PC und USB voll mit Viren! Ich werde sie nicht los

lilli89 · 19.11.2013, 16:11

Hallo ihr,

ich habe seit mehreren Wochen immer wieder Viren auf meinem PC und jetzt auch auf meinem USB Stick. Ich kenne mich leider nicht so gut aus und wäre extrem dankbar wenn ihr mir helfen könnt.

Letzte Woche und gestern hatte ich ein Problem mit startquone8 und start.mysearchdial. Ich habe versucht mit AdwCleaner diese loszuwerden. Hat auch scheinbar geklappt. Jetzt habe ich aber ein Problem mit meinem USB Stick der voller Viren ist.

Ich habe Malwarebytes Anti-Malware einen Vollcheck durchgeführt. Hier sende ich euch den Report. Was sollte ich eure Meinung nach machen?
Vielen lieben Dank
lilli

Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368912
Laufzeit: 49 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\ProgramData\aoiyzrlf.exe (Exploit.Drop.Obama) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78JXRQ61\wajam_install[1].exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1b59b3a6-2abcb56b (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\DownloadAcceleratorSetup.exe (PUP.Optional.Jumpyapps) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\DownloadManagerSetup (1).exe (PUP.Optional.Jumpyapps) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\FLVPlayerSetup (1).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\FLVPlayerSetup (2).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\FLVPlayerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\Java.exe (PUP.Optional.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\Downloads\Microsoft PowerPoint Viewer.exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\unicode2.nls (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

schrauber · 19.11.2013, 16:15

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lilli89 · 19.11.2013, 16:52

Hier die Reports:

FRST:
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by sanderle (administrator) on SANDERLE-PC on 19-11-2013 16:32:31
Running from C:\Users\sanderle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\windows\system32\lxeacoms.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iTunesHelper] - C:\Users\sanderle\AppData\Local\Temp\iTunesHelper.vbe [69558261 2013-10-15] () <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: D - D:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {1ab11b78-5ecb-11e1-9535-4ceb420230c8} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {5ece21c7-4caa-11e1-b8dc-4ceb420230cc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Sanni\...\Policies\system: [LogonHoursAction] 2
HKU\Sanni\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
Startup: C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=721860452&ir=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=721860452&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=721860452&ir=
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.30.24.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Mysearchdial) - hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=721860452&ir=
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 lxea_device; C:\windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [244440 2011-05-21] (Trend Micro Inc.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 16:32 - 2013-11-19 16:33 - 00014545 _____ C:\Users\sanderle\Downloads\FRST.txt
2013-11-19 16:32 - 2013-11-19 16:32 - 01957964 _____ (Farbar) C:\Users\sanderle\Downloads\FRST64.exe
2013-11-19 16:32 - 2013-11-19 16:32 - 00000000 ____D C:\FRST
2013-11-19 16:30 - 2013-11-19 16:31 - 01090881 _____ (Farbar) C:\Users\sanderle\Downloads\FRST (1).exe
2013-11-19 16:30 - 2013-11-19 16:30 - 01090881 _____ (Farbar) C:\Users\sanderle\Downloads\FRST.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-19 14:45 - 2013-11-19 14:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sanderle\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-18 22:22 - 2013-11-18 22:23 - 00000000 ____D C:\Users\sanderle\Desktop\Neuer Ordner
2013-11-18 17:40 - 2013-11-18 17:40 - 00003850 _____ C:\Users\sanderle\Downloads\AdwCleaner[S1].txt
2013-11-18 17:32 - 2013-11-18 17:32 - 01085542 _____ C:\Users\sanderle\Downloads\adwcleaner (2).exe
2013-11-18 17:29 - 2013-11-18 17:29 - 00000000 ____D C:\windows\ERUNT
2013-11-18 17:28 - 2013-11-18 17:28 - 01034531 _____ (Thisisu) C:\Users\sanderle\Downloads\JRT.exe
2013-11-18 17:26 - 2013-11-18 17:27 - 21164032 _____ C:\Users\sanderle\Downloads\iepreview.msi
2013-11-18 17:25 - 2013-11-18 17:25 - 01085542 _____ C:\Users\sanderle\Downloads\adwcleaner (1).exe
2013-11-18 17:22 - 2013-11-18 17:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\sanderle\Downloads\SpyHunter-Installer (1).exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00000375 _____ C:\Users\sanderle\Desktop\Lexar (D) - Verknüpfung.lnk
2013-11-18 16:42 - 2013-11-18 17:01 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Mipony
2013-11-17 19:10 - 2013-11-17 19:10 - 02039296 _____ C:\Users\sanderle\Downloads\posch_mussolinis_sprachpolitik (1).ppt
2013-11-17 18:05 - 2013-11-17 18:05 - 01189888 _____ C:\Users\sanderle\Downloads\rm2177676.ppt
2013-11-17 18:05 - 2013-11-17 18:05 - 01189888 _____ C:\Users\sanderle\Downloads\rm2177676 (1).ppt
2013-11-14 13:09 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 13:09 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 13:09 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 13:09 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 13:09 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 13:09 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 13:09 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 13:09 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 13:09 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 13:09 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 11:00 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 11:00 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 11:00 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 11:00 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 11:00 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 11:00 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 11:00 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 11:00 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 11:00 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-14 11:00 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 11:00 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 11:00 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 11:00 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-14 11:00 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 11:00 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-14 11:00 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 11:00 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-14 11:00 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-14 11:00 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-14 11:00 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-14 11:00 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-14 11:00 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 11:00 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-14 11:00 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-14 11:00 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-14 11:00 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 11:00 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-14 11:00 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-14 11:00 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-14 11:00 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-09 20:12 - 2013-11-09 20:12 - 00000000 ____D C:\Users\sanderle\Desktop\B_Sociolinguistiquecritique
2013-11-08 10:44 - 2013-09-04 02:37 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-07 19:28 - 2013-11-19 14:29 - 00000000 ____D C:\Users\sanderle\Desktop\LAZAR
2013-11-04 22:45 - 2013-11-04 22:45 - 00006139 _____ C:\Users\sanderle\Desktop\AdwCleaner[S0].txt
2013-11-04 22:33 - 2013-11-18 17:33 - 00000000 ____D C:\AdwCleaner
2013-11-04 22:33 - 2013-11-04 22:33 - 01073258 _____ C:\Users\sanderle\Downloads\adwcleaner.exe
2013-11-04 21:03 - 2013-11-04 21:03 - 00003344 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 _____ C:\autoexec.bat
2013-11-04 21:02 - 2013-11-04 22:14 - 00000000 ____D C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-04 20:56 - 2013-11-04 20:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\sanderle\Downloads\SpyHunter-Installer.exe
2013-11-03 14:39 - 2013-11-03 14:39 - 00033712 _____ C:\Users\sanderle\Downloads\AJaffe_Expose.odp
2013-11-03 14:38 - 2013-11-03 14:38 - 00033712 _____ C:\Users\sanderle\Downloads\Amenagement_Linguistique_Expose_SandraHanni.odp
2013-11-03 12:50 - 2013-11-03 12:50 - 00000093 _____ C:\Users\sanderle\AppData\Roaming\WB.CFG
2013-11-03 12:50 - 2013-11-03 12:50 - 00000006 _____ C:\Users\sanderle\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 12:05 - 2013-11-03 12:05 - 00000000 ____D C:\Users\sanderle\AppData\Local\Software
2013-11-03 12:03 - 2013-11-03 12:03 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-11-03 12:02 - 2013-11-03 12:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-11-03 11:59 - 2013-11-03 11:59 - 00518752 _____ C:\Users\sanderle\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe
2013-11-03 11:50 - 2013-11-03 11:50 - 00707360 _____ C:\Users\sanderle\Downloads\DownloadManagerSetup.exe
2013-10-26 00:28 - 2013-10-26 00:28 - 00000000 ____D C:\Users\Sanni\AppData\Roaming\Adobe

==================== One Month Modified Files and Folders =======

2013-11-19 16:33 - 2013-11-19 16:32 - 00014545 _____ C:\Users\sanderle\Downloads\FRST.txt
2013-11-19 16:33 - 2013-02-12 18:45 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 16:32 - 2013-11-19 16:32 - 01957964 _____ (Farbar) C:\Users\sanderle\Downloads\FRST64.exe
2013-11-19 16:32 - 2013-11-19 16:32 - 00000000 ____D C:\FRST
2013-11-19 16:31 - 2013-11-19 16:30 - 01090881 _____ (Farbar) C:\Users\sanderle\Downloads\FRST (1).exe
2013-11-19 16:30 - 2013-11-19 16:30 - 01090881 _____ (Farbar) C:\Users\sanderle\Downloads\FRST.exe
2013-11-19 16:21 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 16:21 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 16:18 - 2012-01-22 06:25 - 01642089 _____ C:\windows\WindowsUpdate.log
2013-11-19 16:17 - 2013-02-12 18:45 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 16:17 - 2012-01-22 07:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-19 16:17 - 2012-01-22 07:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-19 16:17 - 2012-01-22 06:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-19 16:13 - 2010-11-21 04:47 - 00126018 _____ C:\windows\PFRO.log
2013-11-19 16:13 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-19 16:13 - 2009-07-14 05:51 - 00111813 _____ C:\windows\setupact.log
2013-11-19 16:12 - 2012-01-31 17:10 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\SoftGrid Client
2013-11-19 14:47 - 2013-11-19 14:47 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:47 - 2012-10-25 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-19 14:46 - 2013-11-19 14:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\sanderle\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-19 14:29 - 2013-11-07 19:28 - 00000000 ____D C:\Users\sanderle\Desktop\LAZAR
2013-11-19 08:59 - 2012-01-22 08:16 - 00708842 _____ C:\windows\system32\perfh007.dat
2013-11-19 08:59 - 2012-01-22 08:16 - 00152188 _____ C:\windows\system32\perfc007.dat
2013-11-19 08:59 - 2009-07-14 06:13 - 01645504 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-18 22:23 - 2013-11-18 22:22 - 00000000 ____D C:\Users\sanderle\Desktop\Neuer Ordner
2013-11-18 17:40 - 2013-11-18 17:40 - 00003850 _____ C:\Users\sanderle\Downloads\AdwCleaner[S1].txt
2013-11-18 17:33 - 2013-11-04 22:33 - 00000000 ____D C:\AdwCleaner
2013-11-18 17:32 - 2013-11-18 17:32 - 01085542 _____ C:\Users\sanderle\Downloads\adwcleaner (2).exe
2013-11-18 17:29 - 2013-11-18 17:29 - 00000000 ____D C:\windows\ERUNT
2013-11-18 17:28 - 2013-11-18 17:28 - 01034531 _____ (Thisisu) C:\Users\sanderle\Downloads\JRT.exe
2013-11-18 17:27 - 2013-11-18 17:26 - 21164032 _____ C:\Users\sanderle\Downloads\iepreview.msi
2013-11-18 17:25 - 2013-11-18 17:25 - 01085542 _____ C:\Users\sanderle\Downloads\adwcleaner (1).exe
2013-11-18 17:22 - 2013-11-18 17:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\sanderle\Downloads\SpyHunter-Installer (1).exe
2013-11-18 17:02 - 2012-01-31 16:54 - 00000000 ___RD C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 17:01 - 2013-11-18 16:42 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Mipony
2013-11-18 16:54 - 2013-11-18 16:54 - 00000375 _____ C:\Users\sanderle\Desktop\Lexar (D) - Verknüpfung.lnk
2013-11-17 19:10 - 2013-11-17 19:10 - 02039296 _____ C:\Users\sanderle\Downloads\posch_mussolinis_sprachpolitik (1).ppt
2013-11-17 18:37 - 2013-05-22 13:54 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-11-17 18:05 - 2013-11-17 18:05 - 01189888 _____ C:\Users\sanderle\Downloads\rm2177676.ppt
2013-11-17 18:05 - 2013-11-17 18:05 - 01189888 _____ C:\Users\sanderle\Downloads\rm2177676 (1).ppt
2013-11-17 00:56 - 2013-02-12 18:46 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 13:52 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-11-15 15:22 - 2013-05-22 13:53 - 00000000 ____D C:\Program Files\My Dell
2013-11-15 15:22 - 2012-02-21 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-11-11 13:34 - 2012-01-31 16:51 - 00064024 _____ C:\Users\sanderle\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 15:34 - 2012-03-06 21:05 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Skype
2013-11-09 20:12 - 2013-11-09 20:12 - 00000000 ____D C:\Users\sanderle\Desktop\B_Sociolinguistiquecritique
2013-11-04 22:45 - 2013-11-04 22:45 - 00006139 _____ C:\Users\sanderle\Desktop\AdwCleaner[S0].txt
2013-11-04 22:34 - 2012-01-31 16:54 - 00001003 _____ C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-04 22:33 - 2013-11-04 22:33 - 01073258 _____ C:\Users\sanderle\Downloads\adwcleaner.exe
2013-11-04 22:14 - 2013-11-04 21:02 - 00000000 ____D C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-04 21:03 - 2013-11-04 21:03 - 00003344 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 _____ C:\autoexec.bat
2013-11-04 20:56 - 2013-11-04 20:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\sanderle\Downloads\SpyHunter-Installer.exe
2013-11-04 20:42 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-03 15:06 - 2009-07-14 05:45 - 00294168 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-03 14:39 - 2013-11-03 14:39 - 00033712 _____ C:\Users\sanderle\Downloads\AJaffe_Expose.odp
2013-11-03 14:38 - 2013-11-03 14:38 - 00033712 _____ C:\Users\sanderle\Downloads\Amenagement_Linguistique_Expose_SandraHanni.odp
2013-11-03 12:50 - 2013-11-03 12:50 - 00000093 _____ C:\Users\sanderle\AppData\Roaming\WB.CFG
2013-11-03 12:50 - 2013-11-03 12:50 - 00000006 _____ C:\Users\sanderle\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 12:05 - 2013-11-03 12:05 - 00000000 ____D C:\Users\sanderle\AppData\Local\Software
2013-11-03 12:04 - 2013-02-12 18:45 - 00000000 ____D C:\Users\sanderle\AppData\Local\Google
2013-11-03 12:03 - 2013-11-03 12:03 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-11-03 12:02 - 2013-11-03 12:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-11-03 12:01 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-03 11:59 - 2013-11-03 11:59 - 00518752 _____ C:\Users\sanderle\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe
2013-11-03 11:50 - 2013-11-03 11:50 - 00707360 _____ C:\Users\sanderle\Downloads\DownloadManagerSetup.exe
2013-10-26 00:28 - 2013-10-26 00:28 - 00000000 ____D C:\Users\Sanni\AppData\Roaming\Adobe
2013-10-26 00:28 - 2013-08-29 13:45 - 00001427 _____ C:\Users\Sanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 00:28 - 2013-08-29 13:44 - 00000000 ___RD C:\Users\Sanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-26 00:28 - 2013-08-29 13:44 - 00000000 ___RD C:\Users\Sanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Files to move or delete:
====================
C:\Users\sanderle\AppData\Local\Temp\iTunesHelper.vbe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 16:24

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Und Addition lg

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by sanderle at 2013-11-19 16:33:40
Running from C:\Users\sanderle\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AccelerometerP11 (x32 Version: 2.00.11.22)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Bing Bar (x32 Version: 7.2.241.0)
Citavi (x32 Version: 3.2.0.0)
Conexant SmartAudio HD (Version: 8.54.16.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 15.3.5.0)
Dell Webcam Central (x32 Version: 2.00.44)
DigitalPersona Fingerprint Software 5.20 (Version: 5.20.230)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.0.0587)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Intel(R) WiDi (x32 Version: 2.1.35.0)
Intel(R) Wireless Display
Java Auto Updater (x32 Version: 2.1.5.1)
Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10)
Java(TM) 7 Update 1 (x32 Version: 7.0.10)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
My Dell (Version: 3.4.6361.48)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Quickset64 (Version: 10.09.25)
Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
Skype™ 6.0 (x32 Version: 6.0.126)
Spybot - Search & Destroy (x32 Version: 1.6.2)
System Checkup 3.1 (x32 Version: 3.1.0.37)
TI USB 3.0 Host Controller Driver (x32 Version: 1.12.14.0)
TI USB3 Host Driver (x32 Version: 1.12.14.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Validity Sensors DDK (Version: 4.3.108.0)
Vodafone Mobile Connect Lite (x32 Version: 9.4.2.14731)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

18-10-2013 06:24:10 Windows Update
22-10-2013 06:09:15 Windows Update
25-10-2013 07:41:28 Windows Update
02-11-2013 00:04:43 Windows Update
03-11-2013 11:01:50 Installé OpenOffice.org 3.4.1
03-11-2013 14:14:28 Removed Boxore Client
03-11-2013 14:14:52 Removed Boxore Client
04-11-2013 20:02:31 Installed SpyHunter
04-11-2013 21:13:00 Removed SpyHunter
04-11-2013 21:13:36 Removed Boxore Client
04-11-2013 21:14:01 Removed SpyHunter
05-11-2013 15:34:24 Windows Update
08-11-2013 18:30:05 Windows Update
12-11-2013 10:00:33 Windows Update
14-11-2013 12:08:10 Windows Update
18-11-2013 16:28:12 Installed Windows Internet Explorer Platform Preview

==================== Hosts content: ==========================

2009-07-14 03:34 - 2012-10-29 00:01 - 00444707 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {08C53018-7216-494B-8E64-C722ACE2C17B} - \SoftwareUpdateTaskMachineUA No Task File
Task: {0ACB8D60-C290-4AAA-9ADB-76040A8D9DCF} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {28139F04-6F44-44B8-8D24-F8A682725775} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {2FDC1FEA-9EE5-44CE-8DBE-D95E89905B21} - \BoxSoftwareUpdate No Task File
Task: {4650D74D-CF21-418C-81CC-30B34E5BC735} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12] (Google Inc.)
Task: {51C42E52-C3BA-4777-BE05-FF013C799EDC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {6572944B-61B8-41E1-894A-F6672C237177} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {7698E5A6-5D2D-4047-9D21-A289C5D4D904} - \SoftwareUpdateTaskMachineCore No Task File
Task: {7B596D2C-CADD-4A65-9740-33071D1D841F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7DE8B20D-B244-4CD4-9577-1984EEF3C193} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {83F4A0A9-E954-4F85-A703-4650FF2110E1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-07] (PC-Doctor, Inc.)
Task: {A8561111-85AA-4F99-8FB3-051A93CC6639} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12] (Google Inc.)
Task: {A86AC5F7-5A7B-4575-9048-9295689C8417} - System32\Tasks\{A2F3FD66-6A84-40C1-8849-3F96301EB4B2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/fr/abandoninstall?page=tsProgressBar
Task: {CBC7DB9B-ACBB-41BE-B11D-0251F9B615B6} - System32\Tasks\{252A42E8-BA0D-4167-AFA8-1F5D1FAAF5FA} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.8.0.158.259&amp;LastError=12002
Task: {ED4FD06C-AC3B-464E-9BC7-988AA83C54F0} - \DigitalSite No Task File
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-03 11:23 - 2013-09-03 11:23 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7d7cb9572deb4b67694dfab4d6ad05af\IsdiInterop.ni.dll
2012-01-22 06:31 - 2011-02-18 15:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-17 00:56 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 00:56 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 00:56 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 00:56 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 00:56 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2013 04:14:02 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 04:13:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 02:32:04 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.

Error: (11/19/2013 02:21:59 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 02:21:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 08:57:47 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 08:57:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2013 09:55:21 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (11/18/2013 06:52:43 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (11/18/2013 06:52:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2013 04:33:41 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:33:27 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:33:13 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:32:59 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:32:44 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:32:30 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:32:16 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:32:01 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:31:46 PM) (Source: DCOM) (User: )
Description: localBenjamin

Error: (11/19/2013 04:31:32 PM) (Source: DCOM) (User: )
Description: localBenjamin


Microsoft Office Sessions:
=========================
Error: (11/19/2013 04:14:02 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 04:13:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 02:32:04 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.

Error: (11/19/2013 02:21:59 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 02:21:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 08:57:47 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (11/19/2013 08:57:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2013 09:55:21 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (11/18/2013 06:52:43 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (11/18/2013 06:52:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 4002.1 MB
Available physical RAM: 1712.7 MB
Total Pagefile: 8002.38 MB
Available Pagefile: 5259.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:220.7 GB) NTFS
Drive d: (LEXAR) (Removable) (Total:14.91 GB) (Free:14.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4DB0D6C5)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ===========================

--- --- ---

Sry das mit dem Thread (#-Symbol im Eingabefenster der Webseite anklicken) habe ich nicht gecheckt!Ich soll den Report ins Eingabefenster kopieren???? Ich versuche es mal

schrauber · 20.11.2013, 10:19

USB Stick anschliessen und nicht mehr abklemmen.

Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

lilli89 · 22.11.2013, 11:06

hallo schrauber,

so hier schicke ich dir den combofix.txt.
Danke vielmals :-)
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-11-22.01 - sanderle 22.11.2013  10:54:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4002.1896 [GMT 1:00]
ausgeführt von:: c:\users\sanderle\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6361\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6361\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3cb2cbfc-72a8-4ae7-9061-1a58b1505327.dll
c:\programdata\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6361\AddOnDownloaded\5c103ca5-8249-401b-a699-41d0a39023f4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\704dfeb5-9129-4d88-8096-7f3bc80eb1ec.dll
c:\programdata\PCDr\6361\AddOnDownloaded\8d529c31-eeb1-4b4d-ab7e-98a38b1abf60.dll
c:\programdata\PCDr\6361\AddOnDownloaded\8fab1a01-d6b6-4640-ac86-c3ddd583c840.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9e7391aa-d9c2-4547-bdb7-737a833083a2.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c4f346c1-09ef-4c0a-846d-8ca41f94690b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\cadaa395-f50b-45c6-81f6-b5aaa3c5efba.dll
c:\programdata\PCDr\6361\AddOnDownloaded\dde43788-ba3c-4b88-bc8a-de8a0eb22c79.dll
c:\programdata\PCDr\6361\AddOnDownloaded\e13c218f-cd37-454b-a187-3381a9945752.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f586fa98-17b8-498c-9c59-24de5750efab.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f73e8868-a1f5-4756-9eae-b4ffc305f35a.dll
c:\programdata\Roaming
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-22 bis 2013-11-22  ))))))))))))))))))))))))))))))
.
.
2013-11-22 10:00 . 2013-11-22 10:00	--------	d-----w-	c:\users\Sanni\AppData\Local\temp
2013-11-22 10:00 . 2013-11-22 10:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-22 08:12 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23F0FB61-0B01-4460-94BA-E81DD0D94C9D}\mpengine.dll
2013-11-19 16:00 . 2013-11-19 16:00	74703	----a-w-	c:\windows\SysWow64\mfc45.dat
2013-11-19 15:32 . 2013-11-19 15:32	--------	d-----w-	C:\FRST
2013-11-19 13:46 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-11-18 16:29 . 2013-11-18 16:29	--------	d-----w-	c:\windows\ERUNT
2013-11-18 15:42 . 2013-11-18 16:01	--------	d-----w-	c:\users\sanderle\AppData\Roaming\Mipony
2013-11-18 15:41 . 2013-11-18 15:41	--------	d-----w-	c:\users\sanderle\AppData\Local\Programs
2013-11-18 14:14 . 2013-10-15 10:37	69558261	--sha-w-	c:\users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
2013-11-14 10:00 . 2013-10-05 20:25	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-11-08 09:44 . 2013-09-04 01:37	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-08 09:44 . 2013-09-04 01:37	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-11-08 09:44 . 2013-09-04 01:37	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-08 09:44 . 2013-09-04 01:37	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-08 09:44 . 2013-09-04 01:37	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-08 09:44 . 2013-09-04 01:37	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-08 09:44 . 2013-09-04 01:37	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-04 21:33 . 2013-11-18 16:33	--------	d-----w-	C:\AdwCleaner
2013-11-04 20:03 . 2013-11-04 20:03	--------	d-----w-	c:\program files\Enigma Software Group
2013-11-04 20:02 . 2013-11-04 21:14	--------	d-----w-	c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-04 20:02 . 2013-11-04 20:02	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-03 11:05 . 2013-11-03 11:05	--------	d-----w-	c:\users\sanderle\AppData\Local\Software
2013-11-03 11:02 . 2013-11-03 11:02	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 04:50 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-09-08 02:30 . 2013-10-11 08:27	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 08:27	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 08:27	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-03 08:03 . 2013-09-03 08:03	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-03 08:03 . 2013-09-03 08:03	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-09-03 08:03 . 2013-09-03 08:03	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-09-03 08:03 . 2013-09-03 08:03	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-09-03 08:03 . 2013-09-03 08:03	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-09-03 08:03 . 2013-09-03 08:03	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-09-03 08:03 . 2013-09-03 08:03	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-09-03 08:03 . 2013-09-03 08:03	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-09-03 08:03 . 2013-09-03 08:03	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-09-03 08:03 . 2013-09-03 08:03	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-09-03 08:03 . 2013-09-03 08:03	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-09-03 08:03 . 2013-09-03 08:03	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-09-03 08:03 . 2013-09-03 08:03	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-09-03 08:03 . 2013-09-03 08:03	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-09-03 08:03 . 2013-09-03 08:03	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-09-03 08:03 . 2013-09-03 08:03	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-09-03 08:03 . 2013-09-03 08:03	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-09-03 08:03 . 2013-09-03 08:03	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-03 08:03 . 2013-09-03 08:03	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-09-03 08:03 . 2013-09-03 08:03	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-09-03 08:03 . 2013-09-03 08:03	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-09-03 08:03 . 2013-09-03 08:03	81408	----a-w-	c:\windows\system32\icardie.dll
2013-09-03 08:03 . 2013-09-03 08:03	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-09-03 08:03 . 2013-09-03 08:03	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-09-03 08:03 . 2013-09-03 08:03	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-09-03 08:03 . 2013-09-03 08:03	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-09-03 08:03 . 2013-09-03 08:03	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-09-03 08:03 . 2013-09-03 08:03	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-09-03 08:03 . 2013-09-03 08:03	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-09-03 08:03 . 2013-09-03 08:03	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-09-03 08:03 . 2013-09-03 08:03	441856	----a-w-	c:\windows\system32\html.iec
2013-09-03 08:03 . 2013-09-03 08:03	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-09-03 08:03 . 2013-09-03 08:03	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-09-03 08:03 . 2013-09-03 08:03	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-09-03 08:03 . 2013-09-03 08:03	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-09-03 08:03 . 2013-09-03 08:03	235008	----a-w-	c:\windows\system32\url.dll
2013-09-03 08:03 . 2013-09-03 08:03	216064	----a-w-	c:\windows\system32\msls31.dll
2013-09-03 08:03 . 2013-09-03 08:03	197120	----a-w-	c:\windows\system32\msrating.dll
2013-09-03 08:03 . 2013-09-03 08:03	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-09-03 08:03 . 2013-09-03 08:03	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-09-03 08:03 . 2013-09-03 08:03	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-09-03 08:03 . 2013-09-03 08:03	149504	----a-w-	c:\windows\system32\occache.dll
2013-09-03 08:03 . 2013-09-03 08:03	144896	----a-w-	c:\windows\system32\wextract.exe
2013-09-03 08:03 . 2013-09-03 08:03	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-09-03 08:03 . 2013-09-03 08:03	13824	----a-w-	c:\windows\system32\mshta.exe
2013-09-03 08:03 . 2013-09-03 08:03	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-09-03 08:03 . 2013-09-03 08:03	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-09-03 08:03 . 2013-09-03 08:03	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-09-03 08:03 . 2013-09-03 08:03	102912	----a-w-	c:\windows\system32\inseng.dll
2013-09-03 07:58 . 2013-09-03 07:58	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-09-03 07:58 . 2013-09-03 07:58	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-09-03 07:58 . 2013-09-03 07:58	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-09-03 07:58 . 2013-09-03 07:58	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-09-03 07:58 . 2013-09-03 07:58	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-09-03 07:58 . 2013-09-03 07:58	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-09-03 07:58 . 2013-09-03 07:58	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-03 07:58 . 2013-09-03 07:58	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-09-03 07:58 . 2013-09-03 07:58	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-09-03 07:58 . 2013-09-03 07:58	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-09-03 07:58 . 2013-09-03 07:58	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-09-03 07:58 . 2013-09-03 07:58	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-09-03 07:58 . 2013-09-03 07:58	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-09-03 07:58 . 2013-09-03 07:58	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-09-03 07:58 . 2013-09-03 07:58	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-09-03 07:58 . 2013-09-03 07:58	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-09-03 07:58 . 2013-09-03 07:58	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-03 07:58 . 2013-09-03 07:58	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-09-03 07:58 . 2013-09-03 07:58	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-09-03 07:58 . 2013-09-03 07:58	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-03 07:58 . 2013-09-03 07:58	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-09-03 07:58 . 2013-09-03 07:58	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-09-03 07:58 . 2013-09-03 07:58	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-09-03 07:58 . 2013-09-03 07:58	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-09-03 07:58 . 2013-09-03 07:58	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-09-03 07:58 . 2013-09-03 07:58	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-09-03 07:58 . 2013-09-03 07:58	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-09-03 07:58 . 2013-09-03 07:58	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-09-03 07:58 . 2013-09-03 07:58	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-09-03 07:58 . 2013-09-03 07:58	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-03 07:58 . 2013-09-03 07:58	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 00:46	1451680	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iTunesHelper.vbe [2013-10-15 69558261]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys;c:\windows\SYSNATIVE\DRIVERS\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 23:49	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12 17:45]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-12 17:45]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 193.55.96.71 208.67.222.222
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-22  11:02:50
ComboFix-quarantined-files.txt  2013-11-22 10:02
.
Vor Suchlauf: 11 Verzeichnis(se), 238.017.208.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 239.441.821.696 Bytes frei
.
- - End Of File - - DADEC5570E7317A30468DFD5482C7F35

--- --- ---

schrauber · 23.11.2013, 07:21

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

lilli89 · 25.11.2013, 10:08

Hey, hier der 1. Report

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
sanderle :: SANDERLE-PC [Administrator]

Schutz: Aktiviert

25.11.2013 09:30:37
mbam-log-2013-11-25 (09-30-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234467
Laufzeit: 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A2O0R1R1H2Z1S1G0H1F -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1751723819&i r=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyE0C0E0ByEtBtDtBtAtD0C0CzzyC0DyEtN0D0Tzu0CyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1751723819&i r=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Program Files (x86)\Mysearchdial\1.8.21.0 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\Sqlite3.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninst.dat (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Der adw cleaner report:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.013 - Bericht erstellt am 25/11/2013 um 09:49:09
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : sanderle - SANDERLE-PC
# Gestartet von : C:\Users\sanderle\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial
Datei Gelöscht : C:\Users\sanderle\AppData\Local\mysearchdial-speeddial.crx
Datei Gelöscht : C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
Datei Gelöscht : C:\windows\System32\Tasks\SpyHunter4Startup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\FLEXnet
Schlüssel Gelöscht : HKLM\Software\InstallCore

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Sanni\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7810 octets] - [04/11/2013 22:33:45]
AdwCleaner[R1].txt - [4693 octets] - [18/11/2013 17:32:22]
AdwCleaner[R2].txt - [3005 octets] - [25/11/2013 09:47:56]
AdwCleaner[S0].txt - [6139 octets] - [04/11/2013 22:34:49]
AdwCleaner[S1].txt - [3850 octets] - [18/11/2013 17:33:13]
AdwCleaner[S2].txt - [2339 octets] - [25/11/2013 09:49:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2399 octets] ##########

--- --- ---

JRT.txtJRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by sanderle on 25.11.2013 at  9:54:39,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\sanderle\appdata\local\software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2013 at 10:01:56,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

und ein neuer frst! liebe grüßeJRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by sanderle on 25.11.2013 at  9:54:39,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\sanderle\appdata\local\software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2013 at 10:01:56,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

schrauber · 25.11.2013, 15:55

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

lilli89 · 27.11.2013, 23:56

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=891feb85d68ed443a059a48f00482181
# engine=16048
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-27 10:25:25
# local_time=2013-11-27 11:25:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 89890 137220975 0 0
# scanned=156513
# found=19
# cleaned=0
# scan_time=10312
sh=836D94364F1CFC07116133EF521AA88C316A8252 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\hlyyrmrrvlmpjrk\main.html"
sh=836D94364F1CFC07116133EF521AA88C316A8252 ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\hlyyrmrrvlmpjrk\main.html"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Kryptik.Y trojan" ac=I fn="C:\Users\sanderle\AppData\Local\Temp\iTunesHelper.vbe"
sh=CD665FDD62D8C0A42C05F004EA6C0E0164CE5463 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\sanderle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\29f1cce7-5c5cce8f"
sh=05D02240EE6DE3A289CB848382D83B65882BD8A6 ft=0 fh=0000000000000000 vn="VBS/Kryptik.Y trojan" ac=I fn="C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe"
sh=FDF3B19B700F434CCD91AEAE3C271F8AF3C0E63C ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\18414-Formation des mots.lnk"
sh=99E30867C2222B8DC74800FA580ADC52B03E2652 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\censimento_volume_completo.lnk"
sh=DCD98C722357AA198CB4AECC7CFD267F0E255C19 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\Language_distribution_in_South_Tyrol_and_Trentino.lnk"
sh=02A013F562E0D5A387732953E095CC4513F18254 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\logo-parisdescartes.lnk"
sh=F6235E85BCF2CC55A6F81F490B6AA6381602B6CD ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\Logo_Sorbonne_Paris_Cite.lnk"
sh=A103C770F06776708713FB81C4683BB9579076D1 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\wappen_bundesland_tirol.lnk"
sh=4639274B3DDBBD4D2FA362238AAFC58293FB651F ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\LAZAR\MA_COURS_PARIS\Argotologie\Ref\zPharaoh.lnk"
sh=FDF3B19B700F434CCD91AEAE3C271F8AF3C0E63C ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\18414-Formation des mots.lnk"
sh=99E30867C2222B8DC74800FA580ADC52B03E2652 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\censimento_volume_completo.lnk"
sh=DCD98C722357AA198CB4AECC7CFD267F0E255C19 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\Language_distribution_in_South_Tyrol_and_Trentino.lnk"
sh=02A013F562E0D5A387732953E095CC4513F18254 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\logo-parisdescartes.lnk"
sh=F6235E85BCF2CC55A6F81F490B6AA6381602B6CD ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\Logo_Sorbonne_Paris_Cite.lnk"
sh=A103C770F06776708713FB81C4683BB9579076D1 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\wappen_bundesland_tirol.lnk"
sh=4639274B3DDBBD4D2FA362238AAFC58293FB651F ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie\Ref\zPharaoh.lnk"

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Titanium Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 7 Update 1
Java version out of Date!
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro Titanium TiMiniService.exe
Trend Micro Titanium TiResumeSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by sanderle (administrator) on SANDERLE-PC on 27-11-2013 23:54:29
Running from C:\Users\sanderle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iTunesHelper] - C:\Users\sanderle\AppData\Local\Temp\iTunesHelper.vbe [69558261 2013-10-15] () <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\Sanni\...\Policies\system: [LogonHoursAction] 2
HKU\Sanni\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
Startup: C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\sanderle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 lxea_device; C:\windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [244440 2011-05-21] (Trend Micro Inc.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-04-20] (Vodafone)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 23:54 - 2013-11-27 23:54 - 01958850 _____ (Farbar) C:\Users\sanderle\Downloads\FRST64.exe
2013-11-27 23:54 - 2013-11-27 23:54 - 00013572 _____ C:\Users\sanderle\Downloads\FRST.txt
2013-11-27 20:26 - 2013-11-27 20:26 - 02347384 _____ (ESET) C:\Users\sanderle\Downloads\esetsmartinstaller_enu (1).exe
2013-11-27 20:26 - 2013-11-27 20:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-26 23:19 - 2013-11-26 23:19 - 00891184 _____ C:\Users\sanderle\Downloads\SecurityCheck.exe
2013-11-26 22:27 - 2013-11-26 22:27 - 02347384 _____ (ESET) C:\Users\sanderle\Downloads\esetsmartinstaller_enu.exe
2013-11-26 16:16 - 2013-11-26 16:16 - 00001430 _____ C:\Users\sanderle\AppData\Local\RecConfig.xml
2013-11-26 16:13 - 2013-11-26 16:13 - 02497825 _____ (No23) C:\Users\sanderle\Downloads\No23Recorder2103.exe
2013-11-25 11:29 - 2013-11-25 11:29 - 00762814 _____ C:\Users\sanderle\Downloads\ei_enseignement_superieur _recherche_cm (1)
2013-11-25 11:29 - 2013-11-25 11:29 - 00762814 _____ C:\Users\sanderle\Downloads\ei_enseignement_superieur _recherche_cm
2013-11-25 10:01 - 2013-11-25 10:01 - 00001203 _____ C:\Users\sanderle\Desktop\JRT.txt
2013-11-25 09:53 - 2013-11-25 09:53 - 01034531 _____ (Thisisu) C:\Users\sanderle\Downloads\JRT.exe
2013-11-25 09:47 - 2013-11-25 09:47 - 01091882 _____ C:\Users\sanderle\Downloads\adwcleaner.exe
2013-11-25 09:26 - 2013-11-25 09:26 - 00001127 _____ C:\Users\sanderle\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\wangzhisong
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\Documents\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Local\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Local\cache
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 _____ C:\Users\sanderle\daemonprocess.txt
2013-11-25 09:25 - 2013-11-25 09:28 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-25 09:24 - 2013-11-25 09:24 - 00602144 _____ C:\Users\sanderle\Downloads\Setup.exe
2013-11-22 13:05 - 2013-11-22 13:05 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-22 11:08 - 2013-11-26 23:22 - 00000000 ____D C:\Users\sanderle\Desktop\Viren
2013-11-22 11:02 - 2013-11-22 11:02 - 00030742 _____ C:\ComboFix.txt
2013-11-22 10:52 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-22 10:52 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-22 10:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-22 10:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-22 10:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-22 10:52 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-22 10:52 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-22 10:52 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-22 10:51 - 2013-11-22 11:02 - 00000000 ____D C:\Qoobox
2013-11-22 10:51 - 2013-11-22 11:01 - 00000000 ____D C:\windows\erdnt
2013-11-22 10:51 - 2013-11-22 10:51 - 05147802 ____R (Swearware) C:\Users\sanderle\Downloads\ComboFix.exe
2013-11-22 10:45 - 2013-11-22 10:45 - 00000000 ____D C:\Users\sanderle\Desktop\ListeDienste
2013-11-19 19:26 - 2013-11-19 19:26 - 06186980 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (3).odp
2013-11-19 19:24 - 2013-11-19 19:24 - 00965500 _____ C:\Users\sanderle\Downloads\Pr__sentationTRAVAILseminaire_Argotologie.zip
2013-11-19 19:20 - 2013-11-19 19:20 - 06184926 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (2).odp
2013-11-19 19:19 - 2013-11-19 19:19 - 06184926 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (1).odp
2013-11-19 19:17 - 2013-11-19 19:18 - 06187007 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856.odp
2013-11-19 17:00 - 2013-11-19 17:00 - 00074703 _____ C:\windows\SysWOW64\mfc45.dat
2013-11-19 16:32 - 2013-11-19 16:32 - 00000000 ____D C:\FRST
2013-11-19 14:47 - 2013-11-19 14:47 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-18 22:22 - 2013-11-18 22:23 - 00000000 ____D C:\Users\sanderle\Desktop\Neuer Ordner
2013-11-18 17:29 - 2013-11-18 17:29 - 00000000 ____D C:\windows\ERUNT
2013-11-18 16:54 - 2013-11-18 16:54 - 00000375 _____ C:\Users\sanderle\Desktop\Lexar (D) - Verknüpfung.lnk
2013-11-18 16:42 - 2013-11-18 17:01 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Mipony
2013-11-14 13:09 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 13:09 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 13:09 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 13:09 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 13:09 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 13:09 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 13:09 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 13:09 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 13:09 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 13:09 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 13:09 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 13:09 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 11:00 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 11:00 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 11:00 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 11:00 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 11:00 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 11:00 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 11:00 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 11:00 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 11:00 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-14 11:00 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 11:00 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 11:00 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 11:00 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-14 11:00 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 11:00 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-14 11:00 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 11:00 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-14 11:00 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-14 11:00 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-14 11:00 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-14 11:00 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-14 11:00 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 11:00 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-14 11:00 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-14 11:00 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-14 11:00 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 11:00 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-14 11:00 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-14 11:00 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-14 11:00 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-09 20:12 - 2013-11-09 20:12 - 00000000 ____D C:\Users\sanderle\Desktop\B_Sociolinguistiquecritique
2013-11-08 10:44 - 2013-09-04 02:37 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-08 10:44 - 2013-09-04 02:37 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-07 19:28 - 2013-11-27 09:37 - 00000000 ____D C:\Users\sanderle\Desktop\LAZAR
2013-11-04 22:33 - 2013-11-25 09:49 - 00000000 ____D C:\AdwCleaner
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 _____ C:\autoexec.bat
2013-11-04 21:02 - 2013-11-04 22:14 - 00000000 ____D C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-03 12:50 - 2013-11-03 12:50 - 00000093 _____ C:\Users\sanderle\AppData\Roaming\WB.CFG
2013-11-03 12:50 - 2013-11-03 12:50 - 00000006 _____ C:\Users\sanderle\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 12:03 - 2013-11-03 12:03 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-11-03 12:02 - 2013-11-03 12:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3

==================== One Month Modified Files and Folders =======

2013-11-27 23:55 - 2013-11-27 23:54 - 00013572 _____ C:\Users\sanderle\Downloads\FRST.txt
2013-11-27 23:54 - 2013-11-27 23:54 - 01958850 _____ (Farbar) C:\Users\sanderle\Downloads\FRST64.exe
2013-11-27 23:33 - 2013-02-12 18:45 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 23:07 - 2012-01-22 08:16 - 00708842 _____ C:\windows\system32\perfh007.dat
2013-11-27 23:07 - 2012-01-22 08:16 - 00152188 _____ C:\windows\system32\perfc007.dat
2013-11-27 23:07 - 2009-07-14 06:13 - 01645504 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-27 20:26 - 2013-11-27 20:26 - 02347384 _____ (ESET) C:\Users\sanderle\Downloads\esetsmartinstaller_enu (1).exe
2013-11-27 20:26 - 2013-11-27 20:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-27 20:20 - 2013-05-22 13:54 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-11-27 19:59 - 2012-01-22 06:25 - 01320229 _____ C:\windows\WindowsUpdate.log
2013-11-27 17:29 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 17:29 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 17:22 - 2013-02-12 18:45 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 17:22 - 2012-01-22 07:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-27 17:22 - 2012-01-22 07:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-27 17:22 - 2012-01-22 06:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-27 17:22 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-27 17:22 - 2009-07-14 05:51 - 00115331 _____ C:\windows\setupact.log
2013-11-27 12:48 - 2012-01-31 17:10 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\SoftGrid Client
2013-11-27 09:37 - 2013-11-07 19:28 - 00000000 ____D C:\Users\sanderle\Desktop\LAZAR
2013-11-26 23:22 - 2013-11-22 11:08 - 00000000 ____D C:\Users\sanderle\Desktop\Viren
2013-11-26 23:19 - 2013-11-26 23:19 - 00891184 _____ C:\Users\sanderle\Downloads\SecurityCheck.exe
2013-11-26 23:04 - 2012-03-06 21:05 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Skype
2013-11-26 22:27 - 2013-11-26 22:27 - 02347384 _____ (ESET) C:\Users\sanderle\Downloads\esetsmartinstaller_enu.exe
2013-11-26 22:24 - 2012-01-31 16:51 - 00064024 _____ C:\Users\sanderle\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 16:16 - 2013-11-26 16:16 - 00001430 _____ C:\Users\sanderle\AppData\Local\RecConfig.xml
2013-11-26 16:13 - 2013-11-26 16:13 - 02497825 _____ (No23) C:\Users\sanderle\Downloads\No23Recorder2103.exe
2013-11-25 11:29 - 2013-11-25 11:29 - 00762814 _____ C:\Users\sanderle\Downloads\ei_enseignement_superieur _recherche_cm (1)
2013-11-25 11:29 - 2013-11-25 11:29 - 00762814 _____ C:\Users\sanderle\Downloads\ei_enseignement_superieur _recherche_cm
2013-11-25 10:01 - 2013-11-25 10:01 - 00001203 _____ C:\Users\sanderle\Desktop\JRT.txt
2013-11-25 09:53 - 2013-11-25 09:53 - 01034531 _____ (Thisisu) C:\Users\sanderle\Downloads\JRT.exe
2013-11-25 09:49 - 2013-11-04 22:33 - 00000000 ____D C:\AdwCleaner
2013-11-25 09:47 - 2013-11-25 09:47 - 01091882 _____ C:\Users\sanderle\Downloads\adwcleaner.exe
2013-11-25 09:44 - 2010-11-21 04:47 - 00129974 _____ C:\windows\PFRO.log
2013-11-25 09:28 - 2013-11-25 09:25 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-25 09:27 - 2012-01-31 16:54 - 00000000 ___RD C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 09:26 - 2013-11-25 09:26 - 00001127 _____ C:\Users\sanderle\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\wangzhisong
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\Documents\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Local\Mobogenie
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\sanderle\AppData\Local\cache
2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 _____ C:\Users\sanderle\daemonprocess.txt
2013-11-25 09:26 - 2012-01-31 16:51 - 00000000 ____D C:\Users\sanderle
2013-11-25 09:24 - 2013-11-25 09:24 - 00602144 _____ C:\Users\sanderle\Downloads\Setup.exe
2013-11-22 13:05 - 2013-11-22 13:05 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-22 11:02 - 2013-11-22 11:02 - 00030742 _____ C:\ComboFix.txt
2013-11-22 11:02 - 2013-11-22 10:51 - 00000000 ____D C:\Qoobox
2013-11-22 11:01 - 2013-11-22 10:51 - 00000000 ____D C:\windows\erdnt
2013-11-22 11:00 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-22 10:51 - 2013-11-22 10:51 - 05147802 ____R (Swearware) C:\Users\sanderle\Downloads\ComboFix.exe
2013-11-22 10:45 - 2013-11-22 10:45 - 00000000 ____D C:\Users\sanderle\Desktop\ListeDienste
2013-11-22 10:31 - 2013-02-12 17:55 - 00000000 ____D C:\ProgramData\iolo
2013-11-19 19:26 - 2013-11-19 19:26 - 06186980 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (3).odp
2013-11-19 19:24 - 2013-11-19 19:24 - 00965500 _____ C:\Users\sanderle\Downloads\Pr__sentationTRAVAILseminaire_Argotologie.zip
2013-11-19 19:20 - 2013-11-19 19:20 - 06184926 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (2).odp
2013-11-19 19:19 - 2013-11-19 19:19 - 06184926 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856 (1).odp
2013-11-19 19:18 - 2013-11-19 19:17 - 06187007 _____ C:\Users\sanderle\Downloads\Sandra_Hanni_1137856.odp
2013-11-19 17:00 - 2013-11-19 17:00 - 00074703 _____ C:\windows\SysWOW64\mfc45.dat
2013-11-19 16:32 - 2013-11-19 16:32 - 00000000 ____D C:\FRST
2013-11-19 14:47 - 2013-11-19 14:47 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 14:47 - 2012-10-25 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 22:23 - 2013-11-18 22:22 - 00000000 ____D C:\Users\sanderle\Desktop\Neuer Ordner
2013-11-18 17:29 - 2013-11-18 17:29 - 00000000 ____D C:\windows\ERUNT
2013-11-18 17:01 - 2013-11-18 16:42 - 00000000 ____D C:\Users\sanderle\AppData\Roaming\Mipony
2013-11-18 16:54 - 2013-11-18 16:54 - 00000375 _____ C:\Users\sanderle\Desktop\Lexar (D) - Verknüpfung.lnk
2013-11-17 00:56 - 2013-02-12 18:46 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 13:52 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-11-15 15:22 - 2013-05-22 13:53 - 00000000 ____D C:\Program Files\My Dell
2013-11-15 15:22 - 2012-02-21 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-09 20:12 - 2013-11-09 20:12 - 00000000 ____D C:\Users\sanderle\Desktop\B_Sociolinguistiquecritique
2013-11-04 22:34 - 2012-01-31 16:54 - 00001003 _____ C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-04 22:14 - 2013-11-04 21:02 - 00000000 ____D C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-04 21:03 - 2013-11-04 21:03 - 00000000 _____ C:\autoexec.bat
2013-11-04 20:42 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-03 15:06 - 2009-07-14 05:45 - 00294168 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-03 12:50 - 2013-11-03 12:50 - 00000093 _____ C:\Users\sanderle\AppData\Roaming\WB.CFG
2013-11-03 12:50 - 2013-11-03 12:50 - 00000006 _____ C:\Users\sanderle\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 12:04 - 2013-02-12 18:45 - 00000000 ____D C:\Users\sanderle\AppData\Local\Google
2013-11-03 12:03 - 2013-11-03 12:03 - 00001132 _____ C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-11-03 12:02 - 2013-11-03 12:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-11-03 12:01 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Files to move or delete:
====================
C:\Users\sanderle\AppData\Local\Temp\iTunesHelper.vbe


Some content of TEMP:
====================
C:\Users\sanderle\AppData\Local\Temp\BackupSetup.exe
C:\Users\sanderle\AppData\Local\Temp\ICReinstall_nse1A79.tmp.exe
C:\Users\sanderle\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 19:54

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

soweit keine neuen Schwierigkeiten.
Lieben Dank :-)

schrauber · 28.11.2013, 13:31

Java updaten.

Zitat:

C:\Users\sanderle\Desktop\Neuer Ordner\Argotologie

Kennst Du den Inhalt und ist er sicher?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\hlyyrmrrvlmpjrk
C:\Users\sanderle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

lilli89 · 29.11.2013, 19:23

Hallo,

leider habe ich kleine Schwierigkeiten mit den Fixlist text, FRST findet ihn einfach nicht, habe das txt wie gesagt auf dem Desktop angespreichert dann kommt diese Nachricht

No fixlist found
the fixlist should be made and saved in the same direcotry the tool is located

Aja und nor 2 Sachen sind mir aufgefallen, keine Ahnung ob diese irgendwas mit den Viren zu Sache hat: mein Word arbeitet seit Kurzem langsamer vor allem wenn ich Aufträgen mit der rechten Maustaste mache und noch was
ich habe mit einen 2. Stick besorgt und habe ihn angeschlossen um Dateien zu speichern.
Jetzt erstelle er mir dauernd Verknüpfungen obwohl ich das nicht will, diese kann ich auch nicht mehr löschen. Das selbe Problem war beim ersten Stick auch obwohl ich mir da nicht sicher bin ob ich nicht irgendwas gedrückt habe.

Hmmm alles bisschen komisch für mich.
GLG
Lilli

schrauber · 30.11.2013, 16:57

Die fixlist liegt neben FRST? Rechtsklick auf die fixlist, Eigenschafte, was steht da?

fixlist oder fixlist.txt.txt?

lilli89 · 06.12.2013, 13:22

Ich habe sie mehrmals probiert auf dem Desktop abzuspeichern. FRST findet es nicht.
Bei den Eigenschaften steht fixlist.txt
Ich habe auch probiert es unter Programme in die File FRST zu speichern geht auch nicht.

hmm..

Lieben Gruß
Lilli

schrauber · 07.12.2013, 11:43

FRST ist bei dir nicth auf dem Desktop.

Zitat:

Running from C:\Users\sanderle\Downloads

30.11.2013, 16:57	#12
schrauber /// the machine /// TB-Ausbilder	PC und USB voll mit Viren! Ich werde sie nicht los Die fixlist liegt neben FRST? Rechtsklick auf die fixlist, Eigenschafte, was steht da? fixlist oder fixlist.txt.txt? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

PC und USB voll mit Viren! Ich werde sie nicht los

Log-Analyse und Auswertung: PC und USB voll mit Viren! Ich werde sie nicht los