) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Slides) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (WinToFlash Suggestor) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (SPOTS - A better way to start) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Citavi Picker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-10]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-04]
CHR HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 eapihdrv; C:\Users\xxx\AppData\Local\Temp\ehdrv.sys [135760 2015-09-01] (ESET)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslc0229e65; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C181957C-787A-4AE6-8A4A-B550D04BDFC2}\MpKslc0229e65.sys [39168 2015-09-01] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 thsvdjpr; C:\Windows\system32\Drivers\thsvdjpr.sys [411552 2014-04-29] (AVAST Software)
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-09-01 13:25 - 2015-09-01 13:25 - 00008450 _____ C:\Users\xxx\Desktop\MyEsetScan.txt
2015-09-01 11:50 - 2015-09-01 11:50 - 00000000 ____D C:\Program Files\ESET
2015-09-01 11:49 - 2015-09-01 11:49 - 02870984 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe
2015-09-01 09:13 - 2015-09-01 09:59 - 00000000 ____D C:\Users\xxx\Desktop\Neuer Ordner
2015-09-01 08:53 - 2015-09-01 13:27 - 00000020 ____H C:\Users\xxx\Documents\DatabasePowercigs.kdb.lock
2015-08-31 17:54 - 2015-08-31 17:54 - 00117578 _____ C:\Users\xxx\Desktop\Neue Studie und so für DfA.odt
2015-08-31 17:50 - 2015-08-31 17:50 - 00127892 _____ C:\Users\xxx\Downloads\Neue Studie und so für DfA.odt
2015-08-31 16:04 - 2015-08-31 16:04 - 00053437 _____ C:\Users\xxx\Downloads\FRST1.txt
2015-08-31 16:04 - 2015-08-31 16:04 - 00031087 _____ C:\Users\xxx\Desktop\Addition.txt
2015-08-31 16:00 - 2015-08-31 16:00 - 00000000 ____D C:\Users\xxx\Downloads\FRST-OlderVersion
2015-08-31 15:42 - 2015-08-31 15:42 - 01798640 _____ (Malwarebytes Corporation) C:\Users\xxx\Downloads\JRT (2).exe
2015-08-31 15:40 - 2015-08-31 15:40 - 00001315 _____ C:\Users\xxx\Desktop\AdwCleaner[C4].txt
2015-08-31 15:06 - 2015-08-31 15:06 - 01618432 _____ C:\Users\xxx\Downloads\AdwCleaner.exe
2015-08-31 15:05 - 2015-08-31 15:05 - 01798640 _____ (Malwarebytes Corporation) C:\Users\xxx\Downloads\JRT (1).exe
2015-08-31 15:04 - 2015-08-31 15:04 - 00002040 _____ C:\Users\xxx\Desktop\JRT.txt
2015-08-31 14:59 - 2015-08-31 14:59 - 01798640 _____ (Malwarebytes Corporation) C:\Users\xxx\Downloads\JRT.exe
2015-08-31 14:32 - 2015-09-01 08:51 - 00000168 _____ C:\Windows\setupact.log
2015-08-31 14:32 - 2015-08-31 14:32 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1D4E7E41.sys
2015-08-31 14:32 - 2015-08-31 14:32 - 00000000 _____ C:\Windows\setuperr.log
2015-08-31 14:31 - 2015-08-31 15:39 - 00002080 _____ C:\Windows\PFRO.log
2015-08-28 16:03 - 2015-08-28 16:03 - 00001500 _____ C:\Users\xxx\AppData\Local\recently-used.xbel
2015-08-28 14:05 - 2015-08-28 14:06 - 00000401 _____ C:\Users\xxx\Downloads\welches-liquid-schmeckt-nach-welchem-tabak-produkt.csv
2015-08-27 10:59 - 2015-08-27 10:59 - 00008609 _____ C:\Users\xxx\Desktop\PCURLLIst.txt
2015-08-27 10:55 - 2015-08-27 10:55 - 00000165 ____H C:\Users\xxx\Desktop\~$Microsoft Excel Worksheet (neu) (2).xlsx
2015-08-27 10:54 - 2015-08-27 10:54 - 00006322 _____ C:\Users\xxx\Desktop\Microsoft Excel Worksheet (neu) (2).xlsx
2015-08-27 10:53 - 2015-08-27 10:53 - 00022478 _____ C:\Users\xxx\Desktop\TabMapPC2708.txt
2015-08-27 10:53 - 2015-08-27 10:53 - 00019281 _____ C:\Users\xxx\Desktop\CrawlPC2708.txt
2015-08-26 17:23 - 2015-08-26 17:23 - 00000000 ____D C:\Users\xxx\AppData\Local\TempTaskUpdateDetection125BB8A6-C58A-497A-95D6-7864EFF026E3
2015-08-26 16:28 - 2015-08-31 16:03 - 00031087 _____ C:\Users\xxx\Downloads\Addition.txt
2015-08-26 16:21 - 2015-09-01 13:27 - 00029598 _____ C:\Users\xxx\Downloads\FRST.txt
2015-08-26 16:21 - 2015-09-01 13:27 - 00000000 ____D C:\FRST
2015-08-26 16:21 - 2015-08-31 16:00 - 01690624 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-08-26 16:01 - 2015-08-26 16:01 - 01605632 _____ C:\Users\xxx\Downloads\adwcleaner_5.003.exe
2015-08-26 14:11 - 2015-08-26 14:11 - 00099521 _____ C:\Users\xxx\Downloads\278752.csv
2015-08-26 09:33 - 2015-09-01 09:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-26 09:31 - 2015-08-26 09:31 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-26 09:31 - 2015-08-26 09:31 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-26 09:31 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-26 09:31 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 09:31 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 09:29 - 2015-08-26 09:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-26 09:28 - 2015-08-26 09:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-25 17:14 - 2015-08-26 09:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 18:18 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 18:18 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-24 09:07 - 2015-08-24 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-24 09:07 - 2015-08-24 09:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-19 09:43 - 2015-08-24 10:14 - 00000000 ____D C:\Users\xxx\Downloads\AlteDWNS
2015-08-19 08:47 - 2015-08-25 15:49 - 00000000 ____D C:\Users\xxx\Desktop\BIlderrauchenfürterror
2015-08-18 09:05 - 2015-08-18 11:02 - 01253948 _____ C:\Users\xxx\Desktop\Links 180082015.xlsx
2015-08-17 18:20 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 16:58 - 2015-08-17 16:59 - 00000000 ____D C:\Users\xxx\Desktop\OnPageExport
2015-08-17 10:44 - 2015-08-17 10:45 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-08-17 09:25 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-17 09:25 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-17 09:25 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-17 09:25 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-17 09:25 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-17 09:25 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 09:25 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-17 09:25 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 09:25 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-17 09:25 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-17 09:25 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-17 09:25 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-17 09:25 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 09:25 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-17 09:25 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-17 09:25 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-17 09:25 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-17 09:25 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-17 09:25 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-17 09:25 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-17 09:25 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-17 09:25 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 09:25 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-17 09:25 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-17 09:25 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-17 09:25 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-17 09:25 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-17 09:25 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-17 09:24 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-17 09:24 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 09:24 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 09:24 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-17 09:24 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-17 09:24 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-17 09:24 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-17 09:24 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-17 09:24 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-17 09:24 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-17 09:24 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-17 09:24 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-17 09:24 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-17 09:24 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-17 09:24 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-17 09:24 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-17 09:24 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-17 09:24 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-17 09:24 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-17 09:24 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-17 09:24 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-17 09:24 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-17 09:24 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-17 09:24 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-17 09:24 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-17 09:24 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-17 09:24 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-17 09:24 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-17 09:24 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-17 09:24 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-17 09:24 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-17 09:24 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-17 09:24 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-17 09:24 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 09:24 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 09:23 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 09:23 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 09:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-17 09:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-05 09:58 - 2015-08-05 15:50 - 00000000 ____D C:\Users\xxx\Desktop\Umfrage
2015-08-04 14:15 - 2015-08-04 17:38 - 00081602 _____ C:\Users\xxx\Desktop\Microsoft Excel Worksheet (neu).xlsx
2015-08-03 13:47 - 2015-08-03 13:50 - 00000000 ____D C:\Users\xxx\Desktop\gScrapr
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-09-01 13:24 - 2014-04-16 08:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2015-09-01 12:52 - 2009-07-14 06:34 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 12:52 - 2009-07-14 06:34 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 09:05 - 2015-05-21 09:53 - 01757681 _____ C:\Windows\WindowsUpdate.log
2015-09-01 08:51 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 15:37 - 2015-04-01 17:00 - 00000000 ____D C:\AdwCleaner
2015-08-31 15:02 - 2015-05-21 10:10 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-31 14:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2015-08-31 09:31 - 2014-04-29 09:21 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 09:31 - 2014-04-29 09:21 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 16:03 - 2014-11-04 18:07 - 00000000 ____D C:\Users\xxx\.gimp-2.8
2015-08-28 16:02 - 2014-11-04 18:09 - 00000000 ____D C:\Users\xxx\AppData\Local\gtk-2.0
2015-08-27 14:43 - 2014-11-19 10:36 - 00000000 ____D C:\Users\xxx\Desktop\Texte veröffentlicht
2015-08-27 10:55 - 2015-05-05 16:10 - 00010449 _____ C:\Users\xxx\Desktop\SeoTools.config.xml
2015-08-26 13:14 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 11:17 - 2015-07-10 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-26 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Branding
2015-08-26 09:04 - 2014-04-29 15:01 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2015-08-26 09:00 - 2014-09-30 17:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-25 10:22 - 2014-03-20 10:27 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2015-08-25 09:27 - 2015-04-20 11:39 - 00013304 _____ C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2015-08-25 09:17 - 2015-04-08 16:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-24 18:15 - 2014-11-03 18:51 - 00012828 _____ C:\Users\xxx\Documents\DatabasePowercigs.kdb
2015-08-24 12:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-08-24 11:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-24 10:04 - 2014-04-13 15:46 - 00000000 ____D C:\Program Files\Canon
2015-08-24 10:01 - 2015-05-12 09:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Add-in Express
2015-08-24 10:01 - 2014-03-20 10:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-24 09:08 - 2014-04-16 08:47 - 00000000 ____D C:\ProgramData\Skype
2015-08-24 09:07 - 2014-10-15 09:07 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 10:44 - 2014-11-03 10:13 - 00000000 ____D C:\Users\xxx\Desktop\JMA
2015-08-19 09:42 - 2014-11-18 19:13 - 00000000 ___RD C:\Users\xxx\Desktop\Progs
2015-08-19 09:41 - 2015-07-13 17:40 - 00000000 ____D C:\Users\xxx\Desktop\LinkChecker
2015-08-19 08:50 - 2015-02-05 19:04 - 00000000 ____D C:\Users\xxx\Desktop\E-Zig BLOG
2015-08-18 15:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-18 14:34 - 2014-11-19 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 11:05 - 2015-01-30 14:17 - 00000000 ____D C:\Users\xxx\Desktop\Disavow
2015-08-18 08:52 - 2009-07-14 06:33 - 00467200 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-18 08:50 - 2014-03-20 16:53 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-18 08:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-17 09:09 - 2014-04-28 19:22 - 00000000 ____D C:\Users\xxx\AppData\Local\Akamai
2015-08-06 16:38 - 2015-05-08 09:22 - 00000000 ____D C:\Users\xxx\AppData\Local\NPE
2015-08-03 13:51 - 2015-06-26 14:40 - 00000000 ____D C:\Users\xxx\Desktop\PowerCigs
2015-08-03 13:50 - 2014-11-04 10:17 - 00000000 ____D C:\Users\xxx\Desktop\SEO
2015-08-03 11:03 - 2015-07-10 11:08 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-03 11:03 - 2015-07-10 11:08 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-04-20 11:39 - 2015-08-25 09:27 - 0013304 _____ () C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2014-05-20 09:26 - 2015-02-17 10:26 - 0000095 _____ () C:\Users\xxx\AppData\Roaming\WB.CFG
2015-08-28 16:03 - 2015-08-28 16:03 - 0001500 _____ () C:\Users\xxx\AppData\Local\recently-used.xbel
2015-06-23 09:48 - 2015-06-23 09:48 - 0007631 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2015-08-24 12:40
 
==================== Ende vom FRST.txt ============================
 
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-08-2015
durchgeführt von xxx (2015-09-01 13:28:19)
Gestartet von C:\Users\xxx\Downloads
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-1007796920-3790521198-3768304699-500 - Administrator - Disabled)
Gast (S-1-5-21-1007796920-3790521198-3768304699-501 - Limited - Disabled)
xxx (S-1-5-21-1007796920-3790521198-3768304699-1000 - Administrator - Enabled) => C:\Users\xxx
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Flux) (Version:  - )
FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Image Editor Packages (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\Image Editor Packages) (Version:  - ) <==== ACHTUNG
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KeePass Password Safe 1.28 (HKLM\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl)
Launchy 2.5 (HKLM\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 4.1 - Screaming Frog Ltd)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Xenu's Link Sleuth (HKLM\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1007796920-3790521198-3768304699-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
 
==================== Wiederherstellungspunkte =========================
 
18-08-2015 10:08:58 AbleBits.com Duplicate Remover for Microsoft Excel wird entfernt
18-08-2015 10:10:22 Removed Visual Studio 2012 x86 Redistributables
24-08-2015 09:04:22 Windows Update
24-08-2015 09:59:59 AbleBits.com Duplicate Remover for Microsoft Excel wird entfernt
24-08-2015 10:02:14 Removed Graphviz
24-08-2015 18:17:53 Windows Update
31-08-2015 09:14:03 Windows Update
31-08-2015 15:01:42 JRT Pre-Junkware Removal
01-09-2015 11:47:03 Restore Point Created by FRST
 
==================== Hosts Inhalt: ==========================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Task: {2CDDC507-BFA6-4290-AA7A-4AC1EAA6BA1D} - System32\Tasks\{770405B0-DCFD-4182-A5EA-ABE2521D03CA} => pcalua.exe -a C:\Users\xxx\AppData\Local\Temp\Temp1_ME_Win7-64_Win7_Vista64_Vista_XP64_XP(7.0.4.1197)[1].zip\ME(7.0.4.1197)\setup.exe
Task: {3E80F59D-1490-464B-AB8F-6FA13870A106} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {40FF97D9-EDCF-42BD-A0BB-FEF1E70E7FC8} - System32\Tasks\PC Frog Crawl => C:\Program Files\Screaming Frog SEO Spider\ScreamingFrogSEOSpider.exe [2015-07-15] (Screaming Frog)
Task: {4BB75F9D-CDFB-45DB-8E1A-4318E187ADA4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {4F5FCF13-2D83-4562-99A9-C59208C94396} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8B0A7D1A-0AAF-4B35-9E6F-9BDA398E0AC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BD1884A0-64AE-4D31-BD6F-74A6BF9C6537} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C4BC6445-5AAE-47B6-9BFA-E1DE3462F650} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D74402A4-8E49-4F52-B4EC-3D7633D9F5BF} - System32\Tasks\Asrsetup => D:\ASRSetup.exe
Task: {DCB3750D-4105-43AD-AE3E-5687C2A6971E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F7DC5D9B-66A5-4015-A74A-B883BBD8E6A6} - System32\Tasks\{14A51FD3-267D-458A-965A-751B3F399718} => pcalua.exe -a "D:\Drivers\Rapid Storage Technology\Intel\Win7-64_Win7_Vista64_Vista_XP64_XP(1.0.1.0.1008_PV)\iata_cd.exe" -d "D:\Drivers\Rapid Storage Technology\Intel\Win7-64_Win7_Vista64_Vista_XP64_XP(1.0.1.0.1008_PV)"
Task: {FE4651A7-7281-4908-9323-80BFB3A8C445} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FE949790-31A7-4AAF-A8E7-5FC9580A525A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2015-04-08 16:57 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-04-08 09:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-08 09:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-08 09:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-08 09:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-08 09:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-02 17:20 - 2015-06-02 17:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2014-03-20 08:18 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-04-08 16:57 - 2015-04-08 16:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00380928 _____ () C:\Program Files\Launchy\Launchy.exe
2014-11-06 10:27 - 2009-12-16 23:13 - 08314880 _____ () C:\Program Files\Launchy\QtGui4.dll
2014-11-06 10:27 - 2009-12-16 22:54 - 02236416 _____ () C:\Program Files\Launchy\QtCore4.dll
2014-11-06 10:27 - 2009-12-16 22:56 - 00712704 _____ () C:\Program Files\Launchy\QtNetwork4.dll
2014-11-06 10:27 - 2009-12-17 01:18 - 00233472 _____ () C:\Program Files\Launchy\imageformats\qmng4.dll
2014-11-06 10:27 - 2010-11-10 20:39 - 00081920 _____ () C:\Program Files\Launchy\plugins\calcy.dll
2014-11-06 10:27 - 2010-11-10 20:39 - 00090112 _____ () C:\Program Files\Launchy\plugins\controly.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00024064 _____ () C:\Program Files\Launchy\plugins\gcalc.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00094208 _____ () C:\Program Files\Launchy\plugins\runner.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00057344 _____ () C:\Program Files\Launchy\plugins\verby.dll
2014-11-06 10:27 - 2010-11-10 20:38 - 00122880 _____ () C:\Program Files\Launchy\plugins\weby.dll
2015-08-17 10:44 - 2015-08-17 10:44 - 00153768 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-08-17 10:44 - 2015-08-17 10:44 - 00023208 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-05-29 09:09 - 2015-05-29 09:09 - 00008704 _____ () C:\Users\xxx\AppData\Roaming\Thunderbird\Profiles\gjltl7nv.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-24 09:36 - 2015-08-18 07:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
AlternateDataStreams: C:\Users\xxx\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML:OECustomProperty
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17945308.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17945308.sys => ""="Driver"
 
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-1007796920-3790521198-3768304699-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
MSCONFIG\startupfolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: 5E8DDC1D58AE8A9246DA6F6C297F8E456117A4BC._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: XFastUsb => C:\Program Files\XFastUsb\XFastUsb.exe
 
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DD69B79E-4593-4A9C-9023-D4DEAA60293F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DF500115-AA95-477F-BC4D-58EEBE29AD03}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5971E087-EAF8-40C0-A8E7-16F2E6159AC9}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1429BD23-876A-40DB-A2F8-96731ED14094}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1E34218D-562B-45FD-93A0-DB70DCB0CE1A}C:\users\xxx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\xxx\appdata\local\akamai\netsession_win.exe
FirewallRules: [{933AA5D7-34AE-46BE-B1D1-CEEE0B5C4610}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{97D3A4B7-E355-4587-962B-2FADE421ABB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E1B6CA9-28DF-4E91-940D-698188735FA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{296E5C71-A091-4822-A401-504DBBA9168D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0DF52532-D867-414F-B403-5BD14E05FA0B}] => (Allow) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EA21D729-1926-47DF-9C94-D4ECBF82BD40}] => (Allow) %ProgramFiles%\Microsoft Office 15\root\office15\OUTLOOK.EXE
FirewallRules: [{D2CA5383-4BB4-4029-88E8-EB14EEF33C07}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
Name: 2-Bay Personal Cloud Storage
Description: 2-Bay Personal Cloud Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (09/01/2015 11:47:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 
Vorgang:
   Generatordaten werden gesammelt
 
Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b9420573-c3a5-42d0-9ce0-6902edfffb84}
 
Error: (08/31/2015 03:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner.exe, Version 5.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 1d60
 
Startzeit: 01d0e3edf06f1a06
 
Endzeit: 3
 
Anwendungspfad: C:\Users\xxx\Downloads\AdwCleaner.exe
 
Berichts-ID: 9c4ea667-4fe3-11e5-8206-bc5ff4017ccc
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
 
Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 
Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Systemfehler:
=============
Error: (09/01/2015 08:52:37 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 
Error: (09/01/2015 08:51:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom
 
Error: (08/31/2015 06:01:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/31/2015 05:39:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (08/31/2015 05:21:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (08/31/2015 05:16:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (08/31/2015 05:13:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (08/31/2015 04:32:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 
Error: (08/31/2015 04:32:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 
Error: (08/31/2015 03:41:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 
 
Microsoft Office:
=========================
Error: (09/01/2015 11:47:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
 
 
Vorgang:
   Generatordaten werden gesammelt
 
Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b9420573-c3a5-42d0-9ce0-6902edfffb84}
 
Error: (08/31/2015 03:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe5.0.0.41d6001d0e3edf06f1a063C:\Users\xxx\Downloads\AdwCleaner.exe9c4ea667-4fe3-11e5-8206-bc5ff4017ccc
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2015 02:32:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
Details:
Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (08/31/2015 02:32:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Details:
Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 3050.66 MB
Verfügbarer physikalischer RAM: 1081.01 MB
Summe virtueller Speicher: 6549.57 MB
Verfügbarer virtueller Speicher: 2314.67 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:412.52 GB) NTFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 538732CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== Ende vom Addition.txt ============================
 
 
VG
J


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 01 September 2015 - 07:00 AM

Hey,
freut mich zu hören. Ich muss leider viel arbeiten zurzeit. :/
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
    C:\Users\xxx\Downloads\AlteDWNS\ccsetup419.exe
    C:\Users\xxx\Downloads\AlteDWNS\chromepass_1.26.zip
    C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer (1).exe
    C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer.exe
    C:\Users\xxx\Downloads\AlteDWNS\Thunderbird Portable - CHIP-Installer.exe
    C:\Users\xxx\Downloads\AlteDWNS\VLC media player 32 Bit - CHIP-Installer.exe
    C:\Windows\Installer\MSI9D5C.tmp
    
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Wie läuft das System?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 JanPC

JanPC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 02 September 2015 - 03:58 AM

Hey,

 

leider keine veränderung :(

 

Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-08-2015
durchgeführt von xxx (2015-09-01 14:11:14) Run:2
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx)
Start-Modus: Normal
 
==============================================
 
fixlist Inhalt:
*****************
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js
C:\Users\xxx\Downloads\AlteDWNS\ccsetup419.exe
C:\Users\xxx\Downloads\AlteDWNS\chromepass_1.26.zip
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer (1).exe
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer.exe
C:\Users\xxx\Downloads\AlteDWNS\Thunderbird Portable - CHIP-Installer.exe
C:\Users\xxx\Downloads\AlteDWNS\VLC media player 32 Bit - CHIP-Installer.exe
C:\Windows\Installer\MSI9D5C.tmp
*****************
 
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\background.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\bootstrap.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\newtab.js => erfolgreich verschoben
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.4.5_0\js\opentab.js => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\ccsetup419.exe => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\chromepass_1.26.zip => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer (1).exe => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\HijackThis - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\Thunderbird Portable - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\xxx\Downloads\AlteDWNS\VLC media player 32 Bit - CHIP-Installer.exe => erfolgreich verschoben
C:\Windows\Installer\MSI9D5C.tmp => erfolgreich verschoben
 
==== Ende vom Fixlog 14:11:29 ====


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 02 September 2015 - 05:04 AM

Please follow these instructions here to reset chrome.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,879 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:14 PM

Posted 06 September 2015 - 03:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users