Virus/Trojaner Qvo6

wolfi2728 · 29.07.2013, 10:33

Hallo!
Habe mir den Qvo6 auf dem PC eingefangen. Malwarebytes findet ihn, doch beim nächsten Start von Firefox ist er wieder da und ich werde auf die Startseite von Qvo6 umgeleitet.
Vielen Dank für eure Hilfe
Gruß Wolfgang

schrauber · 29.07.2013, 10:38

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

wolfi2728 · 29.07.2013, 10:46

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Wolfgang (administrator) on 29-07-2013 11:43:34
Running from C:\Users\Wolfgang\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) D:\Programme\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) D:\Programme\Avast5\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [] - D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - D:\Programme\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - D:\Programme\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKLM-x32\...\Run: [avast] - D:\Programme\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [KiesTrayAgent] - D:\Programme\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
IMEO\cdspeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\coverdes.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\drivespeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiesagent.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiessetup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\nero.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\setup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\waveedit.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\wmdc.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Qvo6.com
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Qvo6.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~3\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\k5ho7gqq.default
FF user.js: detected! => C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\k5ho7gqq.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD3200AAJS-00YZCA0_WD-WCAYU464075240752&ts=1375086876
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Programme\Avast5\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Programme\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-25] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TuneUpUtilitiesDrv; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:14 - 2013-07-29 11:15 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 10:44 - 2013-07-29 10:45 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:35 - 2013-07-29 11:09 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-29 10:33 - 2013-07-29 10:33 - 00000952 _____ C:\Users\Wolfgang\Desktop\PutLockerDownloader.lnk
2013-07-29 10:33 - 2013-07-29 10:33 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
2013-07-20 10:33 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 10:33 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 21:08 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-19 21:07 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-19 21:07 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-19 21:07 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-19 21:07 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-19 21:07 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-19 21:07 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-19 21:07 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-19 21:07 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-19 21:07 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-19 21:07 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-19 21:07 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-19 21:07 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-19 21:07 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-19 21:07 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-19 21:07 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-19 21:01 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-19 21:00 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-19 21:00 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-19 20:59 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-19 20:59 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-19 20:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-19 20:58 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-19 20:58 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-04 17:14 - 2013-07-04 17:26 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:24 - 2013-07-04 08:25 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-04 07:40 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:16 - 2012-12-07 16:00 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2248620764-1602766578-3412886822-1001
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:15 - 2013-07-29 11:14 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:15 - 2013-06-24 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:14 - 2012-12-07 16:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 11:09 - 2013-07-29 10:35 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 11:09 - 2012-12-07 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-29 11:09 - 2012-12-07 15:39 - 00157028 _____ C:\Windows\PFRO.log
2013-07-29 11:09 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 11:08 - 2012-12-07 15:52 - 01871244 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:08 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-29 10:45 - 2013-07-29 10:44 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-29 10:34 - 2012-12-07 15:53 - 00001241 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-29 10:34 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-29 10:34 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-29 10:33 - 2013-07-29 10:33 - 00000952 _____ C:\Users\Wolfgang\Desktop\PutLockerDownloader.lnk
2013-07-29 10:33 - 2013-07-29 10:33 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
2013-07-29 10:27 - 2012-12-12 21:33 - 00000000 ____D C:\Users\Wolfgang\Downloads\F1 2012
2013-07-29 09:28 - 2012-12-07 17:08 - 00000000 ____D C:\Users\Wolfgang\Documents\Outlook-Dateien
2013-07-29 08:45 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-07-29 08:45 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-07-29 08:45 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 08:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-27 11:54 - 2012-12-13 00:02 - 00000000 ____D C:\Users\Wolfgang\Documents\My PSP Files
2013-07-24 18:40 - 2012-07-26 09:21 - 00035864 _____ C:\Windows\setupact.log
2013-07-22 10:04 - 2012-12-24 08:52 - 00000000 ____D C:\Users\Wolfgang\Downloads\Neuer Ordner
2013-07-22 09:46 - 2012-12-07 17:09 - 00003888 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 09:46 - 2012-12-07 17:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-20 10:30 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 10:29 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-19 08:45 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 08:38 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-16 21:17 - 2012-12-07 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:14 - 2012-12-13 00:11 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-16 20:33 - 2012-12-12 21:56 - 00000000 ____D C:\Users\Wolfgang\AppData\Local\Adobe
2013-07-16 20:31 - 2012-12-07 16:33 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-04 17:26 - 2013-07-04 17:14 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:25 - 2013-07-04 08:24 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-03 10:55 - 2013-03-23 18:53 - 00105984 ___SH C:\Users\Wolfgang\Desktop\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 09:40

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by Wolfgang at 2013-07-29 11:46:03
Running from C:\Users\Wolfgang\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Call of Duty: World at War (x32)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)
Company of Heroes (x32 Version: 2.501.0)
Company of Heroes 2 (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dot4 (Version: 1.0.0.0)
ESET Online Scanner v3 (x32)
F1 2012 (x32)
Google Update Helper (x32 Version: 1.3.21.123)
ImgBurn (x32 Version: 2.5.8.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyFreeCodec (HKCU)
Nero - Burning Rom (x32 Version: 5.5.8.1)
NVIDIA 3D Vision Controller-Treiber 310.70 (Version: 310.70)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (x32 Version: 9.1.15.109)
PutLockerDownloader (x32 Version: 2.1 Build 26473)
QuickTime (x32 Version: 7.74.80.86)
rosoft-Maus- und Tastatur-Center (Version: 2.1.177.0)
Safari (x32 Version: 5.34.57.2)
Samsung Kies (x32 Version: 2.5.2.13021_10)
Samsung PhotoEditor 1.0.3.270 (x32 Version: 1.0.3.270)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

04-07-2013 06:21:45 Windows Update
16-07-2013 19:10:06 Windows Update
20-07-2013 08:19:54 Windows Update
29-07-2013 07:30:56 Removed MEDION GoPal Assistant

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04828A08-6195-470C-A185-12AB582FD7AB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {125048F5-EBC5-4885-8DCE-BAEDC44F3DF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1CEBE8A8-185F-496D-94A1-E648DC0F45D7} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2248620764-1602766578-3412886822-1001
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {29F552FC-CDDA-4620-BA98-981D6C2A0B85} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {43200ABC-8CDF-4B52-B912-9D5F58408FC7} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {454E2416-282A-42D0-AF9D-DF7AF369DD56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4968B9CA-5360-4BDA-8356-855BA1A93440} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => D:\Programme\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {654FCD64-213F-4BED-BB52-C703603EBC38} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {718E1A69-E5EB-4255-B32B-69AA69EDE0D7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7CF11D57-639C-473F-B9E2-0E30026B7CC8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {91A11C12-5E7B-4E45-BCEE-6E0EA995102A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A5C7FF18-FC5F-44EE-9713-EA3D58182294} - System32\Tasks\Launch HTC Sync Loader => D:\Programme\HTC\htcUPCTLoader.exe No File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A83EDFE6-91C6-49AE-9602-0A57974A041A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {A9411B83-BE36-40E6-A6BB-79D79962650A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B3F42B15-3489-4A75-A975-38337B499E8D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BE641A2F-4387-4399-9854-6D392E9C24CD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {BF1A632E-7B56-4B6A-BDB3-7EDA8A2D420A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D9113B13-C8CB-4D1D-969A-6AD53908E251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC608457-EE46-4DB3-9F94-31B95B92D8B6} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F857D043-6A02-4319-A831-8462CE20892E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {FC6F91F2-3634-4EB8-8817-DAAEA78BB380} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 11:37:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/29/2013 11:37:44 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/29/2013 11:37:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/29/2013 10:55:56 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/29/2013 08:24:48 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (07/25/2013 10:08:25 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (07/22/2013 10:46:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WOLFGANG)
Description: Bei der Aktivierung der App „9705MCNDEV.MotorSport_csvmjz0gjgdh0!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/22/2013 10:46:31 PM) (Source: Application Hang) (User: )
Description: Programm MotorSport.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ff8

Startzeit: 01ce871c7d0add41

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\9705MCNDEV.MotorSport_1.0.0.6_neutral__csvmjz0gjgdh0\MotorSport.exe

Berichts-ID: c549e8d5-f30f-11e2-bea5-001bfc8d3ba6

Vollständiger Name des fehlerhaften Pakets: 9705MCNDEV.MotorSport_1.0.0.6_neutral__csvmjz0gjgdh0

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/22/2013 10:46:18 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2340

Startzeit: 01ce871c6c76a14f

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: be5c8507-f30f-11e2-bea5-001bfc8d3ba6

Vollständiger Name des fehlerhaften Pakets: CHIPXonioOnlineGmbH.CHIP_0.1.3.17_neutral__s8g59nv19wjwc

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/22/2013 10:46:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WOLFGANG)
Description: Bei der Aktivierung der App „CHIPXonioOnlineGmbH.CHIP_s8g59nv19wjwc!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (07/29/2013 11:12:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/29/2013 11:12:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/29/2013 11:09:10 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/29/2013 11:08:25 AM) (Source: DCOM) (User: WOLFGANG)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/29/2013 10:49:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/29/2013 10:49:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/29/2013 10:46:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/29/2013 10:44:35 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/29/2013 10:43:15 AM) (Source: DCOM) (User: WOLFGANG)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/29/2013 10:40:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WebCakeUpdater" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (07/29/2013 11:37:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang\Downloads\Hilfestellung\esetsmartinstaller_enu.exe

Error: (07/29/2013 11:37:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang\Downloads\Hilfestellung\esetsmartinstaller_enu.exe

Error: (07/29/2013 11:37:39 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang\Downloads\Hilfestellung\esetsmartinstaller_enu.exe

Error: (07/29/2013 10:55:56 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang\Downloads\Hilfestellung\esetsmartinstaller_enu.exe

Error: (07/29/2013 08:24:48 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (07/25/2013 10:08:25 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (07/22/2013 10:46:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WOLFGANG)
Description: 9705MCNDEV.MotorSport_csvmjz0gjgdh0!App-2144927142

Error: (07/22/2013 10:46:31 PM) (Source: Application Hang)(User: )
Description: MotorSport.exe1.0.0.0ff801ce871c7d0add414294967295C:\Program Files\WindowsApps\9705MCNDEV.MotorSport_1.0.0.6_neutral__csvmjz0gjgdh0\MotorSport.exec549e8d5-f30f-11e2-bea5-001bfc8d3ba69705MCNDEV.MotorSport_1.0.0.6_neutral__csvmjz0gjgdh0App

Error: (07/22/2013 10:46:18 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420234001ce871c6c76a14f4294967295C:\Windows\system32\wwahost.exebe5c8507-f30f-11e2-bea5-001bfc8d3ba6CHIPXonioOnlineGmbH.CHIP_0.1.3.17_neutral__s8g59nv19wjwcApp

Error: (07/22/2013 10:46:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WOLFGANG)
Description: CHIPXonioOnlineGmbH.CHIP_s8g59nv19wjwc!App-2144927142


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 2046.49 MB
Available physical RAM: 959.78 MB
Total Pagefile: 5118.49 MB
Available Pagefile: 3938.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:185.27 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:372.61 GB) (Free:180.38 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: EDB5EDB5)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 373 GB) (Disk ID: 2B942B93)
Partition 1: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 29.07.2013, 14:56

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wolfi2728 · 31.07.2013, 06:49

Hallo,
AdwCleaner habe ich nicht verwendet, da ich bei der letzten Verwendung massive Probleme mit dem Wlan hatte.JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 8 x64
Ran by Wolfgang on 31.07.2013 at  7:37:49,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2248620764-1602766578-3412886822-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\putlockerdownloader
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\tracing\webcakedesktop_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Failed to delete: [File] C:\eula.1028.txt
Failed to delete: [File] C:\eula.1031.txt
Failed to delete: [File] C:\eula.1033.txt
Failed to delete: [File] C:\eula.1036.txt
Failed to delete: [File] C:\eula.1040.txt
Failed to delete: [File] C:\eula.1041.txt
Failed to delete: [File] C:\eula.1042.txt
Failed to delete: [File] C:\eula.2052.txt
Failed to delete: [File] C:\install.res.1028.dll
Failed to delete: [File] C:\install.res.1031.dll
Failed to delete: [File] C:\install.res.1033.dll
Failed to delete: [File] C:\install.res.1036.dll
Failed to delete: [File] C:\install.res.1040.dll
Failed to delete: [File] C:\install.res.1041.dll
Failed to delete: [File] C:\install.res.1042.dll
Failed to delete: [File] C:\install.res.2052.dll
Failed to delete: [File] C:\install.res.3082.dll
Failed to delete: [File] "C:\Windows\syswow64\authuitu.dll"
Successfully disinfected: [Shortcut] C:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Wolfgang\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\esafe"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.07.2013 at  7:45:05,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Wolfgang (administrator) on 31-07-2013 07:48:04
Running from C:\Users\Wolfgang\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) D:\Programme\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) D:\Programme\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [] - D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - D:\Programme\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - D:\Programme\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKLM-x32\...\Run: [avast] - D:\Programme\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [KiesTrayAgent] - D:\Programme\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
IMEO\cdspeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\coverdes.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\drivespeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiesagent.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiessetup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\nero.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\setup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\waveedit.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\wmdc.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = QVO6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = QVO6
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" QVO6
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~3\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\ybhc94j6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Programme\Avast5\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Programme\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-25] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TuneUpUtilitiesDrv; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 07:45 - 2013-07-31 07:45 - 00005702 _____ C:\Users\Wolfgang\Desktop\JRT.txt
2013-07-31 07:37 - 2013-07-31 07:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 07:36 - 2013-07-31 07:36 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Wolfgang\Downloads\JRT.exe
2013-07-29 13:52 - 2013-07-29 13:52 - 00490078 _____ C:\Users\Wolfgang\Downloads\F1 2012 - Safety Car Fix.rar
2013-07-29 12:52 - 2013-07-29 12:52 - 00001282 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-29 12:46 - 2013-07-29 12:46 - 00000000 ____D C:\Users\Wolfgang\Desktop\Alte Firefox-Daten
2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:14 - 2013-07-29 11:15 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 10:44 - 2013-07-29 10:45 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:35 - 2013-07-29 11:09 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-20 10:33 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 10:33 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 21:08 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-19 21:07 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-19 21:07 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-19 21:07 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-19 21:07 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-19 21:07 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-19 21:07 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-19 21:07 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-19 21:07 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-19 21:07 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-19 21:07 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-19 21:07 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-19 21:07 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-19 21:07 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-19 21:07 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-19 21:07 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-19 21:01 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-19 21:00 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-19 21:00 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-19 20:59 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-19 20:59 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-19 20:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-19 20:58 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-19 20:58 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-04 17:14 - 2013-07-04 17:26 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:24 - 2013-07-04 08:25 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-04 07:40 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

2013-07-31 07:45 - 2013-07-31 07:45 - 00005702 _____ C:\Users\Wolfgang\Desktop\JRT.txt
2013-07-31 07:45 - 2012-12-07 16:00 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2248620764-1602766578-3412886822-1001
2013-07-31 07:45 - 2012-12-07 15:53 - 00001001 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-31 07:45 - 2012-12-07 15:52 - 01995856 _____ C:\Windows\WindowsUpdate.log
2013-07-31 07:37 - 2013-07-31 07:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 07:36 - 2013-07-31 07:36 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Wolfgang\Downloads\JRT.exe
2013-07-31 07:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-29 15:18 - 2012-12-12 21:33 - 00000000 ____D C:\Users\Wolfgang\Downloads\F1 2012
2013-07-29 15:14 - 2012-12-07 16:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 13:52 - 2013-07-29 13:52 - 00490078 _____ C:\Users\Wolfgang\Downloads\F1 2012 - Safety Car Fix.rar
2013-07-29 12:52 - 2013-07-29 12:52 - 00001282 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-29 12:46 - 2013-07-29 12:46 - 00000000 ____D C:\Users\Wolfgang\Desktop\Alte Firefox-Daten
2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:15 - 2013-07-29 11:14 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:15 - 2013-06-24 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:09 - 2013-07-29 10:35 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 11:09 - 2012-12-07 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-29 11:09 - 2012-12-07 15:39 - 00157028 _____ C:\Windows\PFRO.log
2013-07-29 11:09 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 11:08 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 10:45 - 2013-07-29 10:44 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-29 10:34 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-29 10:34 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-29 09:28 - 2012-12-07 17:08 - 00000000 ____D C:\Users\Wolfgang\Documents\Outlook-Dateien
2013-07-29 08:45 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-07-29 08:45 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-07-29 08:45 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 08:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-27 11:54 - 2012-12-13 00:02 - 00000000 ____D C:\Users\Wolfgang\Documents\My PSP Files
2013-07-24 18:40 - 2012-07-26 09:21 - 00035864 _____ C:\Windows\setupact.log
2013-07-22 10:04 - 2012-12-24 08:52 - 00000000 ____D C:\Users\Wolfgang\Downloads\Neuer Ordner
2013-07-22 09:46 - 2012-12-07 17:09 - 00003888 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 09:46 - 2012-12-07 17:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-20 10:30 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 10:29 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-19 08:45 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 08:38 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-16 21:17 - 2012-12-07 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:14 - 2012-12-13 00:11 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-16 20:33 - 2012-12-12 21:56 - 00000000 ____D C:\Users\Wolfgang\AppData\Local\Adobe
2013-07-16 20:31 - 2012-12-07 16:33 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-04 17:26 - 2013-07-04 17:14 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:25 - 2013-07-04 08:24 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-03 10:55 - 2013-03-23 18:53 - 00105984 ___SH C:\Users\Wolfgang\Desktop\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 09:40

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 31.07.2013, 09:50

Es gab ein Update von ADw, wäre schon notwendig

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log, dann nehmen wir noch die Reste raus.

wolfi2728 · 31.07.2013, 15:42

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b6ac6f1a7427d4ca23d74513d0b03e4
# engine=14572
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-29 09:41:46
# local_time=2013-07-29 11:41:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 9338361 34597017 0 0
# scanned=359
# found=0
# cleaned=0
# scan_time=33
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b6ac6f1a7427d4ca23d74513d0b03e4
# engine=14596
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 12:54:45
# local_time=2013-07-31 02:54:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 9522740 34781396 0 0
# scanned=344924
# found=2
# cleaned=0
# scan_time=14154
sh=D1DE140C2ECEECE8D4CFDB2C22D4D8A9BAAA34E2 ft=1 fh=736736a39589b0e9 vn="probably a variant of Win32/Agent.EODGEND trojan" ac=I fn="D:\Wolfgang\Spiele\Crysis WARHEAD\CrysisWh_Trn.exe"
sh=D1DE140C2ECEECE8D4CFDB2C22D4D8A9BAAA34E2 ft=1 fh=736736a39589b0e9 vn="probably a variant of Win32/Agent.EODGEND trojan" ac=I fn="D:\Wolfgang\Spiele\Crysis WARHEAD\CrysisWh_Trn\CrysisWh_Trn.exe"

Results of screen317's Security Check version 0.99.71
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
TuneUp Utilities 2013
TuneUp Utilities Language Pack (de-DE)
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
Avast5 AvastSvc.exe
Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Wolfgang (administrator) on 31-07-2013 16:42:22
Running from C:\Users\Wolfgang\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) D:\Programme\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) D:\Programme\Avast5\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [] - D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - D:\Programme\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - D:\Programme\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKLM-x32\...\Run: [avast] - D:\Programme\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [KiesTrayAgent] - D:\Programme\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
IMEO\cdspeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\coverdes.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\drivespeed.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiesagent.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\kiessetup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\nero.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\setup.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\waveedit.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\wmdc.exe: [Debugger] "D:\Programme\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = QVO6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = QVO6
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" QVO6
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~3\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast5\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\ybhc94j6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Programme\Avast5\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Programme\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-25] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TuneUpUtilitiesDrv; D:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 11:01 - 2013-07-31 11:01 - 00891098 _____ C:\Users\Wolfgang\Downloads\SecurityCheck.exe
2013-07-31 10:57 - 2013-07-31 10:57 - 02347384 _____ (ESET) C:\Users\Wolfgang\Downloads\esetsmartinstaller_enu.exe
2013-07-31 07:37 - 2013-07-31 07:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 07:36 - 2013-07-31 07:36 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Wolfgang\Downloads\JRT.exe
2013-07-29 13:52 - 2013-07-29 13:52 - 00490078 _____ C:\Users\Wolfgang\Downloads\F1 2012 - Safety Car Fix.rar
2013-07-29 12:52 - 2013-07-29 12:52 - 00001282 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-29 12:46 - 2013-07-29 12:46 - 00000000 ____D C:\Users\Wolfgang\Desktop\Alte Firefox-Daten
2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:14 - 2013-07-29 11:15 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 10:44 - 2013-07-29 10:45 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:35 - 2013-07-29 11:09 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-20 10:33 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 10:33 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 21:08 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-19 21:07 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-19 21:07 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-19 21:07 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-19 21:07 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-19 21:07 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-19 21:07 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-19 21:07 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-19 21:07 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-19 21:07 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-19 21:07 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-19 21:07 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-19 21:07 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-19 21:07 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-19 21:07 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-19 21:07 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-19 21:07 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-19 21:07 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-19 21:07 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-19 21:07 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-19 21:07 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-19 21:01 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-19 21:00 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-19 21:00 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-19 20:59 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-19 20:59 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-19 20:58 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-19 20:58 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-19 20:58 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-19 20:58 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-19 20:58 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-04 17:14 - 2013-07-04 17:26 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:24 - 2013-07-04 08:25 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-04 07:40 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

2013-07-31 16:14 - 2012-12-07 16:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 16:07 - 2012-12-07 15:52 - 01106876 _____ C:\Windows\WindowsUpdate.log
2013-07-31 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-31 13:18 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-07-31 13:18 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-07-31 13:18 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 13:16 - 2012-12-13 00:02 - 00000000 ____D C:\Users\Wolfgang\Documents\My PSP Files
2013-07-31 11:01 - 2013-07-31 11:01 - 00891098 _____ C:\Users\Wolfgang\Downloads\SecurityCheck.exe
2013-07-31 10:57 - 2013-07-31 10:57 - 02347384 _____ (ESET) C:\Users\Wolfgang\Downloads\esetsmartinstaller_enu.exe
2013-07-31 09:03 - 2012-12-07 17:08 - 00000000 ____D C:\Users\Wolfgang\Documents\Outlook-Dateien
2013-07-31 08:33 - 2012-12-07 16:00 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2248620764-1602766578-3412886822-1001
2013-07-31 07:45 - 2012-12-07 15:53 - 00001001 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-31 07:37 - 2013-07-31 07:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 07:36 - 2013-07-31 07:36 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Wolfgang\Downloads\JRT.exe
2013-07-29 15:18 - 2012-12-12 21:33 - 00000000 ____D C:\Users\Wolfgang\Downloads\F1 2012
2013-07-29 13:52 - 2013-07-29 13:52 - 00490078 _____ C:\Users\Wolfgang\Downloads\F1 2012 - Safety Car Fix.rar
2013-07-29 12:52 - 2013-07-29 12:52 - 00001282 _____ C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-29 12:46 - 2013-07-29 12:46 - 00000000 ____D C:\Users\Wolfgang\Desktop\Alte Firefox-Daten
2013-07-29 11:42 - 2013-07-29 11:42 - 01780547 _____ (Farbar) C:\Users\Wolfgang\Downloads\FRST64.exe
2013-07-29 11:37 - 2013-07-29 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:15 - 2013-07-29 11:14 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:15 - 2013-06-24 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:09 - 2013-07-29 10:35 - 00000000 ____D C:\ProgramData\eSafe
2013-07-29 11:09 - 2012-12-07 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-29 11:09 - 2012-12-07 15:39 - 00157028 _____ C:\Windows\PFRO.log
2013-07-29 11:09 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 11:08 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-07-29 11:06 - 2013-07-29 11:06 - 21703480 _____ (Mozilla) C:\Users\Wolfgang\Downloads\Firefox_Setup_22.0.exe
2013-07-29 11:02 - 2013-07-29 11:02 - 02828552 _____ (AVAST Software) C:\Users\Wolfgang\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-29 10:45 - 2013-07-29 10:44 - 00424016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:34 - 2013-07-29 10:34 - 00000000 ____D C:\Users\Wolfgang\AppData\Roaming\eIntaller
2013-07-29 10:34 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-29 10:34 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-29 08:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-24 18:40 - 2012-07-26 09:21 - 00035864 _____ C:\Windows\setupact.log
2013-07-22 10:04 - 2012-12-24 08:52 - 00000000 ____D C:\Users\Wolfgang\Downloads\Neuer Ordner
2013-07-22 09:46 - 2012-12-07 17:09 - 00003888 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 09:46 - 2012-12-07 17:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-20 10:30 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 10:29 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-19 08:45 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 08:40 - 2013-03-16 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 08:38 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-16 21:17 - 2012-12-07 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:14 - 2012-12-13 00:11 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-16 20:33 - 2012-12-12 21:56 - 00000000 ____D C:\Users\Wolfgang\AppData\Local\Adobe
2013-07-16 20:31 - 2012-12-07 16:33 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-04 17:26 - 2013-07-04 17:14 - 00000000 ____D C:\Users\Wolfgang\Desktop\Laura SD
2013-07-04 08:25 - 2013-07-04 08:24 - 00000000 ____D C:\Users\Wolfgang\Downloads\Hilfestellung
2013-07-03 10:55 - 2013-03-23 18:53 - 00105984 ___SH C:\Users\Wolfgang\Desktop\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 09:40

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 31.07.2013, 19:35

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

wolfi2728 · 03.08.2013, 08:27

Vielen Dank für deine Hilfe, alles erledigt
Gruss

schrauber · 04.08.2013, 09:04

Gern Geschehen

04.08.2013, 09:04	#10
schrauber /// the machine /// TB-Ausbilder	Virus/Trojaner Qvo6 Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Virus/Trojaner Qvo6

Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner Qvo6