Hallo,
nach dem Start meines Pcs kommt immer die Fehlermeldung "NSIS Error launching installer", ohne dass ich irgendetwas gemacht habe.
Kann mir bitte jemand weiterhelfen, das nervt soooo!!!
glg

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo!
vielen Dank für deine schnelle Hilfe!
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by Katha (administrator) on KATHA-PC on 16-09-2013 09:52:34
Running from C:\Users\Katha\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Expert System S.p.A.) C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bibliographisches Institut GmbH) C:\Program Files\Duden\Duden-Bibliothek\dudenbib.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [686624 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe [332432 2011-07-04] (Expert System S.p.A.)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {e7a04ee5-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe
MountPoints2: {e7a04ef4-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372754246676.000002&tguid=46364-3869-1372754246676-7F1429DF234A68B5F1DD997C67F3DCFB&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372754246676.000002&tguid=46364-3869-1372754246676-7F1429DF234A68B5F1DD997C67F3DCFB&q={searchTerms}
SearchScopes: HKCU - {7DFA4782-A9FC-4274-97A2-556349A541C6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {F799776D-EF5D-43E0-B75F-FB5D13926938} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=7cef6ef6-4cfa-4d69-ba7b-c5ff10fb4a39&apn_sauid=EF0AD8D9-67FA-46CE-80A4-504C0AA0A5D7
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5871059F-86EB-460D-BAE1-F39D1D1B4A8C}: [NameServer]156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{FCB1E68F-4530-40D0-A107-DF558BF95570}: [NameServer]156.154.70.25,156.154.71.25

FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\35ng8q79.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter

========================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2013-06-18] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-06-18] (COMODO)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 09:51 - 2013-09-16 09:51 - 01084083 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-15 21:30 - 2013-09-15 21:31 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-12 15:08 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 15:08 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 15:08 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 15:08 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 08:52 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:52 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:52 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:52 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-09 12:56 - 2013-09-09 12:56 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto0001.tif
2013-09-09 12:52 - 2013-09-09 12:52 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto.tif
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 00:17 - 2013-09-06 00:17 - 00000992 _____ C:\Users\Katha\Desktop\MSConfigCleanUp.lnk
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:25 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-05 09:25 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-05 09:25 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-05 09:25 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-05 09:25 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-05 09:25 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-05 09:25 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-05 09:25 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-05 09:25 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-05 09:25 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-05 09:25 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-05 09:25 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-05 09:25 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-05 09:25 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-05 09:25 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-05 09:23 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-05 09:23 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-05 09:23 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-05 09:23 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-05 09:23 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-05 09:18 - 2013-09-05 09:27 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 11:04 - 2013-09-04 11:04 - 00000000 ____D C:\Program Files\ESET
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:16 - 2013-09-04 09:23 - 00000000 ____D C:\AdwCleaner
2013-09-04 09:15 - 2013-09-04 09:15 - 01037222 _____ C:\Users\Katha\Desktop\adwcleaner.exe
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:26 - 2013-09-16 09:44 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-03 22:25 - 2013-09-16 08:57 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:24 - 2013-09-03 22:25 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-08-17 10:01 - 2013-09-04 09:10 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 09:51 - 2013-09-16 09:51 - 01084083 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-16 09:47 - 2010-06-30 11:46 - 01510528 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 09:45 - 2012-10-05 15:39 - 01295362 _____ C:\Windows\WindowsUpdate.log
2013-09-16 09:44 - 2013-09-03 22:26 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-16 09:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-16 09:13 - 2012-10-08 10:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 09:04 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 09:04 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 08:57 - 2013-09-03 22:25 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-16 08:57 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 08:57 - 2009-07-14 06:39 - 00066549 _____ C:\Windows\setupact.log
2013-09-15 21:31 - 2013-09-15 21:30 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-14 01:10 - 2010-06-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 16:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-12 15:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 15:18 - 2009-07-14 06:33 - 00435520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 15:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 15:04 - 2013-08-14 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 15:02 - 2010-06-30 12:43 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-10 15:29 - 2012-10-05 15:42 - 00115104 _____ C:\Users\Katha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-09 12:56 - 2013-09-09 12:56 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto0001.tif
2013-09-09 12:52 - 2013-09-09 12:52 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto.tif
2013-09-08 13:22 - 2012-11-27 18:15 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Dropbox
2013-09-08 13:08 - 2012-11-27 18:15 - 00000000 ___RD C:\Users\Katha\Desktop\Dropbox
2013-09-08 13:07 - 2013-01-31 19:48 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 10:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-06 00:17 - 2013-09-06 00:17 - 00000992 _____ C:\Users\Katha\Desktop\MSConfigCleanUp.lnk
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:34 - 2012-10-29 10:53 - 00000000 ____D C:\Users\Katha\Documents\Allgemein
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:27 - 2013-09-05 09:18 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:26 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-05 09:25 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Intel
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 11:04 - 2013-09-04 11:04 - 00000000 ____D C:\Program Files\ESET
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:23 - 2013-09-04 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-04 09:15 - 2013-09-04 09:15 - 01037222 _____ C:\Users\Katha\Desktop\adwcleaner.exe
2013-09-04 09:10 - 2013-08-17 10:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:25 - 2013-09-03 22:24 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-09-03 22:18 - 2010-06-30 13:06 - 00388724 _____ C:\Windows\PFRO.log
2013-09-03 22:17 - 2012-10-06 11:12 - 00000000 ____D C:\ProgramData\Avira
2013-08-24 14:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-18 09:33 - 2012-10-24 19:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\Temp\APNStub.exe
C:\Users\Katha\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\Quarantine.exe
C:\Users\Katha\AppData\Local\Temp\ResetDevice.exe
C:\Users\Katha\AppData\Local\Temp\setup.exe
C:\Users\Katha\AppData\Local\Temp\tbu7BC3.exe
C:\Users\Katha\AppData\Local\Temp\tbu7C50.exe
C:\Users\Katha\AppData\Local\Temp\tbu8545.exe
C:\Users\Katha\AppData\Local\Temp\tbu8F9.exe
C:\Users\Katha\AppData\Local\Temp\tbuA929.exe
C:\Users\Katha\AppData\Local\Temp\tbuC87E.exe
C:\Users\Katha\AppData\Local\Temp\tbuE3D8.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 11:20

==================== End Of Log =========================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013
Ran by Katha at 2013-09-16 09:56:25
Running from C:\Users\Katha\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Comodo Dragon (Version: 27.0.4.0)
COMODO Internet Security Premium (Version: 6.2.20728.2847)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink LabelPrint (Version: 2.5.2602)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
CyberLink YouCam (Version: 3.0.2626)
Dropbox (HKCU Version: 2.0.22)
Duden-Rechtschreibprüfung kompakt (Version: 8.0)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.66)
GeekBuddy (Version: 4.8.66)
Intel(R) Control Center (Version: 1.2.1.1008)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2092)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 11.6.0.1030)
Intel(R) TV Wizard
Junk Mail filter update (Version: 14.0.8117.416)
Launch Manager V1.5.0.8 (Version: 1.5.0.8)
Medion Home Cinema (Version: 8.0.1505)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSConfig CleanUp 1.2
MSVCRT (Version: 14.0.1468.721)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
REALTEK Wireless LAN Driver (Version: 1.00.0148)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
System Requirements Lab for Intel (Version: 4.5.9.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.3 (Version: 2.0.3)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
X10 Hardware(TM)

==================== Restore Points  =========================

03-09-2013 20:26:01 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
04-09-2013 07:09:14 Removed Java(TM) 6 Update 20
05-09-2013 07:23:15 Windows Update
07-09-2013 23:06:55 Removed Java 7 Update 25
10-09-2013 13:25:50 Duden-Rechtschreibprüfung kompakt wurde installiert.
12-09-2013 13:02:13 Windows Update
12-09-2013 17:06:18 Windows Update
12-09-2013 22:37:31 Windows Update
13-09-2013 16:42:03 Windows Update
13-09-2013 23:07:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09A30324-3A79-42B6-A55D-B63A36D2805C} - \Browser Updater\Browser Updater No Task File
Task: {0C8AF884-057A-413D-8627-415A178C49CC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1E1918BD-2994-4D64-BA82-3789DD0E7186} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {528A233D-0D52-464E-9A2C-FA08D2F433D9} - System32\Tasks\{2E458150-0B79-4938-B856-8EA9CAE6198B} => C:\Program Files\PDFCreator\PDFCreator.exe
Task: {6194E901-BA5D-4FE0-A3C7-50D06FAE2A07} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {62FC4DE0-A3EE-4CAE-822B-0252BCE1B0DC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {70D5D9DA-2159-458A-AD77-B86A03A8C95A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {92608135-E2E7-4320-80DE-715FD9D0959B} - System32\Tasks\{5545BD23-785D-4030-A7CD-6620BB0FC46C} => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe [2012-09-01] (Intel Corporation)
Task: {BE63225D-1575-42EF-B717-51856B12689D} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {E89A73D8-49AB-4883-8CAE-769498838514} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO)
Task: {EDDCDEAD-D1B5-4D52-B445-B4E02175BD54} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 16:15 - 2013-06-18 16:15 - 00348584 _____ (COMODO) C:\Windows\system32\guard32.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Katha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-01-10 21:17 - 2012-01-10 21:17 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2010-06-30 12:00 - 2010-03-17 16:53 - 00141856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM\RtkCfg.dll
2010-06-30 12:00 - 2010-03-17 16:53 - 02649120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2010-06-30 12:26 - 2009-10-22 16:58 - 00211232 _____ (Wistron Corp.) C:\Program Files\Launch Manager\KBHOOK.dll
2010-06-30 11:53 - 2009-12-11 05:23 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-06-30 11:53 - 2009-12-11 05:23 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-09-07 15:38 - 2009-09-07 15:38 - 00013608 ____N (TODO: <Company name>) C:\Program Files\CyberLink\YouCam\Custom\Lang\DEU\IM.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2011-07-04 10:39 - 2011-07-04 10:39 - 00191120 _____ (Expert System S.p.A.) C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKFx.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 00116736 _____ () C:\Program Files\Duden\Duden-Rechtschreibprüfung\MBControls.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 01232384 _____ (Bibliographisches Institut GmbH) C:\Program Files\Duden\Duden-Rechtschreibprüfung\dpf.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 00340480 _____ (Bibliographisches Institut und F. A. Brockhaus AG) C:\Program Files\Duden\Duden-Rechtschreibprüfung\SX.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 01081856 _____ (IAI) C:\Program Files\Duden\Duden-Rechtschreibprüfung\dle.dll
2009-07-14 02:17 - 2010-11-20 14:21 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
2009-07-14 02:56 - 2010-11-20 14:20 - 00747520 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
2009-07-14 02:58 - 2009-07-14 03:15 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\EP0NB01B.DLL
2009-07-14 02:58 - 2009-07-14 03:15 - 00293888 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\EP0NB01A.DLL
2009-07-14 02:56 - 2010-11-20 14:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\unires.dll
2013-06-18 16:15 - 2013-06-18 16:15 - 03360984 _____ (Terra Informatica Software, Inc.) C:\Program Files\Comodo\COMODO Internet Security\cmdhtml.dll
2013-08-14 23:51 - 2013-08-14 23:51 - 00361984 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\3b74c701c6a1a66ae27f1f35500858ee\IAStorUtil.ni.dll
2013-07-11 11:02 - 2013-07-11 11:02 - 00026112 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2eb645e64a1916c99024a1ed23e2f92b\IAStorCommon.ni.dll
2013-08-17 10:01 - 2013-08-17 10:01 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-11 10:13 - 2013-09-11 10:13 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 09:31:54 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (09/15/2013 09:30:38 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (09/13/2013 10:49:10 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/13/2013 10:48:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (09/12/2013 10:11:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/12/2013 10:11:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (09/12/2013 09:28:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/12/2013 09:28:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (09/11/2013 11:21:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/11/2013 11:20:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (09/13/2013 06:42:21 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/13/2013 11:00:48 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.

Error: (09/12/2013 07:06:37 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/12/2013 04:24:48 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.

Error: (09/12/2013 10:22:24 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.

Error: (09/12/2013 08:42:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Rapid Storage-Technologie" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/12/2013 08:42:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage-Technologie erreicht.

Error: (09/10/2013 10:14:23 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.

Error: (09/09/2013 11:57:37 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.

Error: (09/07/2013 01:56:03 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3510.6 MB
Available physical RAM: 1191.16 MB
Total Pagefile: 7019.48 MB
Available Pagefile: 4214.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.21 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:384.93 GB) NTFS
Drive d: (RECOVER) (Fixed) (Total:40 GB) (Free:30.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A473449C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.


Windows-taste+R, schreibe

chkdsk /r

und drücke Enter.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.16.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Katha :: KATHA-PC [Administrator]

16.09.2013 11:51:01
mbam-log-2013-09-16 (11-51-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336429
Laufzeit: 1 Stunde(n), 31 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\COMODO\Cis\Quarantine\data\{55F53C42-EF52-4018-91BE-5AF00DDCA710} (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 16/09/2013 um 13:38:04
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Katha - KATHA-PC
# Gestartet von : C:\Users\Katha\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Katha\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\35ng8q79.default-1376554018432\prefs.js ]


*************************

AdwCleaner[R0].txt - [7635 octets] - [04/09/2013 09:16:54]
AdwCleaner[R1].txt - [1092 octets] - [16/09/2013 13:36:32]
AdwCleaner[S0].txt - [6735 octets] - [04/09/2013 09:22:56]
AdwCleaner[S1].txt - [1016 octets] - [16/09/2013 13:38:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1076 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Katha on 16.09.2013 at 13:49:33,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F799776D-EF5D-43E0-B75F-FB5D13926938}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\35ng8q79.default-1376554018432\minidumps [25 files]



~~~ Event Viewer Logs were cleared
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by Katha (administrator) on KATHA-PC on 16-09-2013 14:08:36
Running from C:\Users\Katha\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Expert System S.p.A.) C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bibliographisches Institut GmbH) C:\Program Files\Duden\Duden-Bibliothek\dudenbib.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [686624 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe [332432 2011-07-04] (Expert System S.p.A.)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {e7a04ee5-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe
MountPoints2: {e7a04ef4-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {7DFA4782-A9FC-4274-97A2-556349A541C6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5871059F-86EB-460D-BAE1-F39D1D1B4A8C}: [NameServer]156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{FCB1E68F-4530-40D0-A107-DF558BF95570}: [NameServer]156.154.70.25,156.154.71.25

FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\35ng8q79.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter

========================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2013-06-18] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 13:55 - 2013-09-16 13:55 - 00000943 _____ C:\Users\Katha\Desktop\JRT.txt
2013-09-16 13:45 - 2013-09-16 13:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 13:44 - 2013-09-16 13:44 - 01029675 _____ (Thisisu) C:\Users\Katha\Downloads\JRT.exe
2013-09-16 13:35 - 2013-09-16 13:35 - 01039554 _____ C:\Users\Katha\Downloads\adwcleaner.exe
2013-09-16 11:50 - 2013-09-16 11:50 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 11:49 - 2013-09-16 11:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 11:49 - 2013-09-16 11:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Katha\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-16 11:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-16 09:56 - 2013-09-16 09:57 - 00019612 _____ C:\Users\Katha\Downloads\Addition.txt
2013-09-16 09:51 - 2013-09-16 09:51 - 01084083 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-15 21:30 - 2013-09-15 21:31 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-12 15:08 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 15:08 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 15:08 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 15:08 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 08:52 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:52 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:52 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:52 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-09 12:56 - 2013-09-09 12:56 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto0001.tif
2013-09-09 12:52 - 2013-09-09 12:52 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto.tif
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 00:17 - 2013-09-06 00:17 - 00000992 _____ C:\Users\Katha\Desktop\MSConfigCleanUp.lnk
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:25 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-05 09:25 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-05 09:25 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-05 09:25 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-05 09:25 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-05 09:25 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-05 09:25 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-05 09:25 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-05 09:25 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-05 09:25 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-05 09:25 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-05 09:25 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-05 09:25 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-05 09:25 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-05 09:25 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-05 09:23 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-05 09:23 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-05 09:23 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-05 09:23 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-05 09:23 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-05 09:18 - 2013-09-05 09:27 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 11:04 - 2013-09-04 11:04 - 00000000 ____D C:\Program Files\ESET
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:16 - 2013-09-16 13:38 - 00000000 ____D C:\AdwCleaner
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:26 - 2013-09-16 13:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-03 22:25 - 2013-09-16 13:48 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:24 - 2013-09-03 22:25 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-08-17 10:01 - 2013-09-04 09:10 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 14:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-16 13:55 - 2013-09-16 13:55 - 00000943 _____ C:\Users\Katha\Desktop\JRT.txt
2013-09-16 13:55 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 13:55 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 13:51 - 2012-10-05 15:39 - 01314262 _____ C:\Windows\WindowsUpdate.log
2013-09-16 13:48 - 2013-09-03 22:25 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-16 13:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 13:47 - 2009-07-14 06:39 - 00066717 _____ C:\Windows\setupact.log
2013-09-16 13:45 - 2013-09-16 13:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 13:44 - 2013-09-16 13:44 - 01029675 _____ (Thisisu) C:\Users\Katha\Downloads\JRT.exe
2013-09-16 13:38 - 2013-09-04 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-16 13:38 - 2013-09-03 22:26 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-16 13:35 - 2013-09-16 13:35 - 01039554 _____ C:\Users\Katha\Downloads\adwcleaner.exe
2013-09-16 13:26 - 2010-06-30 13:06 - 00389132 _____ C:\Windows\PFRO.log
2013-09-16 13:13 - 2012-10-08 10:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 11:50 - 2013-09-16 11:50 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 11:50 - 2013-09-16 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 11:49 - 2013-09-16 11:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Katha\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-16 09:57 - 2013-09-16 09:56 - 00019612 _____ C:\Users\Katha\Downloads\Addition.txt
2013-09-16 09:51 - 2013-09-16 09:51 - 01084083 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-16 09:47 - 2010-06-30 11:46 - 01510528 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 21:31 - 2013-09-15 21:30 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-14 01:10 - 2010-06-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 16:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-12 15:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 15:18 - 2009-07-14 06:33 - 00435520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 15:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 15:04 - 2013-08-14 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 15:02 - 2010-06-30 12:43 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-10 15:29 - 2012-10-05 15:42 - 00115104 _____ C:\Users\Katha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-09 12:56 - 2013-09-09 12:56 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto0001.tif
2013-09-09 12:52 - 2013-09-09 12:52 - 00150986 ____N C:\Users\Katha\Documents\Ganzseitiges Foto.tif
2013-09-08 13:22 - 2012-11-27 18:15 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Dropbox
2013-09-08 13:08 - 2012-11-27 18:15 - 00000000 ___RD C:\Users\Katha\Desktop\Dropbox
2013-09-08 13:07 - 2013-01-31 19:48 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 10:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-06 00:17 - 2013-09-06 00:17 - 00000992 _____ C:\Users\Katha\Desktop\MSConfigCleanUp.lnk
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:34 - 2012-10-29 10:53 - 00000000 ____D C:\Users\Katha\Documents\Allgemein
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:27 - 2013-09-05 09:18 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:26 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-05 09:25 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Intel
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 11:04 - 2013-09-04 11:04 - 00000000 ____D C:\Program Files\ESET
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:10 - 2013-08-17 10:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:25 - 2013-09-03 22:24 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-09-03 22:17 - 2012-10-06 11:12 - 00000000 ____D C:\ProgramData\Avira
2013-08-24 14:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-18 09:33 - 2012-10-24 19:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\Temp\APNStub.exe
C:\Users\Katha\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\Quarantine.exe
C:\Users\Katha\AppData\Local\Temp\ResetDevice.exe
C:\Users\Katha\AppData\Local\Temp\setup.exe
C:\Users\Katha\AppData\Local\Temp\tbu7BC3.exe
C:\Users\Katha\AppData\Local\Temp\tbu7C50.exe
C:\Users\Katha\AppData\Local\Temp\tbu8545.exe
C:\Users\Katha\AppData\Local\Temp\tbu8F9.exe
C:\Users\Katha\AppData\Local\Temp\tbuA929.exe
C:\Users\Katha\AppData\Local\Temp\tbuC87E.exe
C:\Users\Katha\AppData\Local\Temp\tbuE3D8.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 11:20

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

die Fehlermeldung ist leider immer noch da!!! ahhh!

Onlinescan, dann schau ich weiter nach der Meldung.


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=705bdb6a55fd4a4bab357bec3dc1d244
# engine=15156
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-16 10:01:42
# local_time=2013-09-17 12:01:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 7093 17886146 0 0
# compatibility_mode=5893 16776574 100 94 5841099 131000093 0 0
# scanned=110631
# found=2
# cleaned=0
# scan_time=3576
sh=3DDB356F147922B4B21068D9C69B9452E437A15C ft=0 fh=0000000000000000 vn="VBS/AutoRun.HX worm" ac=I fn="C:\Users\Katha\AppData\Local\Temp\ADMIN.vbe"
sh=D1BDCD06108A6BF848CF72181003EA587D1FBDB1 ft=0 fh=0000000000000000 vn="VBS/Agent.NCF worm" ac=I fn="C:\Users\Katha\AppData\Local\Temp\uac.bat"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=705bdb6a55fd4a4bab357bec3dc1d244
# engine=15156
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-17 07:51:14
# local_time=2013-09-17 09:51:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 3446 17921518 0 0
# compatibility_mode=5893 16776574 100 94 5876471 131035465 0 0
# scanned=111240
# found=2
# cleaned=0
# scan_time=3245
sh=3DDB356F147922B4B21068D9C69B9452E437A15C ft=0 fh=0000000000000000 vn="VBS/AutoRun.HX worm" ac=I fn="C:\Users\Katha\AppData\Local\Temp\ADMIN.vbe"
sh=D1BDCD06108A6BF848CF72181003EA587D1FBDB1 ft=0 fh=0000000000000000 vn="VBS/Agent.NCF worm" ac=I fn="C:\Users\Katha\AppData\Local\Temp\uac.bat"
         

Code: Alles auswählenAufklappen

ATTFilter

Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (23.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by Katha (administrator) on KATHA-PC on 17-09-2013 10:14:31
Running from C:\Users\Katha\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Expert System S.p.A.) C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Bibliographisches Institut GmbH) C:\Program Files\Duden\Duden-Bibliothek\dudenbib.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [686624 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe [332432 2011-07-04] (Expert System S.p.A.)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {e7a04ee5-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe
MountPoints2: {e7a04ef4-cbb8-11e2-8a8b-00262df7cdc5} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {7DFA4782-A9FC-4274-97A2-556349A541C6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5871059F-86EB-460D-BAE1-F39D1D1B4A8C}: [NameServer]156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{FCB1E68F-4530-40D0-A107-DF558BF95570}: [NameServer]156.154.70.25,156.154.71.25

FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\35ng8q79.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter

========================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2013-06-18] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 10:13 - 2013-09-17 10:13 - 01083437 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-17 10:05 - 2013-09-17 10:05 - 00891144 _____ C:\Users\Katha\Desktop\SecurityCheck.exe
2013-09-16 16:18 - 2013-09-16 16:18 - 00003544 ____N C:\bootsqm.dat
2013-09-16 13:45 - 2013-09-16 13:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 11:50 - 2013-09-16 11:50 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 11:49 - 2013-09-16 11:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 11:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 21:30 - 2013-09-15 21:31 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-12 15:08 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 15:08 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 15:08 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 15:08 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 15:08 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 15:08 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 08:52 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:52 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:52 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:52 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:52 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:52 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:25 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-05 09:25 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-05 09:25 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-05 09:25 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-05 09:25 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-05 09:25 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-05 09:25 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-05 09:25 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-05 09:25 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-05 09:25 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-05 09:25 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-05 09:25 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-05 09:25 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-05 09:25 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-05 09:25 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-05 09:25 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-05 09:23 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-05 09:23 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-05 09:23 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-05 09:23 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-05 09:23 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-05 09:18 - 2013-09-05 09:27 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:16 - 2013-09-16 13:38 - 00000000 ____D C:\AdwCleaner
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:26 - 2013-09-17 10:11 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-03 22:25 - 2013-09-17 08:41 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:25 - 2013-09-03 22:27 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:24 - 2013-09-03 22:25 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader

==================== One Month Modified Files and Folders =======

2013-09-17 10:13 - 2013-09-17 10:13 - 01083437 _____ (Farbar) C:\Users\Katha\Downloads\FRST.exe
2013-09-17 10:13 - 2012-10-08 10:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 10:11 - 2013-09-03 22:26 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-17 10:05 - 2013-09-17 10:05 - 00891144 _____ C:\Users\Katha\Desktop\SecurityCheck.exe
2013-09-17 09:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-17 08:48 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 08:48 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 08:45 - 2012-10-05 15:39 - 01342258 _____ C:\Windows\WindowsUpdate.log
2013-09-17 08:41 - 2013-09-03 22:25 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-17 08:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 08:41 - 2009-07-14 06:39 - 00066941 _____ C:\Windows\setupact.log
2013-09-17 00:16 - 2013-05-10 13:50 - 00011202 _____ C:\Windows\IE10_main.log
2013-09-16 22:33 - 2010-06-30 11:46 - 01510528 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 16:18 - 2013-09-16 16:18 - 00003544 ____N C:\bootsqm.dat
2013-09-16 13:45 - 2013-09-16 13:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 13:38 - 2013-09-04 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-16 13:26 - 2010-06-30 13:06 - 00389132 _____ C:\Windows\PFRO.log
2013-09-16 11:50 - 2013-09-16 11:50 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 11:50 - 2013-09-16 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-15 21:31 - 2013-09-15 21:30 - 00001548 _____ C:\Windows\KB893803v2.log
2013-09-14 01:10 - 2010-06-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 16:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-12 15:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 15:18 - 2009-07-14 06:33 - 00435520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 15:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 15:04 - 2013-08-14 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 15:02 - 2010-06-30 12:43 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 10:13 - 2012-10-08 10:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 15:29 - 2013-09-10 15:29 - 00000000 ____D C:\Users\Katha\Documents\Add-in Express
2013-09-10 15:29 - 2012-10-05 15:42 - 00115104 _____ C:\Users\Katha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-08 13:22 - 2012-11-27 18:15 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Dropbox
2013-09-08 13:08 - 2012-11-27 18:15 - 00000000 ___RD C:\Users\Katha\Desktop\Dropbox
2013-09-08 13:07 - 2013-01-31 19:48 - 00000000 ____D C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-08 01:10 - 2013-09-08 01:10 - 00000000 ____D C:\Windows\pss
2013-09-06 10:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-06 00:17 - 2013-09-06 00:17 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2013-09-05 09:34 - 2012-10-29 10:53 - 00000000 ____D C:\Users\Katha\Documents\Allgemein
2013-09-05 09:29 - 2013-09-05 09:29 - 00000000 ____D C:\ProgramData\Intel
2013-09-05 09:27 - 2013-09-05 09:18 - 00017894 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-09-05 09:26 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-05 09:25 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Intel
2013-09-05 09:18 - 2013-09-05 09:18 - 00000000 ___HD C:\VTRoot
2013-09-04 09:32 - 2013-09-04 09:32 - 00000000 ____D C:\FRST
2013-09-04 09:10 - 2013-08-17 10:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-04 00:10 - 2013-09-04 00:10 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-03 22:27 - 2013-09-03 22:25 - 00000000 ____D C:\ProgramData\COMODO
2013-09-03 22:25 - 2013-09-03 22:25 - 00000000 ____D C:\Users\Katha\AppData\Local\Comodo
2013-09-03 22:25 - 2013-09-03 22:24 - 00000000 ____D C:\Program Files\Comodo
2013-09-03 22:24 - 2013-09-03 22:24 - 00047368 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-09-03 22:24 - 2013-09-03 22:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-09-03 22:17 - 2012-10-06 11:12 - 00000000 ____D C:\ProgramData\Avira
2013-08-24 14:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-18 09:33 - 2012-10-24 19:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\Temp\APNStub.exe
C:\Users\Katha\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\Quarantine.exe
C:\Users\Katha\AppData\Local\Temp\ResetDevice.exe
C:\Users\Katha\AppData\Local\Temp\setup.exe
C:\Users\Katha\AppData\Local\Temp\tbu7BC3.exe
C:\Users\Katha\AppData\Local\Temp\tbu7C50.exe
C:\Users\Katha\AppData\Local\Temp\tbu8545.exe
C:\Users\Katha\AppData\Local\Temp\tbu8F9.exe
C:\Users\Katha\AppData\Local\Temp\tbuA929.exe
C:\Users\Katha\AppData\Local\Temp\tbuC87E.exe
C:\Users\Katha\AppData\Local\Temp\tbuE3D8.exe


==================== Bamital & volsnap Check =================
         

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by Katha at 2013-09-17 10:18:41
Running from C:\Users\Katha\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Comodo Dragon (Version: 27.0.4.0)
COMODO Internet Security Premium (Version: 6.2.20728.2847)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink LabelPrint (Version: 2.5.2602)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
CyberLink YouCam (Version: 3.0.2626)
Dropbox (HKCU Version: 2.0.22)
Duden-Rechtschreibprüfung kompakt (Version: 8.0)
Free Pdf Perfect Prereq (Version: 1.0.0.66)
GeekBuddy (Version: 4.8.66)
Intel(R) Control Center (Version: 1.2.1.1008)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2092)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 11.6.0.1030)
Intel(R) TV Wizard
Junk Mail filter update (Version: 14.0.8117.416)
Launch Manager V1.5.0.8 (Version: 1.5.0.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Medion Home Cinema (Version: 8.0.1505)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSConfig CleanUp 1.2
MSVCRT (Version: 14.0.1468.721)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
REALTEK Wireless LAN Driver (Version: 1.00.0148)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
System Requirements Lab for Intel (Version: 4.5.9.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.3 (Version: 2.0.3)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
X10 Hardware(TM)

==================== Restore Points  =========================

03-09-2013 20:26:01 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
04-09-2013 07:09:14 Removed Java(TM) 6 Update 20
05-09-2013 07:23:15 Windows Update
07-09-2013 23:06:55 Removed Java 7 Update 25
10-09-2013 13:25:50 Duden-Rechtschreibprüfung kompakt wurde installiert.
12-09-2013 13:02:13 Windows Update
12-09-2013 17:06:18 Windows Update
12-09-2013 22:37:31 Windows Update
13-09-2013 16:42:03 Windows Update
13-09-2013 23:07:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09A30324-3A79-42B6-A55D-B63A36D2805C} - \Browser Updater\Browser Updater No Task File
Task: {0C8AF884-057A-413D-8627-415A178C49CC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1E1918BD-2994-4D64-BA82-3789DD0E7186} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {528A233D-0D52-464E-9A2C-FA08D2F433D9} - System32\Tasks\{2E458150-0B79-4938-B856-8EA9CAE6198B} => C:\Program Files\PDFCreator\PDFCreator.exe
Task: {6194E901-BA5D-4FE0-A3C7-50D06FAE2A07} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {62FC4DE0-A3EE-4CAE-822B-0252BCE1B0DC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {70D5D9DA-2159-458A-AD77-B86A03A8C95A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {92608135-E2E7-4320-80DE-715FD9D0959B} - System32\Tasks\{5545BD23-785D-4030-A7CD-6620BB0FC46C} => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe [2012-09-01] (Intel Corporation)
Task: {BE63225D-1575-42EF-B717-51856B12689D} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {E89A73D8-49AB-4883-8CAE-769498838514} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO)
Task: {EDDCDEAD-D1B5-4D52-B445-B4E02175BD54} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 16:15 - 2013-06-18 16:15 - 00348584 _____ (COMODO) C:\Windows\system32\guard32.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Katha\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-01-10 21:17 - 2012-01-10 21:17 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2010-06-30 12:00 - 2010-03-17 16:53 - 00141856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM\RtkCfg.dll
2010-06-30 12:00 - 2010-03-17 16:53 - 02649120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2010-06-30 12:26 - 2009-10-22 16:58 - 00211232 _____ (Wistron Corp.) C:\Program Files\Launch Manager\KBHOOK.dll
2010-06-30 11:53 - 2009-12-11 05:23 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-06-30 11:53 - 2009-12-11 05:23 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-09-07 15:38 - 2009-09-07 15:38 - 00013608 ____N (TODO: <Company name>) C:\Program Files\CyberLink\YouCam\Custom\Lang\DEU\IM.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2011-07-04 10:39 - 2011-07-04 10:39 - 00191120 _____ (Expert System S.p.A.) C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKFx.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 00116736 _____ () C:\Program Files\Duden\Duden-Rechtschreibprüfung\MBControls.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 01232384 _____ (Bibliographisches Institut GmbH) C:\Program Files\Duden\Duden-Rechtschreibprüfung\dpf.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 00340480 _____ (Bibliographisches Institut und F. A. Brockhaus AG) C:\Program Files\Duden\Duden-Rechtschreibprüfung\SX.dll
2011-07-01 11:37 - 2011-07-01 11:37 - 01081856 _____ (IAI) C:\Program Files\Duden\Duden-Rechtschreibprüfung\dle.dll
2009-07-14 02:17 - 2010-11-20 14:21 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
2009-07-14 02:56 - 2010-11-20 14:20 - 00747520 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
2009-07-14 02:58 - 2009-07-14 03:15 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\EP0NB01B.DLL
2009-07-14 02:58 - 2009-07-14 03:15 - 00293888 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\EP0NB01A.DLL
2009-07-14 02:56 - 2010-11-20 14:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\unires.dll
2013-08-14 23:51 - 2013-08-14 23:51 - 00361984 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\3b74c701c6a1a66ae27f1f35500858ee\IAStorUtil.ni.dll
2013-07-11 11:02 - 2013-07-11 11:02 - 00026112 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2eb645e64a1916c99024a1ed23e2f92b\IAStorCommon.ni.dll
2013-06-18 16:15 - 2013-06-18 16:15 - 03360984 _____ (Terra Informatica Software, Inc.) C:\Program Files\Comodo\COMODO Internet Security\cmdhtml.dll
2013-08-17 10:01 - 2013-08-17 10:01 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/17/2013 08:42:30 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/16/2013 10:58:57 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎16.‎09.‎2013 um 22:55:53 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3510.6 MB
Available physical RAM: 2122.16 MB
Total Pagefile: 7019.48 MB
Available Pagefile: 4915.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.21 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:384.71 GB) NTFS
Drive d: (RECOVER) (Fixed) (Total:40 GB) (Free:30.72 GB) NTFS
Drive h: (INTENSO) (Removable) (Total:3.76 GB) (Free:2.87 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A473449C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.

==================== End Of Log ============================
         

--- --- ---

--- --- ---


na, sagt dir das alles was? =))

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

Task: {09A30324-3A79-42B6-A55D-B63A36D2805C} - \Browser Updater\Browser Updater No Task File
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Kommt die Meldung noch? Wenn ja bitte mal nen Screenshot davon machen.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-09-2013 03
Ran by Katha at 2013-09-17 17:01:15 Run:2
Running from C:\Users\Katha\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {09A30324-3A79-42B6-A55D-B63A36D2805C} - \Browser Updater\Browser Updater No Task File
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09A30324-3A79-42B6-A55D-B63A36D2805C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A30324-3A79-42B6-A55D-B63A36D2805C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key not found.

==== End of Fixlog ====
         

Meldung?

die Fehlermeldung kommt leider immer noch, ich hoffe, du kannst sie sehen!

hab etw gebraucht um zu wissen wie man screenshot macht u ihn dann auch noch hier rein kriegt

wann genau kommt die Meldung?

nach dem ich den Pc hoch gefahren habe und ab und zu während er an ist, aber ohne dass ich dann irgendetwas spezielles mache....

Deinstalliere Comodo komplett, installiere Avast. Teste nochmal.