Avira Meldungen: Adware/bProtect.D und TR/Fakeadb.A; Office Starter 2010 verschwunden

Ahnungs-los · 16.09.2013, 20:22

Am 6.9 erhielt ich die Meldung von avira über die Malware Adware/bProtect.D.
Office StarterPaket 2010 war auf seltsameweise verschwunden. Der Programmordner leer.
Nachdem ich den Adwcleaner 004 von chip gedownloaded und angewendet habe schien alles soweit in Ordnung zu sein. Das Office StarterPaket 2010 war nach einer Systemwiederherstellung wieder vollständig da.

Am 12.9. erhielt ich über avira die Meldung über die Malware "FlashupdaterService.exe" so wie einige andere user auch.

avira hat ihn erkannt, ich habe ihn zunächst in Quarantäne gesteckt.
Beim heutigen hochfahren des PC war wiederum Office StarterPaket 2010 verschwunden.
Avira zeigt in der Quarantäne: TR/Fakeadb.A. Meine Recherche hat mich zu euch geführt.

Was kann ich gegen dieses "Ross" tun?

Bitte um dringende Hilfe,da mein Office und meine Broterwerb lahm liegen.

Danke schön!

schrauber · 16.09.2013, 21:05

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Ahnungs-los · 17.09.2013, 08:36

HI, prima, dass du hilfst, du hast hier ja schon "manchen"

geholfen.

Hier der First:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by renate (administrator) on RENATE-LAPTOP on 17-09-2013 09:27:02
Running from C:\Users\renate\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-03-15] ()
HKCU\...\Run: [Google Update] - C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-18] (Google Inc.)
HKCU\...\Run: [FLV Player] - C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs:   C:\Windows\system32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)
Startup: C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKCU - {610B4AA1-389F-47C5-888F-54CBF6A60F2F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-27] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-12] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:25 - 2013-09-17 09:26 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-17 09:22 - 2013-09-17 09:22 - 01083437 _____ (Farbar) C:\Users\renate\Downloads\FRST (1).exe
2013-09-17 09:21 - 2013-09-17 09:21 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc.exe
2013-09-17 09:21 - 2013-09-17 09:21 - 01083437 _____ (Farbar) C:\Users\renate\Downloads\FRST.exe
2013-09-17 09:05 - 2013-09-17 09:05 - 97922994 _____ C:\Windows\SysWOW64\ꄦ⺄
2013-09-16 20:41 - 2013-09-16 20:41 - 00000000 ____D C:\Users\renate\AppData\Local\{B9C3B84D-BF6F-4C19-AC1F-CC0FD4A5201A}
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 10:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 10:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 10:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 10:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 10:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:30 - 2013-09-12 19:30 - 00000000 ____D C:\Users\renate\AppData\Local\{D9D9E680-A699-4CAA-88E5-C6C5DBC6646B}
2013-09-12 19:14 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 19:14 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 19:14 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 19:14 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 19:14 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 19:14 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 07:14 - 2013-09-10 07:15 - 00000000 ____D C:\Users\renate\AppData\Local\{A5217BE1-BC1A-4762-B721-AD153B5802CC}
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-08 13:54 - 2013-09-08 13:54 - 00000000 ____D C:\Users\renate\AppData\Local\{DC04ACC5-FB9D-4BA1-B6AD-E164D0055762}
2013-09-06 16:56 - 2013-09-06 16:56 - 00000000 ____D C:\Users\renate\AppData\Local\{6CDB49FC-B7EA-4D30-8B85-3E926A64F902}
2013-09-06 15:18 - 2013-09-16 20:17 - 00000000 ____D C:\AdwCleaner
2013-09-06 15:12 - 2013-09-16 20:31 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-06 14:21 - 2013-09-06 14:21 - 00000000 ____D C:\Users\renate\AppData\Local\{E2508246-4432-46D1-B275-A378628358E5}
2013-09-04 13:30 - 2013-09-04 13:30 - 00000000 ____D C:\Users\renate\AppData\Local\{E6A84E10-A50F-4BB3-BE36-23E732F19AF0}
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-08-30 16:30 - 2013-08-30 16:30 - 00000000 ____D C:\Users\renate\AppData\Local\{705F57CF-BB9C-4CC9-BDE6-F6DD24710F1F}
2013-08-29 20:23 - 2013-08-29 20:23 - 00000000 ____D C:\Users\renate\AppData\Local\{FA603BD7-EAB3-4D29-9FAF-E3FB069ED12E}
2013-08-28 22:02 - 2013-08-28 22:03 - 00000000 ____D C:\Users\renate\AppData\Local\{3BE85FB4-C677-4804-B0E4-7AC10603ACC1}
2013-08-27 21:41 - 2013-08-27 21:41 - 00000000 ____D C:\Users\renate\AppData\Local\{0A5A1D7A-1824-4488-A104-4853A7E92AF6}
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-26 21:17 - 2013-08-26 21:17 - 00000000 ____D C:\Users\renate\AppData\Local\{658874E5-2C61-4250-A494-494246623C9F}
2013-08-25 20:04 - 2013-08-25 20:05 - 00000000 ____D C:\Users\renate\AppData\Local\{888665C9-83A5-494B-B315-5CDE3F41BAEF}
2013-08-24 12:00 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 12:00 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-24 12:00 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 12:00 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-24 11:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 11:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-24 11:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 11:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 11:58 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 11:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-24 11:26 - 2013-08-24 11:26 - 00000000 ____D C:\Users\renate\AppData\Local\{45480BCD-8FA4-480B-A71E-212DF79FEAA2}
2013-08-23 17:34 - 2013-08-23 17:34 - 00000000 ____D C:\Users\renate\AppData\Local\{65160940-4F20-43F1-BFBB-96BC3D8BE926}
2013-08-22 20:02 - 2013-08-22 20:02 - 00000000 ____D C:\Users\renate\AppData\Local\{CEB9CD81-4D63-4791-BE9B-8D4880358BE4}
2013-08-22 08:02 - 2013-08-22 08:02 - 00000000 ____D C:\Users\renate\AppData\Local\{D4F4D673-ABDC-4ED1-8B67-8A0C7984795F}
2013-08-20 19:47 - 2013-08-20 19:47 - 00000000 ____D C:\Users\renate\AppData\Local\{86161903-FF88-4313-AE88-F20B7D40F4DB}

==================== One Month Modified Files and Folders =======

2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:26 - 2013-09-17 09:25 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-17 09:22 - 2013-09-17 09:22 - 01083437 _____ (Farbar) C:\Users\renate\Downloads\FRST (1).exe
2013-09-17 09:21 - 2013-09-17 09:21 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc.exe
2013-09-17 09:21 - 2013-09-17 09:21 - 01083437 _____ (Farbar) C:\Users\renate\Downloads\FRST.exe
2013-09-17 09:12 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 09:12 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 09:08 - 2011-08-14 09:22 - 02053720 _____ C:\Windows\WindowsUpdate.log
2013-09-17 09:05 - 2013-09-17 09:05 - 97922994 _____ C:\Windows\SysWOW64\ꄦ⺄
2013-09-17 09:05 - 2011-10-04 21:44 - 00000000 ___RD C:\Users\renate\Dropbox
2013-09-17 09:05 - 2011-10-04 20:59 - 00000000 ____D C:\Users\renate\AppData\Roaming\Dropbox
2013-09-17 09:04 - 2012-04-22 17:56 - 00033660 _____ C:\Windows\setupact.log
2013-09-16 21:42 - 2011-08-14 19:15 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-09-16 21:42 - 2011-08-14 19:15 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-09-16 21:42 - 2009-07-14 07:13 - 01522286 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 20:41 - 2013-09-16 20:41 - 00000000 ____D C:\Users\renate\AppData\Local\{B9C3B84D-BF6F-4C19-AC1F-CC0FD4A5201A}
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:31 - 2013-09-06 15:12 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-16 20:31 - 2011-12-18 08:55 - 00000000 ____D C:\Windows\Minidump
2013-09-16 20:29 - 2012-02-08 11:08 - 00430592 ___SH C:\Users\renate\Desktop\Thumbs.db
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:17 - 2013-09-06 15:18 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 19:59 - 2009-07-14 06:45 - 04860120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 10:46 - 2011-09-18 12:07 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-16 10:46 - 2011-09-18 12:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-16 10:39 - 2011-10-20 06:34 - 00000000 ____D C:\Users\renate\Documents\inab_Sozpäd
2013-09-12 19:30 - 2013-09-12 19:30 - 00000000 ____D C:\Users\renate\AppData\Local\{D9D9E680-A699-4CAA-88E5-C6C5DBC6646B}
2013-09-12 00:46 - 2011-09-18 12:08 - 00000000 ____D C:\Users\renate\AppData\Roaming\SoftGrid Client
2013-09-11 21:59 - 2013-01-09 21:01 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-10 07:15 - 2013-09-10 07:14 - 00000000 ____D C:\Users\renate\AppData\Local\{A5217BE1-BC1A-4762-B721-AD153B5802CC}
2013-09-08 18:04 - 2012-09-28 09:07 - 00000000 ____D C:\Users\renate\Desktop\Jobs Bewerben
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-08 13:54 - 2013-09-08 13:54 - 00000000 ____D C:\Users\renate\AppData\Local\{DC04ACC5-FB9D-4BA1-B6AD-E164D0055762}
2013-09-06 18:27 - 2011-10-15 13:32 - 00000000 ____D C:\Users\renate\Documents\Telefon
2013-09-06 16:56 - 2013-09-06 16:56 - 00000000 ____D C:\Users\renate\AppData\Local\{6CDB49FC-B7EA-4D30-8B85-3E926A64F902}
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-06 15:12 - 2012-04-22 17:56 - 00108400 _____ C:\Windows\PFRO.log
2013-09-06 14:56 - 2013-05-07 17:25 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 14:56 - 2013-04-12 19:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 14:56 - 2013-04-12 19:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 14:53 - 2011-11-10 21:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 14:52 - 2011-09-18 11:12 - 00000000 ____D C:\Users\renate
2013-09-06 14:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 14:50 - 2011-09-18 11:29 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-06 14:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-06 14:21 - 2013-09-06 14:21 - 00000000 ____D C:\Users\renate\AppData\Local\{E2508246-4432-46D1-B275-A378628358E5}
2013-09-04 23:32 - 2011-09-26 22:08 - 00000000 ____D C:\Users\renate\Documents\Luise
2013-09-04 13:30 - 2013-09-04 13:30 - 00000000 ____D C:\Users\renate\AppData\Local\{E6A84E10-A50F-4BB3-BE36-23E732F19AF0}
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-09-03 07:35 - 2011-11-10 21:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 16:30 - 2013-08-30 16:30 - 00000000 ____D C:\Users\renate\AppData\Local\{705F57CF-BB9C-4CC9-BDE6-F6DD24710F1F}
2013-08-30 06:51 - 2011-09-18 11:29 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job
2013-08-29 20:23 - 2013-08-29 20:23 - 00000000 ____D C:\Users\renate\AppData\Local\{FA603BD7-EAB3-4D29-9FAF-E3FB069ED12E}
2013-08-28 22:03 - 2013-08-28 22:02 - 00000000 ____D C:\Users\renate\AppData\Local\{3BE85FB4-C677-4804-B0E4-7AC10603ACC1}
2013-08-27 21:41 - 2013-08-27 21:41 - 00000000 ____D C:\Users\renate\AppData\Local\{0A5A1D7A-1824-4488-A104-4853A7E92AF6}
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-26 21:17 - 2013-08-26 21:17 - 00000000 ____D C:\Users\renate\AppData\Local\{658874E5-2C61-4250-A494-494246623C9F}
2013-08-25 20:12 - 2011-12-07 23:25 - 00000000 ____D C:\Users\renate\Documents\Lebenshaltung
2013-08-25 20:05 - 2013-08-25 20:04 - 00000000 ____D C:\Users\renate\AppData\Local\{888665C9-83A5-494B-B315-5CDE3F41BAEF}
2013-08-25 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 12:04 - 2011-12-14 16:18 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-08-24 12:04 - 2011-09-20 19:09 - 00000000 ____D C:\Program Files (x86)\AAVUpdateManager
2013-08-24 12:03 - 2011-10-04 21:44 - 00001148 _____ C:\Users\renate\Desktop\Dropbox.lnk
2013-08-24 11:51 - 2011-09-18 11:29 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job
2013-08-24 11:48 - 2013-04-29 13:01 - 00000000 ____D C:\Users\renate\AppData\Roaming\stepnova
2013-08-24 11:48 - 2012-11-16 14:40 - 00000000 ____D C:\ProgramData\stepnova
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-24 11:26 - 2013-08-24 11:26 - 00000000 ____D C:\Users\renate\AppData\Local\{45480BCD-8FA4-480B-A71E-212DF79FEAA2}
2013-08-23 17:34 - 2013-08-23 17:34 - 00000000 ____D C:\Users\renate\AppData\Local\{65160940-4F20-43F1-BFBB-96BC3D8BE926}
2013-08-22 20:02 - 2013-08-22 20:02 - 00000000 ____D C:\Users\renate\AppData\Local\{CEB9CD81-4D63-4791-BE9B-8D4880358BE4}
2013-08-22 08:02 - 2013-08-22 08:02 - 00000000 ____D C:\Users\renate\AppData\Local\{D4F4D673-ABDC-4ED1-8B67-8A0C7984795F}
2013-08-20 19:47 - 2013-08-20 19:47 - 00000000 ____D C:\Users\renate\AppData\Local\{86161903-FF88-4313-AE88-F20B7D40F4DB}

Some content of TEMP:
====================
C:\Users\renate\AppData\Local\Temp\run.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 07:27

==================== End Of Log ============================

--- --- ---

--- --- ---
__________________
Hier nun der Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by renate at 2013-09-17 09:28:14
Running from C:\Users\renate\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

AAVUpdateManager (x32 Version: 15.00.0000)
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3007)
Acer eRecovery Management (x32 Version: 5.00.3502)
Acer Registration (x32 Version: 1.04.3502)
Acer ScreenSaver (x32 Version: 1.1.0517.2011)
Acer Updater (x32 Version: 1.02.3502)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.34)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Allway Sync version 11.2.0 (x32)
Amazon MP3-Downloader 1.0.9 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Backup Manager V3 (x32 Version: 3.0.0.99)
BILD-Steuer 2011 (x32 Version: 16.17)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Control ActiveX del Windows Live Mesh per a connexions remotes (x32 Version: 15.4.5722.2)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.4)
dradio-Recorder Version 3.02.5 (x32)
Dropbox (HKCU Version: 2.0.22)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
FLV Player (HKCU Version: 1.0)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.018)
Identity Card (x32 Version: 1.00.3501)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 4 (x32 Version: 7.0.40)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Launch Manager (x32 Version: 5.1.7)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (x32 Version: 4.0.14.25)
MyWinLocker Suite (x32 Version: 4.0.14.15)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455)
NTI Media Maker 9 (x32 Version: 9.0.2.8942)
NVIDIA Grafiktreiber 268.00 (Version: 268.00)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA Systemsteuerung 268.00 (Version: 268.00)
NVIDIA Update Components (Version: 1.0.21)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
posterXXL.de Bestellsoftware 4.80 (x32)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6339)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.0 (x32 Version: 6.0.126)
SRWare Iron Version SRWare Iron 18.0.1050.0 (x32 Version: SRWare Iron 18.0.1050.0)
stepnova (x32 Version: 1.73)
Steuer 2011 (x32 Version: 19.00.7304)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (x32 Version: 15.4.5722.2)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points =========================

24-08-2013 15:28:44 Windows Update
03-09-2013 05:34:55 Geplanter Prüfpunkt
06-09-2013 12:48:18 Wiederherstellungsvorgang
16-09-2013 08:38:52 Windows Modules Installer
16-09-2013 08:41:38 Windows Modules Installer
16-09-2013 18:21:35 Wiederherstellungsvorgang
16-09-2013 19:40:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {05E1DB76-5C53-421B-9A18-A3298552D17D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17] (Sun Microsystems, Inc.)
Task: {44936412-2A7C-40F8-98BF-3411A5600E5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10] (Google Inc.)
Task: {458AB207-03C5-4971-9369-EAF2E48477A9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {4E48AC0D-4F0B-4BA0-901F-9163F2A3D5C5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {4F4C0E16-5382-4482-B636-0C926D906540} - \EPUpdater No Task File
Task: {578BBC14-A784-41FC-BDA9-FDFBC5CDE70F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {58B5B303-E79C-43CF-8F61-4A059BB35A4D} - System32\Tasks\AdobeAAMUpdater-1.0-renate-laptop-renate => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {60384FE9-2AE4-467D-A57B-3582977F0FA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core => C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {84EC1F3F-4D48-4429-92AB-0F5FEEC18E0A} - System32\Tasks\Google Updater and Installer => C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {8690F0A6-C24F-4748-936F-2EA5032F0FA0} - \Scheduled Update for Ask Toolbar No Task File
Task: {8E29B8DB-30F8-4D52-AFC7-D1F6B9B04B28} - System32\Tasks\{1ADDB310-1A33-439D-9544-BB90BB4B69F7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116.259/de/eula?source=lightinstaller
Task: {9319910B-9D29-4C95-8A3E-C49D142CE715} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA => C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {97CE565F-CE0E-4ED6-B9B3-394A3222E559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10] (Google Inc.)
Task: {9D7F55E4-7E28-4B56-A48E-4153E8F3F628} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {A315671E-1C54-4519-A8CD-ED1F345B932E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AF54A545-A211-4A0C-BAED-E67C6C8DE77F} - \BrowserProtect No Task File
Task: {B3B69D2B-9826-4CBA-BA18-4950119FBD47} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-09-03] (Adobe Systems Incorporated)
Task: {CD4AB44A-2725-45E5-A89D-A7708A18A742} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {D49624A3-1E79-46C2-BDCF-7635AEF34D9A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job => C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job => C:\Users\renate\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe

==================== Loaded Modules (whitelisted) =============

2011-08-14 09:26 - 2011-03-31 00:05 - 00226920 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm
2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-03-31 06:54 - 2011-03-31 06:54 - 00061032 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2011-07-22 06:54 - 2011-06-10 19:45 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-07-22 06:54 - 2011-06-10 19:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-14 09:26 - 2011-03-31 00:05 - 02206824 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-07-13 11:46 - 2013-07-13 11:46 - 00853896 ____T (Google Inc.) C:\Users\renate\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
2011-07-22 06:47 - 2011-07-22 06:47 - 06378144 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\renate\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\renate\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\renate\AppData\Roaming\Dropbox\bin\icudt.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00078656 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookDispatch.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00062784 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\LUInterface.dll
2011-04-24 03:30 - 2011-04-24 03:30 - 00022848 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\MUI\0407\lang.dll
2013-09-08 13:52 - 2013-09-02 22:34 - 47074256 _____ (Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 09962960 _____ (The ICU Project) C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-09-08 13:53 - 2013-09-02 20:46 - 00081768 _____ (Microsoft Corporation) C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\xinput1_3.dll
2013-09-08 13:52 - 2013-09-02 20:46 - 03231688 _____ (Microsoft Corporation) C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 00709584 _____ () C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 00099792 _____ () C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 04053456 _____ () C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 00410576 _____ () C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-08 13:53 - 2013-09-02 22:35 - 02110928 _____ (Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-08 13:52 - 2013-09-02 22:35 - 01604560 _____ () C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2013 09:06:25 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/17/2013 09:05:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:32:35 PM) (Source: System Restore) (User: )
Description: Die Systemwiederherstellung wurde wegen eines Stromausfalls oder eines Programmfehlers unerwartet beendet. Zusätzliche Informationen: (Windows Update).

Error: (09/16/2013 08:32:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:28:53 PM) (Source: System Restore) (User: )
Description: Die Systemwiederherstellung wurde wegen eines Stromausfalls oder eines Programmfehlers unerwartet beendet. Zusätzliche Informationen: (Windows Update).

Error: (09/16/2013 08:25:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:24:50 PM) (Source: System Restore) (User: )
Description: Die Systemwiederherstellung wurde wegen eines Stromausfalls oder eines Programmfehlers unerwartet beendet. Zusätzliche Informationen: (Windows Update).

Error: (09/16/2013 08:00:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 10:38:16 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (09/16/2013 10:37:25 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

System errors:
=============
Error: (09/17/2013 09:07:04 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (09/16/2013 09:41:14 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/16/2013 08:34:13 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (09/16/2013 08:31:31 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8009ea08a0, 0xfffffa8009ea0b80, 0xfffff8000278c0d0)C:\Windows\MEMORY.DMP091613-30544-01

Error: (09/16/2013 08:29:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/16/2013 08:29:03 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/16/2013 08:28:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/16/2013 08:28:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/16/2013 08:28:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/16/2013 08:28:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Microsoft Office Sessions:
=========================
Error: (09/17/2013 09:06:25 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/17/2013 09:05:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:32:35 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (09/16/2013 08:32:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:28:53 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (09/16/2013 08:25:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:24:50 PM) (Source: System Restore)(User: )
Description: Windows Update

Error: (09/16/2013 08:00:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 10:38:16 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (09/16/2013 10:37:25 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8043.86 MB
Available physical RAM: 5760.02 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13631.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:302 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5DA502A6)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich hoffe du kannst mir weiter helfen!!
Danke schön

schrauber · 17.09.2013, 15:20

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ahnungs-los · 17.09.2013, 18:33

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören

Dumme Frage:
Auch die Windows - Firewall für öffentliche Netzwerke?

Habe mein Gehirn wieder eingeschaltet und den Leitfaden gefunden.
Sorry

Hallo schrauber,
habe combofix wie angegeben initialisiert.
Bin nach dem Leitfaden vorgegangen und habe Windows -Firewall deaktiviert. Ebenso den Echtzeitscanner von avira. Combofix gestartet.

Combofix zeigte an, dass Avira Desktop noch aktiv.

2. Versuch desktop zu deaktivieren. Expertenmodus nicht gefunden.
Combofix zeigte an, dass er trotz aktiven avira desktop die Suche straten würde

Da ich avira partout nicht deaktivieren konnte, habe ich avira deinstalliert.

Combofix konnte ich nicht unterbrechenund es startete seinen Lauf mit folgendem Ergebnis:

Code:

ATTFilter

ComboFix 13-09-17.01 - renate 17.09.2013  18:56:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.6333 [GMT 2:00]
ausgeführt von:: c:\users\renate\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\renate\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-17 bis 2013-09-17  ))))))))))))))))))))))))))))))
.
.
2013-09-17 17:00 . 2013-09-17 17:00	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-09-17 17:00 . 2013-09-17 17:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-17 07:26 . 2013-09-17 07:26	--------	d-----w-	C:\FRST
2013-09-16 08:46 . 2013-08-10 06:10	775256	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-09-06 13:18 . 2013-09-16 18:17	--------	d-----w-	C:\AdwCleaner
2013-08-27 19:39 . 2013-08-27 19:39	--------	d-----w-	c:\program files (x86)\Tor
2013-08-24 10:00 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-24 10:00 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-24 10:00 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-24 10:00 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-24 10:00 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-24 10:00 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-24 10:00 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-24 10:00 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-24 10:00 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-24 10:00 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-08-24 09:59 . 2013-07-25 09:25	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-24 09:59 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-08-24 09:58 . 2013-07-09 05:51	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-24 09:58 . 2013-07-09 04:52	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-08-24 09:58 . 2013-06-15 04:32	39936	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-24 09:58 . 2013-07-06 06:03	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 01:48 . 2013-09-12 17:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-26 17:21 . 2013-06-26 17:21	23208	----a-w-	c:\windows\system32\drivers\Sftvollh.sys
2013-06-26 17:21 . 2013-06-26 17:21	28840	----a-w-	c:\windows\system32\drivers\Sftredirlh.sys
2013-06-26 17:21 . 2013-06-26 17:21	273576	----a-w-	c:\windows\system32\drivers\Sftplaylh.sys
2013-06-26 17:21 . 2013-06-26 17:21	1777320	----a-w-	c:\windows\system32\sftldr.dll
2013-06-26 17:21 . 2013-06-26 17:21	1130664	----a-w-	c:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 17:21 . 2013-06-26 17:21	767144	----a-w-	c:\windows\system32\drivers\Sftfslh.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-03-15 41472]
"FLV Player"="c:\users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" [2012-10-26 202752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe;c:\program files (x86)\AAVUpdateManager\aavus.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 19:12]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 19:12]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job
- c:\users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:29]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job
- c:\users\renate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:29]
.
2013-09-08 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
- c:\program files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29 11:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\renate\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-17  19:03:46
ComboFix-quarantined-files.txt  2013-09-17 17:03
.
Vor Suchlauf: 11 Verzeichnis(se), 324.648.034.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 324.776.853.504 Bytes frei
.
- - End Of File - - B85CB96B2C59FB72A40418E5AE09DCEB

Nach dem Suchlauf habe ich avira neuinstalliert.

Ich hoffe, dass ich das Richtige gemacht habe.

Vielen Dank für deine Tipps

schrauber · 17.09.2013, 20:20

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Ahnungs-los · 17.09.2013, 23:40

Teil 1)
ich bin wie oben beschrieben vorgegangen:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
renate :: RENATE-LAPTOP [Administrator]

Schutz: Aktiviert

17.09.2013 21:48:42
mbam-log-2013-09-17 (21-48-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230881
Laufzeit: 4 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann Adwcleaner:

Code:

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 17/09/2013 um 21:58:41
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : renate - RENATE-LAPTOP
# Gestartet von : C:\Users\renate\Downloads\adwcleaner004.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ Datei : C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22802 octets] - [06/09/2013 15:18:47]
AdwCleaner[R1].txt - [1130 octets] - [16/09/2013 20:16:51]
AdwCleaner[R2].txt - [1285 octets] - [17/09/2013 21:56:20]
AdwCleaner[S0].txt - [21876 octets] - [06/09/2013 15:19:55]
AdwCleaner[S1].txt - [1104 octets] - [17/09/2013 21:58:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1164 octets] ##########

Beim Download von JRT ist mir ein Fehler passiert:

Ich habe einen Image Converter heruntergeladen und installiert.

Wie dumm kann man nur sein! Es ging eine Feuerwerk an Warnungen los!!!!!!!!!

Ahnungs-los · 17.09.2013, 23:57

Teil 2

Avira meldete: adware/installCore.Gen - in Quaratäne entfernt

anschließend

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
renate :: RENATE-LAPTOP [Administrator]

Schutz: Aktiviert

17.09.2013 22:32:57
mbam-log-2013-09-17 (22-32-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230679
Laufzeit: 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files (x86)\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> 5096 -> Löschen bei Neustart.
C:\Users\renate\AppData\Local\DProtect\DProtectSvc.exe (PUP.Optional.DProtect) -> 4452 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Users\renate\AppData\Local\DProtect\eBP.dll (PUP.Optional.DProtect) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 13
HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{2316c625-b487-4410-a1a5-ff040b65245f} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{d8caf2df-52d3-42cf-9ddb-f4ff828db4f8} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\DPService (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DProtect (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0W0U -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\WebConnect|iid (PUP.Optional.WebConnect.A) -> Daten: def_WebConnect -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\DPService|ImagePath (PUP.Optional.DProtect) -> Daten: C:\Users\renate\AppData\Local\DProtect\DProtectSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 5
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.DProtect) -> Bösartig: (C:\Users\renate\AppData\Local\DProtect\eBP.dll) Gut: () -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448552) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448552) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448552) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448552) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\WebConnect (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\Users\renate\AppData\Local\DProtect (PUP.Optional.DProtect) -> Löschen bei Neustart.
C:\Users\renate\AppData\Local\DProtect\log (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\Program Files (x86)\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\Program Files (x86)\WebConnect\WebConnectBHO.dll (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\Temp\eIntaller\7C425C133C2A42bf8A3AEB225D005C87\eXQ.exe (PUP.Optional.DProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\Temp\is357113909\364125_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\Temp\is357113909\364288_stp\cor_ar_201396184325_qvo6.exe (PUP.Optional.Elex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\Temp\is357113909\364462_stp\WebConnect.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\sqlite3.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\updateWebConnect.InstallState (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\Program Files (x86)\WebConnect\WebConnect.ico (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebConnect\WebConnectUninstall.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\DProtect\config.dat (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\DProtect\DProtectSvc.exe (PUP.Optional.DProtect) -> Löschen bei Neustart.
C:\Users\renate\AppData\Local\DProtect\DPUninstall.exe (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\DProtect\eBP.dll (PUP.Optional.DProtect) -> Löschen bei Neustart.
C:\Users\renate\AppData\Local\DProtect\eGdpSvc.exe (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\renate\AppData\Local\DProtect\log\DProtectSvc.LOG (PUP.Optional.DProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

dann
AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 17/09/2013 um 22:45:54
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : renate - RENATE-LAPTOP
# Gestartet von : C:\Users\renate\Downloads\adwcleaner004.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\renate\AppData\Local\Temp\DProtect
Ordner Gelöscht : C:\Users\renate\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\renate\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\renate\Desktop\Verknüpfungen\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\renate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\renate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Webplayer

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ Datei : C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [22802 octets] - [06/09/2013 15:18:47]
AdwCleaner[R1].txt - [1130 octets] - [16/09/2013 20:16:51]
AdwCleaner[R2].txt - [1285 octets] - [17/09/2013 21:56:20]
AdwCleaner[R3].txt - [5366 octets] - [17/09/2013 22:44:45]
AdwCleaner[S0].txt - [21876 octets] - [06/09/2013 15:19:55]
AdwCleaner[S1].txt - [1244 octets] - [17/09/2013 21:58:41]
AdwCleaner[S2].txt - [3258 octets] - [17/09/2013 22:45:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3318 octets] ##########

JRT im Anhang

Ahnungs-los · 18.09.2013, 00:05

Teil 3

Avira systemprüfung ergibt:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 17. September 2013  23:11
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : RENATE-LAPTOP

Versionsinformationen:
BUILD.DAT      : 13.0.0.4052    55009 Bytes  29.08.2013 17:56:00
AVSCAN.EXE     : 13.6.20.2100   639032 Bytes  17.09.2013 17:15:19
AVSCANRC.DLL   : 13.6.20.2174    63032 Bytes  17.09.2013 17:15:20
LUKE.DLL       : 13.6.20.2174    65080 Bytes  17.09.2013 17:15:33
AVSCPLR.DLL    : 13.6.20.2174    92216 Bytes  17.09.2013 17:15:20
AVREG.DLL      : 13.6.20.2174   250424 Bytes  17.09.2013 17:15:19
avlode.dll     : 13.6.20.2174   497720 Bytes  17.09.2013 17:15:18
avlode.rdf     : 13.0.1.42      26846 Bytes  17.09.2013 17:15:51
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 17:14:43
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 17:14:45
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 17:14:47
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 17:14:49
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 17:14:52
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 17:14:58
VBASE006.VDF   : 7.11.98.187     2048 Bytes  29.08.2013 17:14:58
VBASE007.VDF   : 7.11.98.188     2048 Bytes  29.08.2013 17:14:58
VBASE008.VDF   : 7.11.98.189     2048 Bytes  29.08.2013 17:14:58
VBASE009.VDF   : 7.11.98.190     2048 Bytes  29.08.2013 17:14:58
VBASE010.VDF   : 7.11.98.191     2048 Bytes  29.08.2013 17:14:58
VBASE011.VDF   : 7.11.98.192     2048 Bytes  29.08.2013 17:14:58
VBASE012.VDF   : 7.11.98.193     2048 Bytes  29.08.2013 17:14:58
VBASE013.VDF   : 7.11.99.52    270848 Bytes  30.08.2013 17:14:59
VBASE014.VDF   : 7.11.99.167   210944 Bytes  02.09.2013 17:14:59
VBASE015.VDF   : 7.11.100.3    265216 Bytes  03.09.2013 17:14:59
VBASE016.VDF   : 7.11.100.95   220160 Bytes  04.09.2013 17:15:00
VBASE017.VDF   : 7.11.100.197   143872 Bytes  05.09.2013 17:15:00
VBASE018.VDF   : 7.11.101.11   227840 Bytes  06.09.2013 17:15:00
VBASE019.VDF   : 7.11.101.79   148480 Bytes  07.09.2013 17:15:00
VBASE020.VDF   : 7.11.101.169   305664 Bytes  10.09.2013 17:15:01
VBASE021.VDF   : 7.11.102.9    253440 Bytes  12.09.2013 17:15:01
VBASE022.VDF   : 7.11.102.151   282624 Bytes  15.09.2013 17:15:01
VBASE023.VDF   : 7.11.102.152     2048 Bytes  15.09.2013 17:15:01
VBASE024.VDF   : 7.11.102.153     2048 Bytes  15.09.2013 17:15:01
VBASE025.VDF   : 7.11.102.154     2048 Bytes  15.09.2013 17:15:01
VBASE026.VDF   : 7.11.102.155     2048 Bytes  15.09.2013 17:15:01
VBASE027.VDF   : 7.11.102.156     2048 Bytes  15.09.2013 17:15:01
VBASE028.VDF   : 7.11.102.157     2048 Bytes  15.09.2013 17:15:02
VBASE029.VDF   : 7.11.102.158     2048 Bytes  15.09.2013 17:15:02
VBASE030.VDF   : 7.11.102.159     2048 Bytes  15.09.2013 17:15:02
VBASE031.VDF   : 7.11.102.228   258048 Bytes  17.09.2013 17:15:02
Engineversion  : 8.2.12.120
AEVDF.DLL      : 8.1.3.4       102774 Bytes  17.09.2013 17:15:07
AESCRIPT.DLL   : 8.1.4.148     516478 Bytes  17.09.2013 17:15:07
AESCN.DLL      : 8.1.10.4      131446 Bytes  17.09.2013 17:15:06
AESBX.DLL      : 8.2.16.26    1245560 Bytes  17.09.2013 17:15:07
AERDL.DLL      : 8.2.0.128     688504 Bytes  17.09.2013 17:15:06
AEPACK.DLL     : 8.3.2.28      749945 Bytes  17.09.2013 17:15:06
AEOFFICE.DLL   : 8.1.2.76      205181 Bytes  17.09.2013 17:15:06
AEHEUR.DLL     : 8.1.4.630    6164858 Bytes  17.09.2013 17:15:05
AEHELP.DLL     : 8.1.27.6      266617 Bytes  17.09.2013 17:15:03
AEGEN.DLL      : 8.1.7.14      446839 Bytes  17.09.2013 17:15:03
AEEXP.DLL      : 8.4.1.62      328055 Bytes  17.09.2013 17:15:07
AEEMU.DLL      : 8.1.3.2       393587 Bytes  17.09.2013 17:15:03
AECORE.DLL     : 8.1.32.0      201081 Bytes  17.09.2013 17:15:03
AEBB.DLL       : 8.1.1.4        53619 Bytes  17.09.2013 17:15:03
AVWINLL.DLL    : 13.6.20.2174    23608 Bytes  17.09.2013 17:13:48
AVPREF.DLL     : 13.6.20.2174    48184 Bytes  17.09.2013 17:15:19
AVREP.DLL      : 13.6.20.2174   175672 Bytes  17.09.2013 17:15:19
AVARKT.DLL     : 13.6.20.2174   258104 Bytes  17.09.2013 17:15:13
AVEVTLOG.DLL   : 13.6.20.2174   165432 Bytes  17.09.2013 17:15:15
SQLITE3.DLL    : 3.7.0.1       394824 Bytes  17.09.2013 17:15:42
AVSMTP.DLL     : 13.6.20.2174    60472 Bytes  17.09.2013 17:15:20
NETNT.DLL      : 13.6.20.2174    13368 Bytes  17.09.2013 17:15:36
RCIMAGE.DLL    : 13.6.20.2174  4786744 Bytes  17.09.2013 17:13:49
RCTEXT.DLL     : 13.6.20.2174    68152 Bytes  17.09.2013 17:13:49

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 17. September 2013  23:11

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'tor.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebPlayer.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '176' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '34' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\drivers\beep.sys'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Signiert -> 'C:\Windows\system32\imm32.dll'
Signiert -> 'C:\Windows\system32\dsound.dll'
Signiert -> 'C:\Windows\system32\aclui.dll'
Signiert -> 'C:\Windows\system32\msvcrt.dll'
Signiert -> 'C:\Windows\system32\d3d9.dll'
Signiert -> 'C:\Windows\system32\dnsapi.dll'
Signiert -> 'C:\Windows\system32\mshtml.dll'
Signiert -> 'C:\Windows\system32\regsvr32.exe'
Signiert -> 'C:\Windows\system32\rundll32.exe'
Signiert -> 'C:\Windows\system32\userinit.exe'
Signiert -> 'C:\Windows\system32\reg.exe'
Signiert -> 'C:\Windows\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4005' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert

Beginne mit der Desinfektion:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5490756c.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 18. September 2013  00:24
Benötigte Zeit:  1:12:33 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  27827 Verzeichnisse wurden überprüft
 432014 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 432013 Dateien ohne Befall
  16091 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 803066 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Teil 4

First64:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by renate (administrator) on RENATE-LAPTOP on 18-09-2013 00:30:01
Running from C:\Users\renate\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-03-15] ()
HKCU\...\Run: [FLV Player] - C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-17] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Users\renate\AppData\Local\DProtect\eBP.dll,C:\Users\renate\AppData\Local\DProtect\eBPSD.dll [ ] ()
Startup: C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {610B4AA1-389F-47C5-888F-54CBF6A60F2F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448553&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\renate\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-27] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 22:57 - 2013-09-17 22:57 - 00124539 _____ C:\Users\renate\Desktop\JRT.txt
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:19 - 2013-09-17 22:20 - 01029675 _____ (Thisisu) C:\Users\renate\Desktop\JRT.exe
2013-09-17 22:09 - 2013-09-17 22:09 - 00001234 _____ C:\Users\Public\Desktop\Image Converter.lnk
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 21:36 - 2013-09-17 21:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2013-09-17 19:15 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 18:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 18:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 18:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 18:37 - 2013-09-17 19:03 - 00000000 ____D C:\Qoobox
2013-09-17 18:37 - 2013-09-17 19:02 - 00000000 ____D C:\Windows\erdnt
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:29 - 2013-09-17 22:58 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:25 - 2013-09-17 09:26 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 10:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 10:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 10:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 10:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 10:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:14 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 19:14 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 19:14 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 19:14 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 19:14 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 19:14 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 15:18 - 2013-09-17 22:45 - 00000000 ____D C:\AdwCleaner
2013-09-06 15:12 - 2013-09-16 20:31 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-24 12:00 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 12:00 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-24 12:00 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 12:00 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-24 11:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 11:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-24 11:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 11:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 11:58 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 11:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-17 22:58 - 2013-09-17 09:29 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-17 22:57 - 2013-09-17 22:57 - 00124539 _____ C:\Users\renate\Desktop\JRT.txt
2013-09-17 22:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 22:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:51 - 2011-08-14 09:22 - 01079402 _____ C:\Windows\WindowsUpdate.log
2013-09-17 22:48 - 2011-10-04 21:44 - 00000000 ___RD C:\Users\renate\Dropbox
2013-09-17 22:48 - 2011-10-04 20:59 - 00000000 ____D C:\Users\renate\AppData\Roaming\Dropbox
2013-09-17 22:46 - 2012-04-22 17:56 - 00033940 _____ C:\Windows\setupact.log
2013-09-17 22:45 - 2013-09-06 15:18 - 00000000 ____D C:\AdwCleaner
2013-09-17 22:45 - 2011-09-18 12:22 - 00000000 ___RD C:\Users\renate\Desktop\Verknüpfungen
2013-09-17 22:45 - 2011-09-18 11:29 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-17 22:45 - 2011-09-18 11:15 - 00001001 _____ C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 22:40 - 2012-04-22 17:56 - 00216172 _____ C:\Windows\PFRO.log
2013-09-17 22:20 - 2013-09-17 22:19 - 01029675 _____ (Thisisu) C:\Users\renate\Desktop\JRT.exe
2013-09-17 22:09 - 2013-09-17 22:09 - 00001234 _____ C:\Users\Public\Desktop\Image Converter.lnk
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:37 - 2013-09-17 21:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2011-09-18 11:25 - 00000000 ____D C:\ProgramData\Avira
2013-09-17 19:15 - 2013-09-17 19:16 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 19:03 - 2013-09-17 18:37 - 00000000 ____D C:\Qoobox
2013-09-17 19:02 - 2013-09-17 18:37 - 00000000 ____D C:\Windows\erdnt
2013-09-17 19:02 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 18:18 - 2011-08-14 19:15 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-09-17 18:18 - 2011-08-14 19:15 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-09-17 18:18 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:26 - 2013-09-17 09:25 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:31 - 2013-09-06 15:12 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-16 20:31 - 2011-12-18 08:55 - 00000000 ____D C:\Windows\Minidump
2013-09-16 20:29 - 2012-02-08 11:08 - 00430592 ___SH C:\Users\renate\Desktop\Thumbs.db
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 19:59 - 2009-07-14 06:45 - 04860120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 10:46 - 2011-09-18 12:07 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-16 10:46 - 2011-09-18 12:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-16 10:39 - 2011-10-20 06:34 - 00000000 ____D C:\Users\renate\Documents\inab_Sozpäd
2013-09-12 00:46 - 2011-09-18 12:08 - 00000000 ____D C:\Users\renate\AppData\Roaming\SoftGrid Client
2013-09-11 21:59 - 2013-01-09 21:01 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 18:04 - 2012-09-28 09:07 - 00000000 ____D C:\Users\renate\Desktop\Jobs Bewerben
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 18:27 - 2011-10-15 13:32 - 00000000 ____D C:\Users\renate\Documents\Telefon
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-06 14:53 - 2011-11-10 21:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 14:52 - 2011-09-18 11:12 - 00000000 ____D C:\Users\renate
2013-09-06 14:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 14:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-04 23:32 - 2011-09-26 22:08 - 00000000 ____D C:\Users\renate\Documents\Luise
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-09-03 07:35 - 2011-11-10 21:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 06:51 - 2011-09-18 11:29 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-25 20:12 - 2011-12-07 23:25 - 00000000 ____D C:\Users\renate\Documents\Lebenshaltung
2013-08-25 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 12:04 - 2011-12-14 16:18 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-08-24 12:04 - 2011-09-20 19:09 - 00000000 ____D C:\Program Files (x86)\AAVUpdateManager
2013-08-24 12:03 - 2011-10-04 21:44 - 00001148 _____ C:\Users\renate\Desktop\Dropbox.lnk
2013-08-24 11:51 - 2011-09-18 11:29 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job
2013-08-24 11:48 - 2013-04-29 13:01 - 00000000 ____D C:\Users\renate\AppData\Roaming\stepnova
2013-08-24 11:48 - 2012-11-16 14:40 - 00000000 ____D C:\ProgramData\stepnova
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Some content of TEMP:
====================
C:\Users\renate\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 07:27

==================== End Of Log ============================

--- --- ---

--- --- ---

Was soll ich tun?

Kann ich das mist Programm Image Converter einfach deinstallieren?

Office Starter ist nachwievor verschwunden. Kann ich einen Systemwiederherstellungspunkt wählen zu dem es noch vorhanden war oder geht die Malwaresuche dann wieder von vorne los?

Danke für die Hilfe! und Sorry für die viele Arbeit!
Ich bin hier am Verzweifeln!

schrauber · 18.09.2013, 10:30

Keine Wiederherstellung, zur Not am Schluss Office neu installieren.

Das Teil einfach deinstallieren.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Ahnungs-los · 18.09.2013, 15:13

Programm deinstalliert.

Office Programm wieder da,aber die .doxc haben eine unschönes gelbes Kästchen als Icon und lassen sich nicht mit Doppelklick öffnen, statt dessen Fenster mit den verschiedenen Office Paketen zum Kauf. unschön. verweist das auf irgendeinen Virus!

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7974f0b88565c4190c2f281d9184b2e
# engine=15174
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-18 01:33:52
# local_time=2013-09-18 03:33:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 24542 73205 17320 0
# compatibility_mode=5893 16776574 100 94 73803 131141082 0 0
# scanned=152223
# found=1
# cleaned=0
# scan_time=6000
sh=1ABF2A5F820D2E6C6921E32D5675E940912A383F ft=1 fh=4d12d2e5cb6c6b4d vn="probably a variant of Win32/Agent.CWLHZXT trojan" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1440722069-1539269174-2057662562-1001\$RVN7MBE.exe"

dann Security check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities 2012   
 TuneUp Utilities Language Pack (de-DE) 
 JavaFX 2.1.0    
 Java(TM) 7 Update 4  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und zu guter Letzt
First

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by renate (administrator) on RENATE-LAPTOP on 18-09-2013 16:05:51
Running from C:\Users\renate\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-03-15] ()
HKCU\...\Run: [FLV Player] - C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-17] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Users\renate\AppData\Local\DProtect\eBP.dll,C:\Users\renate\AppData\Local\DProtect\eBPSD.dll [ ] ()
Startup: C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {610B4AA1-389F-47C5-888F-54CBF6A60F2F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448553&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\renate\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-27] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 15:54 - 2013-09-18 15:54 - 00891144 _____ C:\Users\renate\Desktop\SecurityCheck.exe
2013-09-18 14:45 - 2013-09-18 14:45 - 98123923 _____ C:\Windows\SysWOW64\▴銙«
2013-09-18 13:11 - 2013-09-18 13:11 - 00000862 _____ C:\Users\renate\.recently-used.xbel
2013-09-18 13:06 - 2013-09-18 13:06 - 00000100 _____ C:\Users\renate\.gtk-bookmarks
2013-09-18 10:57 - 2013-09-18 10:57 - 00000000 ____D C:\Users\renate\AppData\Local\{4F8A2259-B45F-4113-9A56-90050B77D8B9}
2013-09-18 01:17 - 2013-09-18 01:16 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 21:36 - 2013-09-17 21:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2013-09-17 19:15 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 18:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 18:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 18:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 18:37 - 2013-09-17 19:03 - 00000000 ____D C:\Qoobox
2013-09-17 18:37 - 2013-09-17 19:02 - 00000000 ____D C:\Windows\erdnt
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:29 - 2013-09-18 16:05 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:25 - 2013-09-17 09:26 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 10:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 10:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 10:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 10:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 10:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:14 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 19:14 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 19:14 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 19:14 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 19:14 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 19:14 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 15:18 - 2013-09-17 22:45 - 00000000 ____D C:\AdwCleaner
2013-09-06 15:12 - 2013-09-16 20:31 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-24 12:00 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 12:00 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-24 12:00 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 12:00 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-24 11:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 11:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-24 11:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 11:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 11:58 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 11:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-18 16:05 - 2013-09-17 09:29 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-18 15:54 - 2013-09-18 15:54 - 00891144 _____ C:\Users\renate\Desktop\SecurityCheck.exe
2013-09-18 15:42 - 2011-08-14 09:22 - 01117388 _____ C:\Windows\WindowsUpdate.log
2013-09-18 14:45 - 2013-09-18 14:45 - 98123923 _____ C:\Windows\SysWOW64\▴銙«
2013-09-18 13:36 - 2011-08-14 19:15 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-09-18 13:36 - 2011-08-14 19:15 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-09-18 13:36 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 13:11 - 2013-09-18 13:11 - 00000862 _____ C:\Users\renate\.recently-used.xbel
2013-09-18 13:11 - 2012-02-04 22:26 - 00000000 ____D C:\Users\renate\.gimp-2.6
2013-09-18 13:11 - 2011-09-18 11:12 - 00000000 ____D C:\Users\renate
2013-09-18 13:07 - 2012-02-04 22:28 - 00000000 ____D C:\Users\renate\AppData\Roaming\gtk-2.0
2013-09-18 13:06 - 2013-09-18 13:06 - 00000100 _____ C:\Users\renate\.gtk-bookmarks
2013-09-18 12:19 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 12:19 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 12:13 - 2011-10-04 21:44 - 00000000 ___RD C:\Users\renate\Dropbox
2013-09-18 12:13 - 2011-10-04 20:59 - 00000000 ____D C:\Users\renate\AppData\Roaming\Dropbox
2013-09-18 12:12 - 2012-04-22 17:56 - 00034108 _____ C:\Windows\setupact.log
2013-09-18 11:04 - 2011-09-18 12:08 - 00000000 ____D C:\Users\renate\AppData\Roaming\SoftGrid Client
2013-09-18 10:57 - 2013-09-18 10:57 - 00000000 ____D C:\Users\renate\AppData\Local\{4F8A2259-B45F-4113-9A56-90050B77D8B9}
2013-09-18 02:18 - 2012-04-22 17:56 - 00219054 _____ C:\Windows\PFRO.log
2013-09-18 01:16 - 2013-09-18 01:17 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:45 - 2013-09-06 15:18 - 00000000 ____D C:\AdwCleaner
2013-09-17 22:45 - 2011-09-18 12:22 - 00000000 ___RD C:\Users\renate\Desktop\Verknüpfungen
2013-09-17 22:45 - 2011-09-18 11:29 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-17 22:45 - 2011-09-18 11:15 - 00001001 _____ C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:37 - 2013-09-17 21:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2011-09-18 11:25 - 00000000 ____D C:\ProgramData\Avira
2013-09-17 19:15 - 2013-09-17 19:16 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 19:03 - 2013-09-17 18:37 - 00000000 ____D C:\Qoobox
2013-09-17 19:02 - 2013-09-17 18:37 - 00000000 ____D C:\Windows\erdnt
2013-09-17 19:02 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:26 - 2013-09-17 09:25 - 01950524 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:31 - 2013-09-06 15:12 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-16 20:31 - 2011-12-18 08:55 - 00000000 ____D C:\Windows\Minidump
2013-09-16 20:29 - 2012-02-08 11:08 - 00430592 ___SH C:\Users\renate\Desktop\Thumbs.db
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 19:59 - 2009-07-14 06:45 - 04860120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 10:46 - 2011-09-18 12:07 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-16 10:46 - 2011-09-18 12:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-16 10:39 - 2011-10-20 06:34 - 00000000 ____D C:\Users\renate\Documents\inab_Sozpäd
2013-09-11 21:59 - 2013-01-09 21:01 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 18:04 - 2012-09-28 09:07 - 00000000 ____D C:\Users\renate\Desktop\Jobs Bewerben
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 18:27 - 2011-10-15 13:32 - 00000000 ____D C:\Users\renate\Documents\Telefon
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-06 14:53 - 2011-11-10 21:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 14:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 14:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-04 23:32 - 2011-09-26 22:08 - 00000000 ____D C:\Users\renate\Documents\Luise
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-09-03 07:35 - 2011-11-10 21:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 06:51 - 2011-09-18 11:29 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-25 20:12 - 2011-12-07 23:25 - 00000000 ____D C:\Users\renate\Documents\Lebenshaltung
2013-08-25 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 12:04 - 2011-12-14 16:18 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-08-24 12:04 - 2011-09-20 19:09 - 00000000 ____D C:\Program Files (x86)\AAVUpdateManager
2013-08-24 12:03 - 2011-10-04 21:44 - 00001148 _____ C:\Users\renate\Desktop\Dropbox.lnk
2013-08-24 11:51 - 2011-09-18 11:29 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job
2013-08-24 11:48 - 2013-04-29 13:01 - 00000000 ____D C:\Users\renate\AppData\Roaming\stepnova
2013-08-24 11:48 - 2012-11-16 14:40 - 00000000 ____D C:\ProgramData\stepnova
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Some content of TEMP:
====================
C:\Users\renate\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 07:27

==================== End Of Log ============================

--- --- ---

Bin ich jetzt bitte durch mit den Problemen??
Gruß Ahnungs-los

schrauber · 18.09.2013, 19:52

Java, Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$RECYCLE.BIN

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

Ahnungs-los · 18.09.2013, 23:52

Java, Flash und Adobe von chip und adobe download und installation.

fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by renate at 2013-09-18 23:01:08 Run:1
Running from C:\Users\renate\Desktop\FakeTrojaner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
*****************

C:\$RECYCLE.BIN => Moved successfully.

==== End of Fixlog ====

Windows Repair (All In One) v1.9.18

ist in starts repair nicht mehr in unterschiedliche Modi unterschieden,insofern weißich nicht ob es der Advanced Modus war.

Im folgenden waren mehr Häkchenmöglichkeiten. ich habe sie nach deinem Vorschlag gesetzt.

und gestartet.
Nachdem Abschluss
war der Windows Defender deaktiviert. Soll das so? Wenn ich aktivieren drücke werde ich stets zum System32 - Ordner geleitet und dann?

Problemberichterstattung meldet 3 nicht behobene Probleme - Lösungen gibt es für zwei von denen zur Zeit nicht. das dritte scheint ein Problem zu bleiben.

Die gelben Kästchen bleiben als icons- sowohl von alten wie neu gespeicherten .doxc und .xlsx Dateien. sie lassen sich nunmehr per rechtem Mausklick über Microsoft Office client Virtualization Handler öffnen. Das ist doch schon mal was!

Muss ich mich nun daran gewöhnen? oder gibt hast du noch einen Tipp?

Habe 1000 Dank. Die Kiste läuft jetzt viel schneller.
Gruß Ahnungs-los

schrauber · 19.09.2013, 16:15

Poste mal ein frisches FRST log bitte.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Ahnungs-los · 20.09.2013, 01:48

First:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by renate (administrator) on RENATE-LAPTOP on 20-09-2013 02:41:39
Running from C:\Users\renate\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(Dropbox, Inc.) C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Users\renate\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-03-15] ()
HKCU\...\Run: [FLV Player] - C:\Users\renate\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Users\renate\AppData\Local\DProtect\eBP.dll,C:\Users\renate\AppData\Local\DProtect\eBPSD.dll [ ] ()
Startup: C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\renate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {610B4AA1-389F-47C5-888F-54CBF6A60F2F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {610B4AA1-389F-47C5-888F-54CBF6A60F2F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000BPVT-22HXZT1_WD-WXA1A61Y1381Y1381&ts=1379448553&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\renate\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\renate\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-27] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-20 02:41 - 2013-09-20 02:41 - 01950622 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-20 02:35 - 2013-09-20 02:35 - 00358923 _____ (Farbar) C:\Users\renate\Downloads\FSS.exe
2013-09-20 02:31 - 2013-09-20 02:31 - 98428185 _____ C:\Windows\SysWOW64\ኄ韁]
2013-09-18 23:49 - 2013-09-19 00:02 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-18 23:18 - 2013-09-18 23:18 - 00003288 ____N C:\bootsqm.dat
2013-09-18 23:11 - 2013-09-18 23:11 - 00002127 _____ C:\Users\renate\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-09-18 23:09 - 2013-09-18 23:10 - 05369204 _____ C:\Users\renate\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-09-18 22:44 - 2013-09-18 22:44 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-18 22:39 - 2013-09-18 22:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-18 22:39 - 2013-09-18 22:39 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-18 22:37 - 2013-09-18 22:37 - 01069288 _____ (Solid State Networks) C:\Users\renate\Downloads\install_flashplayer11x32_mssa_aaa_aih (1).exe
2013-09-18 22:26 - 2013-09-18 22:26 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00000000 ____D C:\Program Files\Java
2013-09-18 22:25 - 2013-09-18 22:25 - 00000000 ____D C:\ProgramData\Oracle
2013-09-18 22:24 - 2013-09-18 22:24 - 30669224 _____ (Oracle Corporation) C:\Users\renate\Downloads\jre-7u40-windows-x64.exe
2013-09-18 15:54 - 2013-09-18 15:54 - 00891144 _____ C:\Users\renate\Desktop\SecurityCheck.exe
2013-09-18 13:11 - 2013-09-18 13:11 - 00000862 _____ C:\Users\renate\.recently-used.xbel
2013-09-18 13:06 - 2013-09-18 13:06 - 00000100 _____ C:\Users\renate\.gtk-bookmarks
2013-09-18 10:57 - 2013-09-18 10:57 - 00000000 ____D C:\Users\renate\AppData\Local\{4F8A2259-B45F-4113-9A56-90050B77D8B9}
2013-09-18 01:17 - 2013-09-18 01:16 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 21:36 - 2013-09-17 21:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2013-09-17 19:15 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:16 - 2013-09-17 19:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 18:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 18:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 18:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 18:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 18:37 - 2013-09-17 19:03 - 00000000 ____D C:\Qoobox
2013-09-17 18:37 - 2013-09-17 19:02 - 00000000 ____D C:\Windows\erdnt
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:29 - 2013-09-20 02:40 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 10:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 10:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 10:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 10:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 10:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 10:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 10:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 10:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 10:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 10:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 10:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 10:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:14 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 19:14 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 19:14 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 19:14 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 19:14 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 19:14 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 19:14 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 19:14 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 19:14 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 19:14 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 19:14 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 19:14 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 19:14 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 19:14 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 19:14 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 19:14 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 15:18 - 2013-09-17 22:45 - 00000000 ____D C:\AdwCleaner
2013-09-06 15:12 - 2013-09-16 20:31 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-24 12:00 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 12:00 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-24 12:00 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 12:00 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-24 12:00 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-24 11:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 11:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-24 11:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 11:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 11:58 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 11:58 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-20 02:41 - 2013-09-20 02:41 - 01950622 _____ (Farbar) C:\Users\renate\Downloads\FRST64.exe
2013-09-20 02:40 - 2013-09-17 09:29 - 00000000 ____D C:\Users\renate\Desktop\FakeTrojaner
2013-09-20 02:39 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 02:39 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 02:35 - 2013-09-20 02:35 - 00358923 _____ (Farbar) C:\Users\renate\Downloads\FSS.exe
2013-09-20 02:35 - 2011-11-10 21:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 02:34 - 2011-08-14 19:15 - 00640990 _____ C:\Windows\system32\perfh007.dat
2013-09-20 02:34 - 2011-08-14 19:15 - 00126264 _____ C:\Windows\system32\perfc007.dat
2013-09-20 02:34 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 02:32 - 2011-10-04 21:44 - 00000000 ___RD C:\Users\renate\Dropbox
2013-09-20 02:32 - 2011-10-04 20:59 - 00000000 ____D C:\Users\renate\AppData\Roaming\Dropbox
2013-09-20 02:31 - 2013-09-20 02:31 - 98428185 _____ C:\Windows\SysWOW64\ኄ韁]
2013-09-20 02:30 - 2012-04-22 17:56 - 00034388 _____ C:\Windows\setupact.log
2013-09-20 02:30 - 2011-11-10 21:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-20 02:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 08:10 - 2011-08-14 09:22 - 01276439 _____ C:\Windows\WindowsUpdate.log
2013-09-19 01:37 - 2011-09-18 12:08 - 00000000 ____D C:\Users\renate\AppData\Roaming\SoftGrid Client
2013-09-19 00:51 - 2011-09-18 11:29 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001UA.job
2013-09-19 00:04 - 2009-07-14 06:45 - 04860120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-19 00:03 - 2012-04-22 17:56 - 00222252 _____ C:\Windows\PFRO.log
2013-09-19 00:02 - 2013-09-18 23:49 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-19 00:02 - 2009-07-14 04:34 - 00000471 _____ C:\Windows\win.ini
2013-09-18 23:18 - 2013-09-18 23:18 - 00003288 ____N C:\bootsqm.dat
2013-09-18 23:11 - 2013-09-18 23:11 - 00002127 _____ C:\Users\renate\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-09-18 23:10 - 2013-09-18 23:09 - 05369204 _____ C:\Users\renate\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-09-18 22:45 - 2011-09-18 17:25 - 00000000 ____D C:\Users\renate\AppData\Local\Adobe
2013-09-18 22:44 - 2013-09-18 22:44 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-18 22:44 - 2011-07-22 06:46 - 00000000 ____D C:\ProgramData\Adobe
2013-09-18 22:43 - 2011-07-22 06:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-18 22:39 - 2013-09-18 22:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-18 22:39 - 2013-09-18 22:39 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-18 22:39 - 2011-07-22 06:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 22:39 - 2011-07-22 06:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-18 22:37 - 2013-09-18 22:37 - 01069288 _____ (Solid State Networks) C:\Users\renate\Downloads\install_flashplayer11x32_mssa_aaa_aih (1).exe
2013-09-18 22:26 - 2013-09-18 22:26 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-18 22:26 - 2013-09-18 22:26 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-18 22:26 - 2013-09-18 22:26 - 00000000 ____D C:\Program Files\Java
2013-09-18 22:25 - 2013-09-18 22:25 - 00000000 ____D C:\ProgramData\Oracle
2013-09-18 22:24 - 2013-09-18 22:24 - 30669224 _____ (Oracle Corporation) C:\Users\renate\Downloads\jre-7u40-windows-x64.exe
2013-09-18 15:54 - 2013-09-18 15:54 - 00891144 _____ C:\Users\renate\Desktop\SecurityCheck.exe
2013-09-18 13:11 - 2013-09-18 13:11 - 00000862 _____ C:\Users\renate\.recently-used.xbel
2013-09-18 13:11 - 2012-02-04 22:26 - 00000000 ____D C:\Users\renate\.gimp-2.6
2013-09-18 13:11 - 2011-09-18 11:12 - 00000000 ____D C:\Users\renate
2013-09-18 13:07 - 2012-02-04 22:28 - 00000000 ____D C:\Users\renate\AppData\Roaming\gtk-2.0
2013-09-18 13:06 - 2013-09-18 13:06 - 00000100 _____ C:\Users\renate\.gtk-bookmarks
2013-09-18 10:57 - 2013-09-18 10:57 - 00000000 ____D C:\Users\renate\AppData\Local\{4F8A2259-B45F-4113-9A56-90050B77D8B9}
2013-09-18 01:16 - 2013-09-18 01:17 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:53 - 2013-09-17 22:53 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 22:45 - 2013-09-06 15:18 - 00000000 ____D C:\AdwCleaner
2013-09-17 22:45 - 2011-09-18 12:22 - 00000000 ___RD C:\Users\renate\Desktop\Verknüpfungen
2013-09-17 22:45 - 2011-09-18 11:29 - 00000000 ____D C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-17 22:45 - 2011-09-18 11:15 - 00001001 _____ C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 22:09 - 2013-09-17 22:09 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Users\renate\AppData\Roaming\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 21:47 - 2013-09-17 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 21:37 - 2013-09-17 21:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\renate\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 19:21 - 2013-09-17 19:21 - 00000000 ____D C:\Users\renate\AppData\Roaming\Avira
2013-09-17 19:16 - 2013-09-17 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-17 19:16 - 2011-09-18 11:25 - 00000000 ____D C:\ProgramData\Avira
2013-09-17 19:15 - 2013-09-17 19:16 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 19:15 - 2013-09-17 19:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-17 19:06 - 2013-09-17 19:06 - 02092792 _____ C:\Users\renate\Downloads\avira_free_antivirus.exe
2013-09-17 19:03 - 2013-09-17 19:03 - 00021706 _____ C:\ComboFix.txt
2013-09-17 19:03 - 2013-09-17 18:37 - 00000000 ____D C:\Qoobox
2013-09-17 19:02 - 2013-09-17 18:37 - 00000000 ____D C:\Windows\erdnt
2013-09-17 19:02 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 ____R (Swearware) C:\Users\renate\Desktop\ComboFix.exe
2013-09-17 17:31 - 2013-09-17 17:31 - 05128653 _____ (Swearware) C:\Users\renate\Downloads\ComboFix (1).exe
2013-09-17 09:28 - 2013-09-17 09:28 - 00029422 _____ C:\Users\renate\Downloads\Addition.txt
2013-09-17 09:26 - 2013-09-17 09:26 - 00000000 ____D C:\FRST
2013-09-17 09:23 - 2013-09-17 09:23 - 01333552 _____ (iMesh Inc) C:\Users\renate\Downloads\iMeshSetup-r1487-w-bc (1).exe
2013-09-16 20:31 - 2013-09-16 20:31 - 00271728 _____ C:\Windows\Minidump\091613-30544-01.dmp
2013-09-16 20:31 - 2013-09-06 15:12 - 446096759 _____ C:\Windows\MEMORY.DMP
2013-09-16 20:31 - 2011-12-18 08:55 - 00000000 ____D C:\Windows\Minidump
2013-09-16 20:29 - 2012-02-08 11:08 - 00430592 ___SH C:\Users\renate\Desktop\Thumbs.db
2013-09-16 20:28 - 2013-09-16 20:28 - 00262144 _____ C:\Windows\Minidump\091613-30747-01.dmp
2013-09-16 20:24 - 2013-09-16 20:24 - 00262144 _____ C:\Windows\Minidump\091613-40622-01.dmp
2013-09-16 20:16 - 2013-09-16 20:16 - 01039554 _____ C:\Users\renate\Downloads\adwcleaner004.exe
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 20:01 - 2011-09-18 11:15 - 00000000 ___RD C:\Users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 10:46 - 2011-09-18 12:07 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-16 10:46 - 2011-09-18 12:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-16 10:39 - 2011-10-20 06:34 - 00000000 ____D C:\Users\renate\Documents\inab_Sozpäd
2013-09-08 18:04 - 2012-09-28 09:07 - 00000000 ____D C:\Users\renate\Desktop\Jobs Bewerben
2013-09-08 13:56 - 2013-09-08 13:56 - 00000240 _____ C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
2013-09-06 18:27 - 2011-10-15 13:32 - 00000000 ____D C:\Users\renate\Documents\Telefon
2013-09-06 15:12 - 2013-09-06 15:12 - 00262144 _____ C:\Windows\Minidump\090613-30264-01.dmp
2013-09-06 14:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-04 23:32 - 2011-09-26 22:08 - 00000000 ____D C:\Users\renate\Documents\Luise
2013-09-04 11:54 - 2013-09-04 11:54 - 00943027 _____ C:\Users\renate\Downloads\b4238165d6239667f53b6bb162393389.ZIP
2013-08-27 21:39 - 2013-08-27 21:39 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-25 20:12 - 2011-12-07 23:25 - 00000000 ____D C:\Users\renate\Documents\Lebenshaltung
2013-08-25 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 12:04 - 2011-12-14 16:18 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-08-24 12:04 - 2011-09-20 19:09 - 00000000 ____D C:\Program Files (x86)\AAVUpdateManager
2013-08-24 12:03 - 2011-10-04 21:44 - 00001148 _____ C:\Users\renate\Desktop\Dropbox.lnk
2013-08-24 11:51 - 2011-09-18 11:29 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1440722069-1539269174-2057662562-1001Core.job
2013-08-24 11:48 - 2013-04-29 13:01 - 00000000 ____D C:\Users\renate\AppData\Roaming\stepnova
2013-08-24 11:48 - 2012-11-16 14:40 - 00000000 ____D C:\ProgramData\stepnova
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Some content of TEMP:
====================
C:\Users\renate\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 07:27

==================== End Of Log ============================

--- --- ---

und nun FSS

Code:

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by renate (administrator) on 20-09-2013 at 02:45:51
Running from "C:\Users\renate\Desktop\FakeTrojaner"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Gruß Ahnungs-los

Avira Meldungen: Adware/bProtect.D und TR/Fakeadb.A; Office Starter 2010 verschwunden

Plagegeister aller Art und deren Bekämpfung: Avira Meldungen: Adware/bProtect.D und TR/Fakeadb.A; Office Starter 2010 verschwunden