https://gqs.donedrive.net popups öffnen ständig

wida_da · 04.09.2013, 11:48

Hallo Board,

ich habe den dummen Fehler gemacht mir zum ersten mal auf einer mir nicht bekannten Website etwas zu laden und wurde prompt bestraft. Die Malware die ich finden konnte habe ich bereits deinstalliert und den Browser wieder umgestellt. Da war eine dubiose Suchmaschine implementiert.

Habe den FRST schon laufen lassen, da dieses Problem schon bekannt ist, allerdings ist der Thread schon geschlossen.

Hier das LOG:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by SYSTEM on MININT-G9U3EBC on 04-09-2013 12:24:58
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKU\Mario Broksch\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Mario Broksch\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Mario Broksch\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-11] (SEIKO EPSON CORPORATION)
HKU\Mario Broksch\...\RunOnce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG)
S5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 51D4A73F5262CBF3513933C6AB81AD64
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys 2B26C8A6B4FB519E1849101A10E6C68D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs
2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS
2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 03:16 - 2009-12-08 14:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll
2013-09-03 03:16 - 2009-10-15 14:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2013-09-03 03:16 - 2009-10-15 14:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\System32\esxcdev.dll
2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome
2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 13:38 - 2013-08-28 13:39 - 00000000 ____D C:\Program Files\DivX
2013-08-28 13:26 - 2013-08-28 13:40 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 13:25 - 2013-08-28 13:40 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END
2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 02:40 - 2011-03-14 17:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YD4BHTU.DLL
2013-08-22 02:40 - 2007-04-09 15:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL
2013-08-21 23:02 - 2013-09-03 11:11 - 00001848 _____ C:\Windows\setupact.log
2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll
2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll
2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll
2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll
2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll
2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll
2013-08-21 10:45 - 2013-09-04 01:55 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 10:04 - 2013-08-21 10:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 00:35 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-21 00:35 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-21 00:35 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-21 00:35 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-21 00:35 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-21 00:35 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 00:35 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 00:35 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 00:35 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 00:35 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 00:35 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-21 00:35 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 15:34 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-19 15:34 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 15:33 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-19 15:33 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 15:33 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-19 15:33 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 15:33 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-19 15:33 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 15:33 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-19 15:33 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-07 09:33 - 2013-08-07 09:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 09:26 - 2012-08-21 03:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 09:24 - 2013-08-07 09:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 09:11 - 2013-08-07 09:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

==================== One Month Modified Files and Folders =======

2013-09-04 12:24 - 2013-09-04 12:24 - 00000000 ____D C:\FRST
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs
2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 01:55 - 2013-08-21 10:45 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:25 - 2013-07-02 11:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 11:11 - 2013-08-21 23:02 - 00001848 _____ C:\Windows\setupact.log
2013-09-03 07:33 - 2013-07-02 11:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 03:15 - 2013-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-03 03:13 - 2013-07-02 21:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-09-03 03:13 - 2013-07-02 11:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-03 03:13 - 2013-07-02 11:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome
2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-03 02:17 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-03 02:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 02:14 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client
2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 22:15 - 2013-07-02 10:42 - 00063568 _____ C:\Users\Mario Broksch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-28 22:14 - 2009-07-13 20:45 - 00306448 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 13:40 - 2013-08-28 13:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 13:40 - 2013-08-28 13:25 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 13:39 - 2013-08-28 13:38 - 00000000 ____D C:\Program Files\DivX
2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END
2013-08-22 04:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 02:56 - 2013-07-10 22:57 - 00000000 ____D C:\ProgramData\UDL
2013-08-22 02:55 - 2013-07-10 22:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-08-22 02:55 - 2013-07-10 22:55 - 00000308 _____ C:\Windows\setup.iss
2013-08-22 02:55 - 2013-07-03 10:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 22:58 - 2013-07-02 13:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-21 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 10:45 - 2013-06-30 17:28 - 00000000 ____D C:\Windows\Panther
2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 10:21 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 10:07 - 2013-08-21 10:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 10:02 - 2011-03-11 01:20 - 00654166 _____ C:\Windows\System32\perfh007.dat
2013-08-21 10:02 - 2011-03-11 01:20 - 00130006 _____ C:\Windows\System32\perfc007.dat
2013-08-21 10:02 - 2009-07-13 21:13 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-12 08:37 - 2013-07-10 22:45 - 00000000 ____D C:\ProgramData\EPSON
2013-08-07 09:43 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer
2013-08-07 09:42 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple Computer
2013-08-07 09:41 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 09:36 - 2013-08-07 09:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 09:18 - 2013-08-07 09:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

Files to move or delete:
====================
C:\Users\Mario Broksch\AppData\Local\Temp\uninst1.exe
C:\Users\Mario Broksch\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Mario Broksch\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\nsxF048.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\nssEEA3.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\nscF019.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\354298_Setup.EXE
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OptimizerPro.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Mario Broksch\AppData\Local\Temp\ct3297265\ism.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BabMaint.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolution.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\enhancedNT.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MyDeltaTB.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\Setup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-07 09:41:04
Restore point made on: 2013-08-19 16:05:26
Restore point made on: 2013-08-21 00:29:27
Restore point made on: 2013-08-21 10:31:47
Restore point made on: 2013-08-21 10:41:30
Restore point made on: 2013-08-22 02:41:03
Restore point made on: 2013-08-22 02:55:12
Restore point made on: 2013-08-30 20:17:36
Restore point made on: 2013-09-03 02:22:00
Restore point made on: 2013-09-03 03:11:05

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d}
device                  ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi

Device options
--------------
identifier              {0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4003.01 MB
Available physical RAM: 3391.44 MB
Total Pagefile: 4001.21 MB
Available Pagefile: 3375.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:496.71 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS
Drive j: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-09-02 12:09

==================== End Of Log ============================

Vielen Dank schonmal

schrauber · 04.09.2013, 11:57

hi,

der Rechner startet doch normal oder? Wen ja dann bitte vom desktop aus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

wida_da · 04.09.2013, 12:23

Jo der geht

hier die Logs

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2013 03
Ran by Mario Broksch at 2013-09-04 13:16:41
Running from C:\Users\Mario Broksch\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMI VR-pulse OS Switcher (Version: 1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Bonjour (Version: 3.0.0.10)
ckerdeinstallation für EPSON BX535WD Series
DivX-Setup (x32 Version: 2.6.1.44)
Epson Easy Photo Print 2 (x32 Version: 2.3.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
Google Chrome (x32 Version: 29.0.1547.62)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel(R) Processor Graphics (x32 Version: 9.17.10.3062)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.0.3000)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Lyrics Seeker (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Open It! (x32 Version: 1.1.1)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
TeamSpeak 3 Client (Version: 3.0.11.1)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VR-pulse Installer (Version: 1.4.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

07-08-2013 17:40:59 Installed iCloud
20-08-2013 00:05:13 Geplanter Prüfpunkt
21-08-2013 08:28:37 Windows Modules Installer
21-08-2013 18:31:33 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion Browser•ÆA
21-08-2013 18:41:25 Removed EpsonNet Config V4
22-08-2013 10:40:45 Gerätetreiber-Paketinstallation: EPSON Drucker
22-08-2013 10:55:07 Installiert Easy Photo Print Plug-in for PMB(Picture Motion BrowÀlóN
31-08-2013 04:17:17 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {68571249-CE6C-4F6F-8402-D31E8BADEB70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {76525465-9979-436A-BA8E-7550B8AB1200} - System32\Tasks\Lyrics Seeker Update => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe [2013-08-29] ()
Task: {7FD66917-3E6B-4937-9C04-29E59452380C} - System32\Tasks\DSite => C:\Users\MARIOB~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {856F4B98-483A-44D3-BBEF-92C9176EC96C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC78F21A-99BE-4DB1-9147-CBC9C0756FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: C:\Windows\Tasks\DSite.job => C:\Users\MARIOB~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Lyrics Seeker Update.job => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-07-03 20:32 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-04 16:20 - 2011-02-04 16:20 - 01070080 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-03-02 12:10 - 2011-03-02 12:10 - 00045568 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\FrWrkDEU.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00817664 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll
2011-03-02 12:25 - 2011-03-02 12:25 - 00006144 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\WiTrDEU.dll
2011-02-04 16:30 - 2011-02-04 16:30 - 01737728 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\PanTray.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 01044992 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL
2011-02-04 16:24 - 2011-02-04 16:24 - 01999872 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00234496 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WiMAXCoEx.dll
2011-02-04 16:26 - 2011-02-04 16:26 - 01323008 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00831488 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-02-04 16:27 - 2011-02-04 16:27 - 00464384 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PanApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00176640 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00846336 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2011-03-02 12:18 - 2011-03-02 12:18 - 00096768 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\LangResources\DEU\PanTrDEU.dll
2013-07-03 20:11 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-07-03 20:11 - 2013-03-26 15:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-03-09 04:09 - 2013-03-09 04:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-09-02 20:49 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 12:40 - 2011-12-21 01:00 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDHTU.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Cabinet.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-07-03 00:25 - 2013-07-03 00:25 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2009-07-14 01:27 - 2009-07-14 03:16 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uiautomationcore.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2013 01:14:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 11:22:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x12e4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/04/2013 11:22:53 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x3e8
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8128

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8128

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:11:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7051


System errors:
=============
Error: (09/04/2013 01:15:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/04/2013 01:15:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2013 01:15:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2013 01:15:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2013 01:15:01 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2013 01:15:01 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/03/2013 00:16:57 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/29/2013 08:16:05 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/28/2013 07:02:31 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/27/2013 07:50:24 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (09/04/2013 01:14:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 11:22:58 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138012e401cea9505710f17eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe96218e0e-1543-11e3-8e65-ca4519403046

Error: (09/04/2013 11:22:53 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c0000005000113803e801cea950512ab1d1C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe934d54d3-1543-11e3-8e65-ca4519403046

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282

Error: (09/03/2013 09:11:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8128

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8128

Error: (09/03/2013 09:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:11:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7051


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4003.01 MB
Available physical RAM: 2599.73 MB
Total Pagefile: 8004.2 MB
Available Pagefile: 6486.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:496.35 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Und FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Mario Broksch (administrator) on MARIO_BROKSCH_2 on 04-09-2013 13:15:25
Running from C:\Users\Mario Broksch\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=204CBC77372593F7&affID=119357&tsp=4994
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=204CBC77372593F7&affID=119357&tsp=4994
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Lyrics Seeker - {6930d07b-da43-46d4-aa20-1f6f958d14fe} - C:\Program Files (x86)\LyricsSeeker\131.dll (Lyrics Seeker)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=204CBC77372593F7&affID=119357&tsp=4994
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=204CBC77372593F7&affID=119357&tsp=4994"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lyrics Seeker) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:15 - 2013-09-04 11:37 - 01950416 _____ (Farbar) C:\Users\Mario Broksch\Desktop\FRST64.exe
2013-09-04 13:13 - 2013-09-04 13:13 - 00002438 _____ C:\Windows\PFRO.log
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:16 - 2009-12-09 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2013-09-03 13:16 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2013-09-03 13:16 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\system32\esxcdev.dll
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-04 13:14 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-03 12:21 - 2013-09-03 12:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 12:21 - 2013-09-03 12:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 12:21 - 2013-09-03 12:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:20 - 2013-09-03 12:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:38 - 2013-08-28 23:39 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:26 - 2013-08-28 23:40 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:25 - 2013-08-28 23:40 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 23:25 - 2013-08-28 23:25 - 00000000 _____ C:\END
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:40 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHTU.DLL
2013-08-22 12:40 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2013-08-22 09:02 - 2013-09-04 13:15 - 00002699 _____ C:\Windows\setupact.log
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2013-08-21 20:45 - 2013-09-04 11:55 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:04 - 2013-08-21 20:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 10:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 10:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 10:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 10:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 10:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 10:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 01:34 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 01:34 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 01:33 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 01:33 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 01:33 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 01:33 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 01:33 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 01:33 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 19:33 - 2013-08-07 19:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:26 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:11 - 2013-08-07 19:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

==================== One Month Modified Files and Folders =======

2013-09-04 22:24 - 2013-09-04 22:24 - 00000000 ____D C:\FRST
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:15 - 2013-08-22 09:02 - 00002699 _____ C:\Windows\setupact.log
2013-09-04 13:14 - 2013-09-03 12:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-04 13:14 - 2013-07-02 21:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 13:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 13:13 - 2013-09-04 13:13 - 00002438 _____ C:\Windows\PFRO.log
2013-09-04 11:55 - 2013-08-21 20:45 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-09-04 11:37 - 2013-09-04 13:15 - 01950416 _____ (Farbar) C:\Users\Mario Broksch\Desktop\FRST64.exe
2013-09-04 11:37 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 11:37 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 11:25 - 2013-07-02 21:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:15 - 2013-07-11 08:52 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-03 13:13 - 2013-07-03 07:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-03 12:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 12:21 - 2013-09-03 12:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 12:21 - 2013-09-03 12:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:20 - 2013-09-03 12:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-03 12:17 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-03 12:14 - 2013-07-03 07:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-29 08:15 - 2013-07-02 20:42 - 00063568 _____ C:\Users\MARIOB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 08:14 - 2009-07-14 06:45 - 00306448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:40 - 2013-08-28 23:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:40 - 2013-08-28 23:25 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:39 - 2013-08-28 23:38 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 23:25 - 2013-08-28 23:25 - 00000000 _____ C:\END
2013-08-22 14:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:56 - 2013-07-11 08:57 - 00000000 ____D C:\ProgramData\UDL
2013-08-22 12:55 - 2013-07-11 08:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-08-22 12:55 - 2013-07-11 08:55 - 00000308 _____ C:\Windows\setup.iss
2013-08-22 12:55 - 2013-07-03 20:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 08:58 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-22 00:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:45 - 2013-07-01 03:28 - 00000000 ____D C:\Windows\Panther
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:07 - 2013-08-21 20:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 20:02 - 2011-03-11 11:20 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-08-21 20:02 - 2011-03-11 11:20 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-08-21 20:02 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-12 18:37 - 2013-07-11 08:45 - 00000000 ____D C:\ProgramData\EPSON
2013-08-07 19:43 - 2013-07-02 23:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer
2013-08-07 19:42 - 2013-07-02 23:56 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple Computer
2013-08-07 19:41 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:36 - 2013-08-07 19:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:18 - 2013-08-07 19:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe
2013-08-05 00:52 - 2013-08-04 12:35 - 00014267 _____ C:\Users\Mario Broksch\Documents\Sparplan.ods

Files to move or delete:
====================
C:\Users\MARIOB~1\AppData\Local\Temp\uninst1.exe
C:\Users\MARIOB~1\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\354298_Setup.EXE
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\OptimizerPro.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\MARIOB~1\AppData\Local\Temp\ct3297265\ism.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BabMaint.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolution.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\enhancedNT.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MyDeltaTB.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\Setup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 22:09

==================== End Of Log ============================

--- --- ---

schrauber · 04.09.2013, 16:09

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wida_da · 05.09.2013, 09:06

Malwarebytes log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Mario Broksch :: MARIO_BROKSCH_2 [Administrator]

Schutz: Aktiviert

05.09.2013 09:03:26
mbam-log-2013-09-05 (09-03-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221642
Laufzeit: 2 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=204CBC77372593F7&affID=119357&tsp=4994) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Mario Broksch\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\$Recycle.Bin\S-1-5-21-2157734155-4125606490-3763097245-1000\$R1JWJ3E.exe (PUP.Optional.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\enhancedNT.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\354298_Setup.EXE (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mario Broksch\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Adware Log:

Code:

ATTFilter

# AdwCleaner v3.002 - Bericht erstellt am 05/09/2013 um 09:24:03
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Mario Broksch - MARIO_BROKSCH_2
# Gestartet von : C:\Users\Mario Broksch\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Users\Mario Broksch\AppData\Roaming\DSite
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\Tasks\Lyrics Seeker Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Lyrics Seeker Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_installshield-professional[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_installshield-professional[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Mario Broksch\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [7670 octets] - [05/09/2013 09:20:06]
AdwCleaner[S0].txt - [7120 octets] - [05/09/2013 09:24:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7180 octets] ##########

JRT LOG:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mario Broksch on 05.09.2013 at  9:37:08,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2157734155-4125606490-3763097245-1000\Software\SweetIM



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2013 at  9:42:38,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST LOG:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Mario Broksch (administrator) on MARIO_BROKSCH_2 on 05-09-2013 09:47:23
Running from C:\Users\Mario Broksch\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-07-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lyrics Seeker) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 09:42 - 2013-09-05 09:42 - 00000974 _____ C:\Users\Mario Broksch\Desktop\JRT.txt
2013-09-05 09:37 - 2013-09-05 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 08:54 - 2013-09-05 08:54 - 00020964 _____ C:\Users\Mario Broksch\Desktop\virusdateien.odt
2013-09-05 08:53 - 2013-09-05 09:24 - 00000000 ____D C:\AdwCleaner
2013-09-05 08:52 - 2013-09-05 08:52 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 08:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-05 08:50 - 2013-09-05 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mario Broksch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01037222 _____ C:\Users\Mario Broksch\Downloads\adwcleaner.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01028757 _____ (Thisisu) C:\Users\Mario Broksch\Downloads\JRT.exe
2013-09-04 22:24 - 2013-09-04 22:24 - 00000000 ____D C:\FRST
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:17 - 2013-09-04 13:17 - 00031192 _____ C:\Users\Mario Broksch\Desktop\FRST.txt
2013-09-04 13:16 - 2013-09-04 13:17 - 00017731 _____ C:\Users\Mario Broksch\Desktop\Addition.txt
2013-09-04 13:13 - 2013-09-05 09:12 - 00006068 _____ C:\Windows\PFRO.log
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:16 - 2009-12-09 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2013-09-03 13:16 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2013-09-03 13:16 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\system32\esxcdev.dll
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-05 08:49 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:38 - 2013-08-28 23:39 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:26 - 2013-08-28 23:40 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:25 - 2013-08-28 23:40 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:40 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHTU.DLL
2013-08-22 12:40 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2013-08-22 09:02 - 2013-09-05 09:25 - 00003035 _____ C:\Windows\setupact.log
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2013-08-21 20:45 - 2013-09-05 09:24 - 00365498 _____ C:\Windows\WindowsUpdate.log
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:04 - 2013-08-21 20:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 10:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 10:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 10:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 10:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 10:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 10:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 01:34 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 01:34 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 01:33 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 01:33 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 01:33 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 01:33 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 01:33 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 01:33 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 19:33 - 2013-08-07 19:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:26 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:11 - 2013-08-07 19:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

==================== One Month Modified Files and Folders =======

2013-09-05 09:42 - 2013-09-05 09:42 - 00000974 _____ C:\Users\Mario Broksch\Desktop\JRT.txt
2013-09-05 09:37 - 2013-09-05 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 09:33 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 09:33 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 09:29 - 2013-08-21 20:45 - 00365498 _____ C:\Windows\WindowsUpdate.log
2013-09-05 09:25 - 2013-08-22 09:02 - 00003035 _____ C:\Windows\setupact.log
2013-09-05 09:24 - 2013-09-05 08:53 - 00000000 ____D C:\AdwCleaner
2013-09-05 09:12 - 2013-09-04 13:13 - 00006068 _____ C:\Windows\PFRO.log
2013-09-05 08:54 - 2013-09-05 08:54 - 00020964 _____ C:\Users\Mario Broksch\Desktop\virusdateien.odt
2013-09-05 08:52 - 2013-09-05 08:52 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 08:50 - 2013-09-05 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mario Broksch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01037222 _____ C:\Users\Mario Broksch\Downloads\adwcleaner.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01028757 _____ (Thisisu) C:\Users\Mario Broksch\Downloads\JRT.exe
2013-09-05 08:49 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-05 08:45 - 2013-07-02 21:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 22:24 - 2013-09-04 22:24 - 00000000 ____D C:\FRST
2013-09-04 21:10 - 2013-07-02 21:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:17 - 2013-09-04 13:17 - 00031192 _____ C:\Users\Mario Broksch\Desktop\FRST.txt
2013-09-04 13:17 - 2013-09-04 13:16 - 00017731 _____ C:\Users\Mario Broksch\Desktop\Addition.txt
2013-09-04 13:17 - 2011-03-11 11:20 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-04 13:17 - 2011-03-11 11:20 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-04 13:17 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 13:16 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-04 13:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:15 - 2013-07-11 08:52 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-03 13:13 - 2013-07-03 07:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 12:14 - 2013-07-03 07:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-29 08:15 - 2013-07-02 20:42 - 00063568 _____ C:\Users\MARIOB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 08:14 - 2009-07-14 06:45 - 00306448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:40 - 2013-08-28 23:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:40 - 2013-08-28 23:25 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:39 - 2013-08-28 23:38 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-22 14:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:56 - 2013-07-11 08:57 - 00000000 ____D C:\ProgramData\UDL
2013-08-22 12:55 - 2013-07-11 08:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-08-22 12:55 - 2013-07-11 08:55 - 00000308 _____ C:\Windows\setup.iss
2013-08-22 12:55 - 2013-07-03 20:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 08:58 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-22 00:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:45 - 2013-07-01 03:28 - 00000000 ____D C:\Windows\Panther
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:07 - 2013-08-21 20:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-12 18:37 - 2013-07-11 08:45 - 00000000 ____D C:\ProgramData\EPSON
2013-08-07 19:43 - 2013-07-02 23:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer
2013-08-07 19:42 - 2013-07-02 23:56 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple Computer
2013-08-07 19:41 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:36 - 2013-08-07 19:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:18 - 2013-08-07 19:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

Files to move or delete:
====================
C:\Users\MARIOB~1\AppData\Local\Temp\Quarantine.exe
C:\Users\MARIOB~1\AppData\Local\Temp\uninst1.exe
C:\Users\MARIOB~1\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 22:09

==================== End Of Log ============================

--- --- ---

--- --- ---

und Addition TXT:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2013
Ran by Mario Broksch at 2013-09-05 10:04:24
Running from C:\Users\Mario Broksch\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMI VR-pulse OS Switcher (Version: 1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Bonjour (Version: 3.0.0.10)
ckerdeinstallation für EPSON BX535WD Series
DivX-Setup (x32 Version: 2.6.1.44)
Epson Easy Photo Print 2 (x32 Version: 2.3.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel(R) Processor Graphics (x32 Version: 9.17.10.3062)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.0.3000)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Lyrics Seeker (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
TeamSpeak 3 Client (Version: 3.0.11.1)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VR-pulse Installer (Version: 1.4.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

07-08-2013 17:40:59 Installed iCloud
20-08-2013 00:05:13 Geplanter Prüfpunkt
21-08-2013 08:28:37 Windows Modules Installer
21-08-2013 18:31:33 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion Browser•ÆA
21-08-2013 18:41:25 Removed EpsonNet Config V4
22-08-2013 10:40:45 Gerätetreiber-Paketinstallation: EPSON Drucker
22-08-2013 10:55:07 Installiert Easy Photo Print Plug-in for PMB(Picture Motion BrowÀlóN
31-08-2013 04:17:17 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {68571249-CE6C-4F6F-8402-D31E8BADEB70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {76525465-9979-436A-BA8E-7550B8AB1200} - \Lyrics Seeker Update No Task File
Task: {7FD66917-3E6B-4937-9C04-29E59452380C} - \DSite No Task File
Task: {856F4B98-483A-44D3-BBEF-92C9176EC96C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC78F21A-99BE-4DB1-9147-CBC9C0756FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-04 16:20 - 2011-02-04 16:20 - 01070080 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-03-02 12:10 - 2011-03-02 12:10 - 00045568 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\FrWrkDEU.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00817664 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll
2011-03-02 12:25 - 2011-03-02 12:25 - 00006144 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\WiTrDEU.dll
2011-02-04 16:30 - 2011-02-04 16:30 - 01737728 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\PanTray.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 01044992 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL
2011-02-04 16:24 - 2011-02-04 16:24 - 01999872 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00234496 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WiMAXCoEx.dll
2011-02-04 16:26 - 2011-02-04 16:26 - 01323008 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00831488 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-02-04 16:27 - 2011-02-04 16:27 - 00464384 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PanApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00176640 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00846336 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2011-03-02 12:18 - 2011-03-02 12:18 - 00096768 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\LangResources\DEU\PanTrDEU.dll
2013-03-09 04:09 - 2013-03-09 04:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-09-02 20:49 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 12:40 - 2011-12-21 01:00 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDHTU.DLL
2013-07-03 20:32 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-02 21:38 - 2013-09-03 13:11 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/05/2013 09:58:05 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 4003.01 MB
Available physical RAM: 2495.04 MB
Total Pagefile: 8004.2 MB
Available Pagefile: 6084.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:495.95 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Und schon mal dickes Danke vorab

schrauber · 05.09.2013, 10:48

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

wida_da · 05.09.2013, 18:26

Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3ac276f9e5e93a468f9b885e86e3c6a6
# engine=15016
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-05 03:08:48
# local_time=2013-09-05 05:08:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30169 5600147 22943 0
# compatibility_mode=5893 16776574 100 94 4680224 130023578 0 0
# scanned=320192
# found=10
# cleaned=0
# scan_time=14618
sh=174980D50AF29D2B126A3A4E70975209300370F2 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Program Files (x86)\LyricsSeeker\131.crx"
sh=D5DD4F586A82AFFAED4500EC41039A6FB0BA812D ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Program Files (x86)\LyricsSeeker\131.xpi"
sh=93A402B26ED511B22D4600428270D653D7F181D4 ft=1 fh=c71c0011d92492a0 vn="Win32/AdWare.AddLyrics.P application" ac=I fn="C:\Program Files (x86)\LyricsSeeker\Lupdate.exe"
sh=FCFF1CCDEB9E06DA4377E91C994C72134C951AC5 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Mario Broksch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0\cs.js"
sh=603D35B9121E53F1BBA7F47825E06CEF982E32BC ft=1 fh=77e78967c9ecbfc5 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Documents and Settings\Mario Broksch 2\Downloads\jacky_brown.exe"
sh=1D1E63011C3A0460D2EBFFF48F35DF740B4279A6 ft=1 fh=b1f019dc1244895a vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Documents and Settings\Mario Broksch 2\Downloads\Step_Up_4.exe"
sh=F15A9D0747662E98668E4B280C5BD998AA58DD66 ft=1 fh=c000732ed338bd0a vn="Win32/Adware.1ClickDownload.M application" ac=I fn="C:\Windows.old\Documents and Settings\Mario Broksch 2\Downloads\tucker_and_dale_vs_evil.exe"
sh=603D35B9121E53F1BBA7F47825E06CEF982E32BC ft=1 fh=77e78967c9ecbfc5 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Users\Mario Broksch 2\Downloads\jacky_brown.exe"
sh=1D1E63011C3A0460D2EBFFF48F35DF740B4279A6 ft=1 fh=b1f019dc1244895a vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Users\Mario Broksch 2\Downloads\Step_Up_4.exe"
sh=F15A9D0747662E98668E4B280C5BD998AA58DD66 ft=1 fh=c000732ed338bd0a vn="Win32/Adware.1Clic

Ja ich habe noch Probleme, das Popup öffnet sich immer noch. Und im Eset waren ja noch 10 Funde.

und Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Reader XI  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Falls da jetzt immer noch was drauf ist. Wäre es da nicht schneller wenn ich den mal platt mache und neu aufsetze?

Ach und noch etwas fällt mir auf. Das FRST verschwindet immer wieder vom Desktop???

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Mario Broksch (administrator) on MARIO_BROKSCH_2 on 05-09-2013 19:18:22
Running from C:\Users\Mario Broksch\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Mario Broksch\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Mario Broksch\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lyrics Seeker) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 19:09 - 2013-09-05 19:09 - 00891115 _____ C:\Users\Mario Broksch\Downloads\SecurityCheck.exe
2013-09-05 14:46 - 2013-09-05 14:46 - 96044050 _____ C:\Windows\SysWOW64\쮇ﵪ
2013-09-05 13:02 - 2013-09-05 13:02 - 02347384 _____ (ESET) C:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu.exe
2013-09-05 13:02 - 2013-09-05 13:02 - 02347384 _____ (ESET) C:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu (1).exe
2013-09-05 10:04 - 2013-09-05 10:04 - 00031012 _____ C:\Users\Mario Broksch\Downloads\FRST.txt
2013-09-05 10:04 - 2013-09-05 10:04 - 00013796 _____ C:\Users\Mario Broksch\Downloads\Addition.txt
2013-09-05 09:47 - 2013-09-05 09:47 - 01947160 _____ (Farbar) C:\Users\Mario Broksch\Downloads\FRST64.exe
2013-09-05 09:42 - 2013-09-05 09:42 - 00000974 _____ C:\Users\Mario Broksch\Desktop\JRT.txt
2013-09-05 09:37 - 2013-09-05 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 08:54 - 2013-09-05 08:54 - 00020964 _____ C:\Users\Mario Broksch\Desktop\virusdateien.odt
2013-09-05 08:53 - 2013-09-05 09:24 - 00000000 ____D C:\AdwCleaner
2013-09-05 08:52 - 2013-09-05 08:52 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 08:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-05 08:50 - 2013-09-05 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mario Broksch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01037222 _____ C:\Users\Mario Broksch\Downloads\adwcleaner.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01028757 _____ (Thisisu) C:\Users\Mario Broksch\Downloads\JRT.exe
2013-09-04 22:24 - 2013-09-04 22:24 - 00000000 ____D C:\FRST
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:16 - 2013-09-04 13:17 - 00017731 _____ C:\Users\Mario Broksch\Desktop\Addition.txt
2013-09-04 13:13 - 2013-09-05 09:12 - 00006068 _____ C:\Windows\PFRO.log
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:16 - 2009-12-09 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2013-09-03 13:16 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2013-09-03 13:16 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\system32\esxcdev.dll
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-05 08:49 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:38 - 2013-08-28 23:39 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:26 - 2013-08-28 23:40 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:25 - 2013-08-28 23:40 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:40 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHTU.DLL
2013-08-22 12:40 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2013-08-22 09:02 - 2013-09-05 10:07 - 00003091 _____ C:\Windows\setupact.log
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2013-08-21 20:58 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2013-08-21 20:58 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2013-08-21 20:58 - 2008-06-18 11:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2013-08-21 20:45 - 2013-09-05 12:56 - 00369585 _____ C:\Windows\WindowsUpdate.log
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:04 - 2013-08-21 20:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 10:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 10:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 10:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 10:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 10:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 10:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 10:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 10:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 10:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 10:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 01:34 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 01:34 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 01:34 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 01:33 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 01:33 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 01:33 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 01:33 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 01:33 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 01:33 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 01:33 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 19:33 - 2013-08-07 19:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:26 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:11 - 2013-08-07 19:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

==================== One Month Modified Files and Folders =======

2013-09-05 19:17 - 2013-09-05 19:17 - 01947160 _____ (Farbar) C:\Users\Mario Broksch\Desktop\FRST64 (1).exe
2013-09-05 19:09 - 2013-09-05 19:09 - 00891115 _____ C:\Users\Mario Broksch\Downloads\SecurityCheck.exe
2013-09-05 14:46 - 2013-09-05 14:46 - 96044050 _____ C:\Windows\SysWOW64\쮇ﵪ
2013-09-05 13:57 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-05 13:02 - 2013-09-05 13:02 - 02347384 _____ (ESET) C:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu.exe
2013-09-05 13:02 - 2013-09-05 13:02 - 02347384 _____ (ESET) C:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu (1).exe
2013-09-05 13:00 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 13:00 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 12:56 - 2013-08-21 20:45 - 00369585 _____ C:\Windows\WindowsUpdate.log
2013-09-05 10:07 - 2013-08-22 09:02 - 00003091 _____ C:\Windows\setupact.log
2013-09-05 10:04 - 2013-09-05 10:04 - 00031012 _____ C:\Users\Mario Broksch\Downloads\FRST.txt
2013-09-05 10:04 - 2013-09-05 10:04 - 00013796 _____ C:\Users\Mario Broksch\Downloads\Addition.txt
2013-09-05 09:47 - 2013-09-05 09:47 - 01947160 _____ (Farbar) C:\Users\Mario Broksch\Downloads\FRST64.exe
2013-09-05 09:42 - 2013-09-05 09:42 - 00000974 _____ C:\Users\Mario Broksch\Desktop\JRT.txt
2013-09-05 09:37 - 2013-09-05 09:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 09:24 - 2013-09-05 08:53 - 00000000 ____D C:\AdwCleaner
2013-09-05 09:12 - 2013-09-04 13:13 - 00006068 _____ C:\Windows\PFRO.log
2013-09-05 08:54 - 2013-09-05 08:54 - 00020964 _____ C:\Users\Mario Broksch\Desktop\virusdateien.odt
2013-09-05 08:52 - 2013-09-05 08:52 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 08:52 - 2013-09-05 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 08:50 - 2013-09-05 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mario Broksch\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01037222 _____ C:\Users\Mario Broksch\Downloads\adwcleaner.exe
2013-09-05 08:49 - 2013-09-05 08:49 - 01028757 _____ (Thisisu) C:\Users\Mario Broksch\Downloads\JRT.exe
2013-09-05 08:49 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-05 08:45 - 2013-07-02 21:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 22:24 - 2013-09-04 22:24 - 00000000 ____D C:\FRST
2013-09-04 21:10 - 2013-07-02 21:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.plnk
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 ____D C:\Users\.wh..wh.orph
2013-09-04 14:19 - 2013-09-04 14:19 - 00000000 _____ C:\Users\.wh..wh.aufs
2013-09-04 14:18 - 2013-09-04 14:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 13:17 - 2013-09-04 13:16 - 00017731 _____ C:\Users\Mario Broksch\Desktop\Addition.txt
2013-09-04 13:17 - 2011-03-11 11:20 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-04 13:17 - 2011-03-11 11:20 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-04 13:17 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 13:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 13:16 - 2013-09-03 13:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 13:15 - 2013-07-11 08:52 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-03 13:13 - 2013-07-03 07:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 13:13 - 2013-07-02 21:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 12:23 - 2013-09-03 12:23 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\avgchrome
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 12:14 - 2013-07-03 07:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client
2013-09-03 09:37 - 2013-09-03 09:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-29 08:15 - 2013-07-02 20:42 - 00063568 _____ C:\Users\MARIOB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 08:14 - 2009-07-14 06:45 - 00306448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 23:40 - 2013-08-28 23:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 23:40 - 2013-08-28 23:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 23:40 - 2013-08-28 23:25 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 23:39 - 2013-08-28 23:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 23:39 - 2013-08-28 23:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 23:39 - 2013-08-28 23:38 - 00000000 ____D C:\Program Files\DivX
2013-08-28 23:25 - 2013-08-28 23:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-22 14:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-22 13:51 - 2013-08-22 13:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 12:56 - 2013-08-22 12:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 12:56 - 2013-07-11 08:57 - 00000000 ____D C:\ProgramData\UDL
2013-08-22 12:55 - 2013-07-11 08:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-08-22 12:55 - 2013-07-11 08:55 - 00000308 _____ C:\Windows\setup.iss
2013-08-22 12:55 - 2013-07-03 20:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-22 09:02 - 2013-08-22 09:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-22 08:58 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-22 00:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 20:58 - 2013-08-21 20:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 20:45 - 2013-07-01 03:28 - 00000000 ____D C:\Windows\Panther
2013-08-21 20:40 - 2013-08-21 20:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 20:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-21 20:13 - 2013-08-21 20:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 20:07 - 2013-08-21 20:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-12 18:37 - 2013-07-11 08:45 - 00000000 ____D C:\ProgramData\EPSON
2013-08-07 19:43 - 2013-07-02 23:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer
2013-08-07 19:42 - 2013-07-02 23:56 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple Computer
2013-08-07 19:41 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 19:36 - 2013-08-07 19:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 19:27 - 2013-08-07 19:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 19:26 - 2013-08-07 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Users\MARIOB~1\AppData\Local\Apple
2013-08-07 19:25 - 2013-08-07 19:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 19:24 - 2013-08-07 19:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 19:18 - 2013-08-07 19:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

Files to move or delete:
====================
C:\Users\MARIOB~1\AppData\Local\Temp\Quarantine.exe
C:\Users\MARIOB~1\AppData\Local\Temp\uninst1.exe
C:\Users\MARIOB~1\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\MARIOB~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\MARIOB~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\MARIOB~1\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll
C:\Users\MARIOB~1\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 22:09

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

und Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2013
Ran by Mario Broksch at 2013-09-05 19:19:14
Running from C:\Users\Mario Broksch\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMI VR-pulse OS Switcher (Version: 1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Bonjour (Version: 3.0.0.10)
ckerdeinstallation für EPSON BX535WD Series
DivX-Setup (x32 Version: 2.6.1.44)
Epson Easy Photo Print 2 (x32 Version: 2.3.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel(R) Processor Graphics (x32 Version: 9.17.10.3062)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.0.3000)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Lyrics Seeker (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
TeamSpeak 3 Client (Version: 3.0.11.1)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VR-pulse Installer (Version: 1.4.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

07-08-2013 17:40:59 Installed iCloud
20-08-2013 00:05:13 Geplanter Prüfpunkt
21-08-2013 08:28:37 Windows Modules Installer
21-08-2013 18:31:33 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion Browser•ÆA
21-08-2013 18:41:25 Removed EpsonNet Config V4
22-08-2013 10:40:45 Gerätetreiber-Paketinstallation: EPSON Drucker
22-08-2013 10:55:07 Installiert Easy Photo Print Plug-in for PMB(Picture Motion BrowÀlóN
31-08-2013 04:17:17 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {68571249-CE6C-4F6F-8402-D31E8BADEB70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {76525465-9979-436A-BA8E-7550B8AB1200} - \Lyrics Seeker Update No Task File
Task: {7FD66917-3E6B-4937-9C04-29E59452380C} - \DSite No Task File
Task: {856F4B98-483A-44D3-BBEF-92C9176EC96C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC78F21A-99BE-4DB1-9147-CBC9C0756FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-09 04:09 - 2013-03-09 04:09 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-07-03 20:32 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-04 16:20 - 2011-02-04 16:20 - 01070080 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-03-02 12:10 - 2011-03-02 12:10 - 00045568 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\FrWrkDEU.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00817664 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll
2011-03-02 12:25 - 2011-03-02 12:25 - 00006144 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\WiTrDEU.dll
2011-02-04 16:30 - 2011-02-04 16:30 - 01737728 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\PanTray.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 01044992 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL
2011-02-04 16:24 - 2011-02-04 16:24 - 01999872 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00234496 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WiMAXCoEx.dll
2011-02-04 16:26 - 2011-02-04 16:26 - 01323008 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-02-04 16:21 - 2011-02-04 16:21 - 00831488 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-02-04 16:27 - 2011-02-04 16:27 - 00464384 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PanApi.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00176640 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-02-04 16:19 - 2011-02-04 16:19 - 00846336 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2011-03-02 12:18 - 2011-03-02 12:18 - 00096768 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\LangResources\DEU\PanTrDEU.dll
2011-09-02 20:49 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 12:40 - 2011-12-21 01:00 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDHTU.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-02 21:38 - 2013-09-03 13:11 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-07-02 21:38 - 2013-09-03 13:12 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-04 21:02 - 2013-09-02 22:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2013 07:09:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2013 07:09:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2013 07:05:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2013 01:03:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2013 01:03:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2013 10:07:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/05/2013 00:54:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/05/2013 09:58:05 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/05/2013 07:09:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu (1).exe

Error: (09/05/2013 07:09:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu.exe

Error: (09/05/2013 07:05:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/05/2013 01:03:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu.exe

Error: (09/05/2013 01:03:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario Broksch\Downloads\esetsmartinstaller_enu.exe

Error: (09/05/2013 10:07:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4003.01 MB
Available physical RAM: 2133.45 MB
Total Pagefile: 8004.2 MB
Available Pagefile: 5868.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:495.28 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Achso und ihc habe auf fast jeder Homepage Warnungen mit z.B.: "Windows Fehler zum sofortigen reparieren hier klicken" und so Späße. Sieht wahnsinnig seriös aus^^

schrauber · 06.09.2013, 08:18

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

In welchem Browser hast Du die Probleme?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files (x86)\LyricsSeeker
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Lyrics Seeker) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0
2013-09-03 12:21 - 2013-09-05 08:49 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
Task: {76525465-9979-436A-BA8E-7550B8AB1200} - \Lyrics Seeker Update No Task File
Task: {7FD66917-3E6B-4937-9C04-29E59452380C} - \DSite No Task File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

wida_da · 06.09.2013, 08:57

Im Google Chrome. Ich führe mal die Anweisungen aus

Farber Server Scanner:

Code:

ATTFilter

Farbar Service Scanner Version: 05-09-2013
Ran by Mario Broksch (administrator) on 06-09-2013 at 09:50:31
Running from "C:\Users\Mario Broksch\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Der BRowser ist wieder schneller geworden. Aber es hat sich beim Aufrufen dieser Seite wieder ein Popup geöffnet. Führe nun letzten Schritt aus

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-09-2013
Ran by Mario Broksch at 2013-09-06 09:57:21 Run:1
Running from C:\Users\Mario Broksch\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\LyricsSeeker
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Lyrics Seeker) - C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0
2013-09-03 12:21 - 2013-09-05 08:49 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 12:21 - 2013-09-03 12:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
Task: {76525465-9979-436A-BA8E-7550B8AB1200} - \Lyrics Seeker Update No Task File
Task: {7FD66917-3E6B-4937-9C04-29E59452380C} - \DSite No Task File
         
*****************

C:\Program Files (x86)\LyricsSeeker => Moved successfully.
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\MARIOB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj => Moved successfully.
"C:\Program Files (x86)\LyricsSeeker" => File/Directory not found.
C:\Windows\SysWOW64\searchplugins => Moved successfully.
C:\Windows\SysWOW64\Extensions => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76525465-9979-436A-BA8E-7550B8AB1200} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76525465-9979-436A-BA8E-7550B8AB1200} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lyrics Seeker Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FD66917-3E6B-4937-9C04-29E59452380C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FD66917-3E6B-4937-9C04-29E59452380C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.

==== End of Fixlog ====

schrauber · 06.09.2013, 10:42

Teste nochmal nach dem Fix. Wenn imme rnoch, Browser deinstallieren, keine Daten behalten, neu installieren.

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

wida_da · 07.09.2013, 11:41

Ok alles erledigt. Sieht bis jetzt gut aus. Ich bedanke mich sehr herzlich.

Gruß wida_da

schrauber · 07.09.2013, 14:49

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

wida_da · 07.09.2013, 15:46

Jo ist weiterhin Alles gut hier. Mir ist zwar gestern noch mein 2ter Lappi komplett abgek..kt, weil meine Freundin den zugemacht hat als er hochgefahren ist, aber den hab ich gloi neu gemacht.
Danke nochmal für die Hilfe und die Idiotensichere Anleitung.

Werde euch/dich wärmstens weiterempfehlen.

Ist der Chrome keine gute Alternative?
Coole Tipps

as mit dem Malwarebytes werde ich in Zukunft machen, den CCleaner nicht mehr über die Registry laufen lassen, ansonsten bin ich ja vernünftig und diese Ausnahme hat mich einiges gelehrt.

Vielen Vielen Dank Schrauber

schrauber · 07.09.2013, 21:18

Ich bin kein freund von Chrome

07.09.2013, 21:18	#14
schrauber /// the machine /// TB-Ausbilder	https://gqs.donedrive.net popups öffnen ständig Ich bin kein freund von Chrome __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

https://gqs.donedrive.net popups öffnen ständig

Log-Analyse und Auswertung: https://gqs.donedrive.net popups öffnen ständig