Windows 7 gvu, pc gesperrt

joycelle · 28.04.2014, 11:04

Hallo ihr Lieben,

ich habe ein dickes Problem und bräuchte ganz dringend Hilfe. Mein Rechner ist gesperrt und ich kriege ihn noch nicht mal mehr im abgesicherten Modus richtig zum Laufen. Da steht zwischen durch was von gvu bla bla, bezahlen bla und dann wieder erscheint der Bildschirm weiß und es steht in blau, mittig "Konnte nicht geladen werden". Die Daten auf C sind lebenswichtig für mich, ich arbeite gerade an meiner Bachelorarbeit und 4wochen Arbeit wäre dann hinüber. Wäre unendlich dankbar wenn man das retten könnte. Habe leider keinen zweiten Rechner hier, schreibe vom Handy.

Danke!

M-K-D-B · 28.04.2014, 11:05

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Du brauchst einen anderen, sauberen Rechner (Nachbar, Freunde, Bekannte) und einen USB-Stick, dann kann ich dir helfen.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

joycelle · 28.04.2014, 12:01

Hallo Matthias! Danke das du mir helfen möchtest!
Hab Glück im Unglück. Meine Nachbarin konnte mir ihren Laptop zur Verfügung stellen für 2 Std.
Ich brauche die Daten die auf C sind. Ich hoffe sehr das man die noch retten kann. Danke!

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-0V300CI on 28-04-2014 12:31:21
Running from K:\
Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU_MVP_AUTORUN] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3010336 2012-02-05] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Lila\...\Run: [Google Update] => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-12] (Google Inc.)
HKU\Lila\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] ()
HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION 
AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [475424 2012-02-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [429856 2012-02-05] (Lucidlogix Inc.)
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> H:\down\priester\priester.exe ()
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1908520 2007-09-07] (Wacom Technology, Corp.)
S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2014-02-17] (Microsoft)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2004-07-08] ()
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-28] ()
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 10:50 - 2014-04-28 10:53 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-28 10:41 - 2014-04-28 10:41 - 00696696 _____ () C:\Users\Lila\AppData\Roaming\loadit.exe
2014-04-27 19:09 - 2014-04-27 21:15 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-26 16:36 - 2014-04-27 20:05 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-25 20:55 - 2014-04-25 20:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 20:53 - 2014-04-25 21:06 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 20:53 - 2014-04-25 21:05 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 20:45 - 2014-04-25 20:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2014-04-25 20:45 - 2014-04-25 20:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy
2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-25 20:44 - 2014-04-25 20:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe
2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-16 19:37 - 2014-04-16 19:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 19:34 - 2014-04-26 14:33 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-15 13:21 - 2014-04-16 22:35 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-15 12:00 - 2014-04-15 12:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd
2014-04-15 09:39 - 2014-04-15 09:40 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-12 20:23 - 2014-04-12 20:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 21:45 - 2014-04-09 21:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 18:53 - 2014-04-15 09:39 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-09 18:11 - 2014-04-16 19:35 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-09 18:11 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-09 12:27 - 2014-04-23 12:32 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-09 12:04 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-09 12:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-09 12:04 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 12:04 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 12:04 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-09 12:04 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-09 12:04 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-09 12:04 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-09 12:04 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-09 12:04 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 12:04 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 12:04 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 12:04 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 12:04 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 12:04 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 12:04 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-09 12:04 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-09 12:04 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-09 12:04 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-09 12:04 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 12:04 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-06 17:45 - 2014-04-06 17:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt

==================== One Month Modified Files and Folders =======

2014-04-28 12:31 - 2013-08-12 10:15 - 00000000 ____D () C:\FRST
2014-04-28 10:53 - 2014-04-28 10:50 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-28 10:53 - 2013-08-12 21:58 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 10:53 - 2013-03-01 17:40 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-04-28 10:53 - 2013-03-01 17:38 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-28 10:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 10:53 - 2009-07-14 05:56 - 00076661 _____ () C:\Windows\setupact.log
2014-04-28 10:51 - 2013-06-12 12:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job
2014-04-28 10:49 - 2011-04-12 09:14 - 00699258 _____ () C:\Windows\System32\perfh007.dat
2014-04-28 10:49 - 2011-04-12 09:14 - 00149398 _____ () C:\Windows\System32\perfc007.dat
2014-04-28 10:49 - 2009-07-14 06:12 - 01619976 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-28 10:48 - 2013-03-01 17:30 - 01207032 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 10:48 - 2010-11-21 04:47 - 00353938 _____ () C:\Windows\PFRO.log
2014-04-28 10:48 - 2009-07-14 05:50 - 00020112 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 10:48 - 2009-07-14 05:50 - 00020112 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 10:41 - 2014-04-28 10:41 - 00696696 _____ () C:\Users\Lila\AppData\Roaming\loadit.exe
2014-04-28 10:41 - 2013-03-07 19:46 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE5A86A8-D88D-40C8-AA45-438AD91DF71B}
2014-04-28 10:36 - 2013-05-02 19:01 - 00000000 ____D () C:\Users\Lila\AppData\Local\CrashDumps
2014-04-28 10:36 - 2013-03-22 20:17 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\UseNeXT
2014-04-28 10:15 - 2013-08-12 21:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 21:15 - 2014-04-27 19:09 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-27 21:15 - 2014-03-24 11:48 - 00000000 ____D () C:\Users\Lila\Desktop\karten
2014-04-27 21:15 - 2013-12-22 17:22 - 00002076 _____ () C:\Users\Lila\Desktop\musii.txt
2014-04-27 20:05 - 2014-04-26 16:36 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-26 15:26 - 2013-03-01 17:38 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-26 14:33 - 2014-04-16 19:34 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-25 21:42 - 2013-05-15 19:43 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\vlc
2014-04-25 21:06 - 2014-04-25 20:53 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 21:05 - 2014-04-25 20:53 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 20:55 - 2014-04-25 20:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 20:55 - 2013-03-03 15:01 - 00000000 ____D () C:\Users\Lila\Documents\My Games
2014-04-25 20:48 - 2013-08-13 18:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-25 20:48 - 2013-03-05 14:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-25 20:45 - 2014-04-25 20:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2014-04-25 20:45 - 2014-04-25 20:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy
2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-25 20:44 - 2014-04-25 20:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe
2014-04-25 20:27 - 2013-03-09 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-23 12:32 - 2014-04-09 12:27 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-23 11:50 - 2013-12-11 11:48 - 00000576 _____ () C:\Users\Lila\Desktop\film.txt
2014-04-16 22:35 - 2014-04-15 13:21 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-16 19:38 - 2013-03-01 19:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-16 19:37 - 2014-04-16 19:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 19:37 - 2013-03-01 19:47 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Adobe
2014-04-16 19:35 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-15 12:00 - 2014-04-15 12:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher
2014-04-15 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 09:40 - 2014-04-15 09:39 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-15 09:39 - 2014-04-09 18:53 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-12 20:25 - 2013-04-06 15:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-12 20:23 - 2014-04-12 20:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 22:28 - 2013-09-02 14:59 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-09 22:28 - 2013-03-01 17:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-09 21:45 - 2014-04-09 21:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 18:58 - 2013-10-30 00:04 - 00000000 ____D () C:\Users\Lila\AppData\Local\Windows Live
2014-04-09 18:11 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-06 17:45 - 2014-04-06 17:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt
2014-04-06 01:51 - 2013-06-12 12:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job
2014-04-06 01:46 - 2013-06-12 12:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA
2014-04-06 01:46 - 2013-06-12 12:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core
2014-04-05 20:10 - 2013-08-12 21:58 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 20:10 - 2013-08-12 21:58 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 08:35 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-31 02:16 - 2014-04-09 12:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-31 02:13 - 2014-04-09 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-31 01:13 - 2014-04-09 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 00:57 - 2014-04-09 12:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

Some content of TEMP:
====================
C:\Users\Lila\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\Temp\_is44BD.exe
C:\Users\Lila\AppData\Local\Temp\_is7458.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-04-09 12:04:21
Restore point made on: 2014-04-09 22:28:11
Restore point made on: 2014-04-15 09:11:28
Restore point made on: 2014-04-16 19:38:05
Restore point made on: 2014-04-22 20:34:36
Restore point made on: 2014-04-25 20:45:40
Restore point made on: 2014-04-25 20:45:45
Restore point made on: 2014-04-25 20:46:25
Restore point made on: 2014-04-25 20:48:20

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16268.42 MB
Available physical RAM: 15080.25 MB
Total Pagefile: 16266.62 MB
Available Pagefile: 15076.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:14.79 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Ablage) (Fixed) (Total:10 GB) (Free:1.32 GB) NTFS
Drive f: (Datensammlung) (Fixed) (Total:50.01 GB) (Free:7.45 GB) NTFS
Drive g: (Musik) (Fixed) (Total:100.01 GB) (Free:94.05 GB) NTFS
Drive h: (Down) (Fixed) (Total:305.74 GB) (Free:57.88 GB) NTFS
Drive k: (LILA) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Volume) (Fixed) (Total:931.51 GB) (Free:752.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E792C529)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 862E84D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 086D086C)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=05)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: 23BEEECB)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2014-04-23 14:23

==================== End Of Log ============================

--- --- ---

--- --- ---

M-K-D-B · 28.04.2014, 12:35

Servus,

ok, deine Daten sollten nicht gefährdet sein.

Zuerst müssen wir auf einem sauberen Rechner den Fix erstellen. Das geht so:
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] ()
HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION 
C:\Users\Lila\AppData\Roaming\loadit.exe
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Bitte berichte mir, ob du nach dem Fix deinen Rechner wieder normal starten kannst!
Wir sind dann aber noch nicht fertig!

joycelle · 28.04.2014, 12:57

Der Rechner ist jetzt problemlos hochgefahren!!

Vielen Dank schon Mal bis hier hin!!!

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by SYSTEM at 2014-04-28 13:52:58 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] ()
HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION 
C:\Users\Lila\AppData\Roaming\loadit.exe
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
end
*****************

HKU\Lila\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\Lila\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Lila\AppData\Roaming\loadit.exe => Moved successfully.
C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk ->  (No File) not found.

==== End of Fixlog ====

M-K-D-B · 28.04.2014, 12:59

Servus,

sehr gut.

ok, damit ich einen besseren Überblick bekomme, FRST direkt vom infizierten Rechner auf den Desktop downloaden und von dort neu starten:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

joycelle · 28.04.2014, 13:24

Alles gefunden =)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Lila (administrator) on LEX on 28-04-2014 14:16:21
Running from C:\Users\Lila\Desktop
Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU_MVP_AUTORUN] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3010336 2012-02-05] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2891719752-1434430305-2529905461-1000\...\Run: [Google Update] => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-12] (Google Inc.)
HKU\S-1-5-21-2891719752-1434430305-2529905461-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [475424 2012-02-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [429856 2012-02-05] (Lucidlogix Inc.)
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> H:\down\priester\priester.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x62D184D6A816CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lila\AppData\Roaming\Mozilla\Firefox\Profiles\jraj9lj2.default
FF Homepage: www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lila\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lila\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Lila\AppData\Roaming\Mozilla\Firefox\Profiles\jraj9lj2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Lila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google-Suche) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-11]
CHR Extension: (Google Wallet) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]

==================== Services (Whitelisted) =================

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1908520 2007-09-07] (Wacom Technology, Corp.)
R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2014-02-17] (Microsoft)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2004-07-08] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-28] ()
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 14:16 - 2014-04-28 14:16 - 00015215 _____ () C:\Users\Lila\Desktop\FRST.txt
2014-04-28 14:15 - 2014-04-28 14:15 - 00030209 _____ () C:\Users\Lila\Downloads\FRST.txt
2014-04-28 14:12 - 2014-04-28 14:12 - 02061824 _____ (Farbar) C:\Users\Lila\Desktop\FRST64.exe
2014-04-28 14:06 - 2014-04-28 14:06 - 00613200 _____ (Chip Digital GmbH) C:\Users\Lila\Downloads\Revo Uninstaller - CHIP-Downloader.exe
2014-04-28 11:50 - 2014-04-28 14:14 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-27 20:09 - 2014-04-27 22:15 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-26 17:36 - 2014-04-27 21:05 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-25 21:55 - 2014-04-25 21:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 21:53 - 2014-04-25 22:06 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 21:53 - 2014-04-25 22:05 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 21:45 - 2014-04-25 21:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-25 21:45 - 2014-04-25 21:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-25 21:44 - 2014-04-25 21:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe
2014-04-23 18:00 - 2014-04-23 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-16 20:37 - 2014-04-16 20:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 20:34 - 2014-04-26 15:33 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-15 14:21 - 2014-04-16 23:35 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-15 13:00 - 2014-04-15 13:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd
2014-04-15 10:39 - 2014-04-15 10:40 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-12 21:23 - 2014-04-12 21:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 22:45 - 2014-04-09 22:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 19:53 - 2014-04-15 10:39 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-09 19:11 - 2014-04-16 20:35 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-09 19:11 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-09 13:27 - 2014-04-23 13:32 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-09 13:04 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 13:04 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 13:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 13:04 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:04 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:04 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:04 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:04 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:04 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:04 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:04 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:04 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:04 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:04 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:04 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:04 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 18:45 - 2014-04-06 18:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt

==================== One Month Modified Files and Folders =======

2014-04-28 14:52 - 2013-03-01 18:30 - 00000000 ___RD () C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 14:16 - 2014-04-28 14:16 - 00015215 _____ () C:\Users\Lila\Desktop\FRST.txt
2014-04-28 14:16 - 2013-08-12 11:15 - 00000000 ____D () C:\FRST
2014-04-28 14:15 - 2014-04-28 14:15 - 00030209 _____ () C:\Users\Lila\Downloads\FRST.txt
2014-04-28 14:15 - 2013-08-12 22:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 14:14 - 2014-04-28 11:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-28 14:14 - 2013-08-12 22:58 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 14:14 - 2013-03-01 18:40 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-28 14:14 - 2013-03-01 18:38 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-28 14:14 - 2013-03-01 18:37 - 00065184 _____ () C:\Users\Lila\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 14:14 - 2013-03-01 18:30 - 01230271 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 14:14 - 2010-11-21 05:47 - 00355046 _____ () C:\Windows\PFRO.log
2014-04-28 14:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 14:14 - 2009-07-14 06:56 - 00076829 _____ () C:\Windows\setupact.log
2014-04-28 14:14 - 2009-07-14 06:50 - 03031920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-28 14:12 - 2014-04-28 14:12 - 02061824 _____ (Farbar) C:\Users\Lila\Desktop\FRST64.exe
2014-04-28 14:09 - 2013-03-05 15:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-28 14:08 - 2013-03-05 15:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-28 14:08 - 2013-03-01 20:47 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Adobe
2014-04-28 14:08 - 2013-03-01 20:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-28 14:06 - 2014-04-28 14:06 - 00613200 _____ (Chip Digital GmbH) C:\Users\Lila\Downloads\Revo Uninstaller - CHIP-Downloader.exe
2014-04-28 14:06 - 2014-02-17 15:33 - 00001268 _____ () C:\Users\Lila\Desktop\Revo Uninstaller.lnk
2014-04-28 14:06 - 2014-02-17 15:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 14:01 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 14:01 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 14:00 - 2011-04-12 10:14 - 00699258 _____ () C:\Windows\system32\perfh007.dat
2014-04-28 14:00 - 2011-04-12 10:14 - 00149398 _____ () C:\Windows\system32\perfc007.dat
2014-04-28 14:00 - 2009-07-14 07:12 - 01619976 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 11:51 - 2013-06-12 13:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job
2014-04-28 11:41 - 2013-03-07 20:46 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE5A86A8-D88D-40C8-AA45-438AD91DF71B}
2014-04-28 11:36 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Lila\AppData\Local\CrashDumps
2014-04-28 11:36 - 2013-03-22 21:17 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\UseNeXT
2014-04-27 22:15 - 2014-04-27 20:09 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-27 22:15 - 2014-03-24 12:48 - 00000000 ____D () C:\Users\Lila\Desktop\karten
2014-04-27 22:15 - 2013-12-22 18:22 - 00002076 _____ () C:\Users\Lila\Desktop\musii.txt
2014-04-27 21:05 - 2014-04-26 17:36 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-26 16:26 - 2013-03-01 18:38 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-26 15:33 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-25 22:42 - 2013-05-15 20:43 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\vlc
2014-04-25 22:06 - 2014-04-25 21:53 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 22:05 - 2014-04-25 21:53 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 21:58 - 2013-08-30 23:52 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-25 21:55 - 2014-04-25 21:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 21:55 - 2013-03-03 16:01 - 00000000 ____D () C:\Users\Lila\Documents\My Games
2014-04-25 21:45 - 2014-04-25 21:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-25 21:45 - 2014-04-25 21:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-25 21:44 - 2014-04-25 21:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe
2014-04-25 21:27 - 2013-03-09 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 18:00 - 2014-04-23 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-23 13:32 - 2014-04-09 13:27 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-23 12:50 - 2013-12-11 12:48 - 00000576 _____ () C:\Users\Lila\Desktop\film.txt
2014-04-16 23:35 - 2014-04-15 14:21 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-16 20:37 - 2014-04-16 20:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 20:35 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-15 13:00 - 2014-04-15 13:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd
2014-04-15 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 10:40 - 2014-04-15 10:39 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-15 10:39 - 2014-04-09 19:53 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-12 21:25 - 2013-04-06 16:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-12 21:23 - 2014-04-12 21:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 23:28 - 2013-09-02 15:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:28 - 2013-03-01 18:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 22:45 - 2014-04-09 22:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 19:58 - 2013-10-30 01:04 - 00000000 ____D () C:\Users\Lila\AppData\Local\Windows Live
2014-04-09 19:11 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-06 18:45 - 2014-04-06 18:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt
2014-04-06 02:51 - 2013-06-12 13:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job
2014-04-06 02:46 - 2013-06-12 13:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA
2014-04-06 02:46 - 2013-06-12 13:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core
2014-04-05 21:10 - 2013-08-12 22:58 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 21:10 - 2013-08-12 22:58 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:16 - 2014-04-09 13:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

Some content of TEMP:
====================
C:\Users\Lila\AppData\Local\temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\temp\_is44BD.exe
C:\Users\Lila\AppData\Local\temp\_is7458.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 15:23

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Lila at 2014-04-28 14:31:50
Running from C:\Users\Lila\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.43 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Age of Mythology Gold (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2200 series Benutzerregistrierung (HKLM-x32\...\Canon MG2200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Poster Printer (HKLM-x32\...\{1B5979B5-FE79-405A-A023-592DCE48C522}) (Version: 6.0.0 - GD Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{F5A3E880-A737-48F2-A124-6F5D4CEA6AB4}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Poker 770 (HKLM-x32\...\Poker 770) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PreFlopper (HKLM-x32\...\{021A87FA-0D44-4B5F-8791-FFFD359849BD}) (Version: 2.1.0 - None provided)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Cases The Tarot Card Mystery 1.00 (HKLM-x32\...\Strange Cases The Tarot Card Mystery 1.00) (Version:  - )
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIRTU MVP 2.1.110 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.110 - Lucidlogix Technologies LTD)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

09-04-2014 11:04:18 Windows Update
09-04-2014 21:28:09 Windows Update
15-04-2014 08:11:25 Windows Update
16-04-2014 18:38:02 Installed Adobe Photoshop Lightroom 3.4 64-bit.
22-04-2014 19:34:33 Windows Update
25-04-2014 19:45:37 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
25-04-2014 19:45:42 Uniblue SpeedUpMyPC installation
25-04-2014 19:46:23 Removed calibre
25-04-2014 19:48:18 Removed Adobe Photoshop Lightroom 3.4 64-bit.


==================== Scheduled Tasks (whitelisted) =============

Task: {499293DA-FE23-4A1E-AAC9-00C29E2E3A9C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {52DB3FE1-FD35-49AE-A798-A031751E05F0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {79B1D23E-D9E5-44CA-B2B4-EE322E0F6FB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: {9227EDEB-5C17-43F6-AF4C-1B3E91416116} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B229787E-BCF3-4D1A-AA7B-C6ABD462F7B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {BC85140D-8E5D-475E-BB44-5CA5C0F02BF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {CEA0F661-E4EF-4B0C-8174-747271058321} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-04-06 16:37 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-03-01 18:38 - 2012-02-07 18:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 17:26 - 2012-02-09 17:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2013-03-01 18:34 - 2012-01-05 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-01 18:40 - 2012-02-05 14:36 - 03010336 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
2013-03-01 18:40 - 2012-02-05 14:36 - 00139552 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll
2013-08-31 13:00 - 2013-06-06 04:09 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 13:53 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-02-13 16:15 - 2014-02-13 16:15 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-03-01 18:36 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-01 18:37 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Personal ID => C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 02:16:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:14:57 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 02:14:55 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 01:56:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 01:54:38 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:54:35 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:54:35 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 01:45:34 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:45:31 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:45:30 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (04/28/2014 02:28:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/28/2014 02:14:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 01:54:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 01:45:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 00:07:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/28/2014 00:07:11 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (04/28/2014 00:07:08 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
AsrAppCharger
CSC
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error: (04/28/2014 00:07:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/28/2014 00:07:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/28/2014 00:07:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (04/28/2014 02:16:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:14:57 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 02:14:55 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 01:56:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 01:54:38 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:54:35 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:54:35 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 01:45:34 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:45:31 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 01:45:30 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.420
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 16268.42 MB
Available physical RAM: 13920.61 MB
Total Pagefile: 32535.02 MB
Available Pagefile: 29833.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:22.28 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:749.38 GB) NTFS
Drive e: (Ablage) (Fixed) (Total:10 GB) (Free:1.32 GB) NTFS
Drive f: (Datensammlung) (Fixed) (Total:50.01 GB) (Free:7.45 GB) NTFS
Drive g: (Musik) (Fixed) (Total:100.01 GB) (Free:94.05 GB) NTFS
Drive h: (Down) (Fixed) (Total:305.74 GB) (Free:58.05 GB) NTFS
Drive j: (AoE3 Complete) (CDROM) (Total:5.69 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 862E84D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E792C529)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 086D086C)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=05)

==================== End Of Log ============================

M-K-D-B · 28.04.2014, 13:54

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

joycelle · 28.04.2014, 14:23

Ich kann Adwcleaner nicht runterladen.
Der Bildschirm von der Seite wird immer weiß wenn ich es downloaden will.
Ich habe mit NOD 32 ein Scan gemacht und was gefunden und mit Antimalware auch.
Hast du einen anderen link für Adw? Soll ich schon die Logdatei von frst erstellen?

Hier der NOD Log:

Code:

ATTFilter

Log
Version der Signaturdatenbank: 9731 (20140428)
Datum: 28.04.2014  Uhrzeit: 14:49:21
Geprüfte Laufwerke, Ordner und Dateien: C:\
C:\hiberfil.sys - Fehler beim Öffnen  [4]
C:\pagefile.sys - Fehler beim Öffnen  [4]
C:\_OTL\MovedFiles\05162013_171352\C_Users\Lila\AppData\Local\Temp\SPStub.exe - Win32/Conduit.SearchProtect.J evtl. unerwünschte Anwendung - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
C:\FRST\Quarantine\C\Users\Lila\AppData\Roaming\loadit.exe.xBAD - Win32/LockScreen.BEI Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert [1]
C:\Program Files\WinRAR\Default.SFX = WINRARSFX - Archiv beschädigt
C:\Program Files\WinRAR\Zip.SFX = WINRARSFX - Archiv beschädigt
C:\Program Files (x86)\Games\Strange Cases The Tarot Card Mystery\StrangeCases.exe = Armadillo - Fehler beim Entpacken
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe - MSIL/Agent.ONS Trojaner - Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert [1,2]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - Fehler beim Öffnen  [4]
C:\System Volume Information\Syscache.hve - Fehler beim Öffnen  [4]
C:\System Volume Information\Syscache.hve.LOG1 - Fehler beim Öffnen  [4]
C:\System Volume Information\Syscache.hve.LOG2 - Fehler beim Öffnen  [4]
C:\System Volume Information\{0118318c-bfd6-11e3-9ddb-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{0118346d-bfd6-11e3-9ddb-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{17f41845-c593-11e3-bd3c-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{7700713d-ca54-11e3-ba36-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{aa864517-ccaf-11e3-a4ef-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{aa86451e-ccaf-11e3-a4ef-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{aa864546-ccaf-11e3-a4ef-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{aa864556-ccaf-11e3-a4ef-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{e1c07696-c474-11e3-82fa-bc5ff46c2d53}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Windows\Time\Time-svc.exe - MSIL/Agent.ONS Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert [1]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - Fehler beim Öffnen  [4]
C:\Users\Lila\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Users\Lila\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Lila\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Current Session - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\UsrClass.dat - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\WebCacheLock.dat - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2Y2ISO4\id_60_full_default[1].swf = CWS = file.swf - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2Y2ISO4\loadit[1].exe - Win32/LockScreen.BEI Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert [1]
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUE9437Y\SpeedUpMyPC-standalone-setup[1].exe = INNO = {app}\speedupmypc.exe - Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUE9437Y\SpeedUpMyPC-standalone-setup[1].exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\Microsoft\Windows\WebCache\V01.log - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - Fehler beim Öffnen  [4]
C:\Users\Lila\AppData\Local\temp\136fo8Hg.exe.part = NSIS = Script.nsi - Win32/AdWare.1ClickDownload.AR Anwendung
C:\Users\Lila\AppData\Local\temp\qiN0hxZ6.exe.part = NSIS = Script.nsi - Win32/AdWare.1ClickDownload.AR Anwendung
C:\Users\Lila\AppData\Local\temp\is-37MJ2.tmp\SpeedUpMyPC-standalone-setup.exe = INNO = {app}\speedupmypc.exe - Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\temp\is-37MJ2.tmp\SpeedUpMyPC-standalone-setup.exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\temp\OCS\ocs_v71a.exe - Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
C:\Users\Lila\AppData\Roaming\OpenCandy\8B6763FF1FA84566BE14FB86FC3F733D\speedupmypcDE.exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\Downloads\DTLite4491-0356.exe = NSIS = Script.nsi - Win32/DownWare.L evtl. unerwünschte Anwendung
C:\Users\Lila\Downloads\Revo Uninstaller - CHIP-Downloader.exe - Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e752d9488f0aefd6b9636da4dcbb91842858b78a.HomeGroupClassifier\59b8a1c7ca09d32911b9ddccc169e1c8\grouping\db.mdb - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e752d9488f0aefd6b9636da4dcbb91842858b78a.HomeGroupClassifier\59b8a1c7ca09d32911b9ddccc169e1c8\grouping\edb.log - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e752d9488f0aefd6b9636da4dcbb91842858b78a.HomeGroupClassifier\59b8a1c7ca09d32911b9ddccc169e1c8\grouping\tmp.edb - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - Fehler beim Öffnen  [4]
C:\Windows\System32\log.txt - Fehler beim Öffnen  [4]
C:\Windows\System32\catroot2\edb.log - Fehler beim Öffnen  [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - Fehler beim Öffnen  [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - Fehler beim Öffnen  [4]
C:\Windows\SysWOW64\log.txt - Fehler beim Öffnen  [4]
C:\_OTL\MovedFiles\05162013_171352\C_Users\Lila\AppData\Local\Temp\SPStub.exe - Win32/Conduit.SearchProtect.J evtl. unerwünschte Anwendung - Gesäubert durch Löschen - in Quarantäne kopiert [1]
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUE9437Y\SpeedUpMyPC-standalone-setup[1].exe = INNO = {app}\speedupmypc.exe - Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUE9437Y\SpeedUpMyPC-standalone-setup[1].exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\temp\is-37MJ2.tmp\SpeedUpMyPC-standalone-setup.exe = INNO = {app}\speedupmypc.exe - Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\temp\is-37MJ2.tmp\SpeedUpMyPC-standalone-setup.exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\AppData\Local\temp\OCS\ocs_v71a.exe - Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung - Gesäubert durch Löschen - in Quarantäne kopiert [1]
C:\Users\Lila\AppData\Roaming\OpenCandy\8B6763FF1FA84566BE14FB86FC3F733D\speedupmypcDE.exe = INNO = script_decompiled.pas - Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung
C:\Users\Lila\Downloads\DTLite4491-0356.exe = NSIS = Script.nsi - Win32/DownWare.L evtl. unerwünschte Anwendung
C:\Users\Lila\Downloads\Revo Uninstaller - CHIP-Downloader.exe - Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung - Gesäubert durch Löschen - in Quarantäne kopiert [1]
Geprüfte Objekte: 140867
Erkannte Bedrohungen: 15
Anzahl gesäuberter Objekte: 15
Abgeschlossen: 14:58:38  Benötigte Zeit: 557 Sek. (00:09:17)

Hinweise:
[1] Objekt wurde gelöscht. Es enthielt ausschließlich Viruscode.
[2] Objekt ist in Benutzung (geöffnet oder wird ausgeführt). Zum Säubern muss der Computer neu gestartet werden.
[4] Objekt kann nicht geöffnet werden. Möglicherweise in Benutzung durch eine andere Anwendung oder das Betriebssystem.

und hier der von AntiMalware:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.04.2014
Suchlauf-Zeit: 15:15:10
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.28.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lila

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 262884
Verstrichene Zeit: 11 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.OpenCandy, C:\Users\Lila\AppData\Roaming\OpenCandy, In Quarantäne, [f60aaf518779c33d32f2b6aebd45a35d], 
PUP.Optional.OpenCandy, C:\Users\Lila\AppData\Roaming\OpenCandy\8B6763FF1FA84566BE14FB86FC3F733D, In Quarantäne, [f60aaf518779c33d32f2b6aebd45a35d], 

Dateien: 1
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe, In Quarantäne, [5ea280803fc16f913546b8f58f74c23e], 

Physische Sektoren: 0
(No malicious items detected)


(end)

M-K-D-B · 28.04.2014, 16:41

Servus,

AdwCleaner dann von hier downloaden und wie beschrieben ausführen.

joycelle · 28.04.2014, 16:54

Hier nun auch der AdwCleaner-Log

Code:

ATTFilter

# AdwCleaner v3.205 - Bericht erstellt am 28/04/2014 um 17:49:39
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : Lila - LEX
# Gestartet von : C:\Users\Lila\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lila\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Lila\AppData\Roaming\Mozilla\Firefox\Profiles\jraj9lj2.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1303 octets] - [28/04/2014 17:48:21]
AdwCleaner[S0].txt - [1124 octets] - [28/04/2014 17:49:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1184 octets] ##########

M-K-D-B · 28.04.2014, 16:59

Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

Wie läuft der Rechner derzeit?

joycelle · 28.04.2014, 17:42

Läuft ganz okay, macht kein Probleme. Ist das denn jetzt weg? Gab ja noch massig Funde insgesamt. Hatte total vergessen das mein Antivirusprogramm abgelaufen ist =(

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Lila (administrator) on LEX on 28-04-2014 18:34:39
Running from C:\Users\Lila\Desktop
Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\vsta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lila\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU_MVP_AUTORUN] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3010336 2012-02-05] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2891719752-1434430305-2529905461-1000\...\Run: [Google Update] => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-12] (Google Inc.)
HKU\S-1-5-21-2891719752-1434430305-2529905461-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [475424 2012-02-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [429856 2012-02-05] (Lucidlogix Inc.)
Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> H:\down\priester\priester.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x62D184D6A816CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lila\AppData\Roaming\Mozilla\Firefox\Profiles\jraj9lj2.default
FF Homepage: www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lila\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lila\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Lila\AppData\Roaming\Mozilla\Firefox\Profiles\jraj9lj2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-04-28]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-04-28]

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Lila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-12]
CHR Extension: (Google Drive) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (YouTube) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-12]
CHR Extension: (Google-Suche) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-11]
CHR Extension: (Google Wallet) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Lila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-12]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1908520 2007-09-07] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [X]

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2004-07-08] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-28] ()
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 17:48 - 2014-04-28 17:49 - 00000000 ____D () C:\AdwCleaner
2014-04-28 17:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-28 17:47 - 2014-04-28 17:47 - 01310283 _____ () C:\Users\Lila\Desktop\adwcleaner.exe
2014-04-28 15:17 - 2014-04-28 15:17 - 00001479 _____ () C:\Users\Lila\Desktop\mbam.txt
2014-04-28 15:01 - 2014-04-28 17:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 15:01 - 2014-04-28 15:01 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 15:01 - 2014-04-28 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-28 15:01 - 2014-04-28 15:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-28 15:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-28 15:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-28 15:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-28 15:00 - 2014-04-28 15:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lila\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-28 14:31 - 2014-04-28 18:19 - 00033152 _____ () C:\Users\Lila\Desktop\Addition.txt
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\ProgramData\ESET
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\Program Files\ESET
2014-04-28 14:27 - 2014-04-28 14:27 - 01581384 _____ (ESET) C:\Users\Lila\Downloads\eset_smart_security_live_installer_.exe
2014-04-28 14:16 - 2014-04-28 18:34 - 00017360 _____ () C:\Users\Lila\Desktop\FRST.txt
2014-04-28 14:15 - 2014-04-28 14:15 - 00030209 _____ () C:\Users\Lila\Downloads\FRST.txt
2014-04-28 14:12 - 2014-04-28 14:12 - 02061824 _____ (Farbar) C:\Users\Lila\Desktop\FRST64.exe
2014-04-28 11:50 - 2014-04-28 17:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-27 20:09 - 2014-04-28 14:54 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-26 17:36 - 2014-04-27 21:05 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-25 21:55 - 2014-04-25 21:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 21:53 - 2014-04-25 22:06 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 21:53 - 2014-04-25 22:05 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 21:45 - 2014-04-25 21:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-25 21:45 - 2014-04-25 21:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-23 18:00 - 2014-04-23 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-16 20:37 - 2014-04-16 20:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 20:34 - 2014-04-26 15:33 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-15 14:21 - 2014-04-16 23:35 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-15 13:00 - 2014-04-15 13:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd
2014-04-15 10:39 - 2014-04-15 10:40 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-12 21:23 - 2014-04-12 21:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 22:45 - 2014-04-09 22:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 19:53 - 2014-04-15 10:39 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-09 19:11 - 2014-04-16 20:35 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-09 19:11 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-09 13:27 - 2014-04-23 13:32 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-09 13:04 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 13:04 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 13:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 13:04 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:04 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:04 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:04 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:04 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:04 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:04 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:04 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:04 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:04 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:04 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:04 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:04 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:04 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 18:45 - 2014-04-06 18:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt

==================== One Month Modified Files and Folders =======

2014-04-28 18:34 - 2014-04-28 14:16 - 00017360 _____ () C:\Users\Lila\Desktop\FRST.txt
2014-04-28 18:34 - 2013-08-12 11:15 - 00000000 ____D () C:\FRST
2014-04-28 18:19 - 2014-04-28 14:31 - 00033152 _____ () C:\Users\Lila\Desktop\Addition.txt
2014-04-28 18:15 - 2013-08-12 22:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 17:57 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 17:57 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 17:55 - 2011-04-12 10:14 - 00699258 _____ () C:\Windows\system32\perfh007.dat
2014-04-28 17:55 - 2011-04-12 10:14 - 00149398 _____ () C:\Windows\system32\perfc007.dat
2014-04-28 17:55 - 2009-07-14 07:12 - 01619976 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 17:51 - 2013-06-12 13:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job
2014-04-28 17:50 - 2014-04-28 15:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 17:50 - 2014-04-28 11:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-28 17:50 - 2013-08-12 22:58 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 17:50 - 2013-03-01 18:40 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-28 17:50 - 2013-03-01 18:38 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-28 17:50 - 2013-03-01 18:30 - 01306994 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 17:50 - 2010-11-21 05:47 - 00357004 _____ () C:\Windows\PFRO.log
2014-04-28 17:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 17:50 - 2009-07-14 06:56 - 00076997 _____ () C:\Windows\setupact.log
2014-04-28 17:49 - 2014-04-28 17:48 - 00000000 ____D () C:\AdwCleaner
2014-04-28 17:48 - 2013-08-14 23:07 - 00000000 ____D () C:\Users\Lila\Documents\Visual Studio 2005
2014-04-28 17:47 - 2014-04-28 17:47 - 01310283 _____ () C:\Users\Lila\Desktop\adwcleaner.exe
2014-04-28 16:26 - 2013-03-01 18:38 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-28 15:17 - 2014-04-28 15:17 - 00001479 _____ () C:\Users\Lila\Desktop\mbam.txt
2014-04-28 15:17 - 2013-08-14 23:07 - 00000000 ____D () C:\Users\Lila\AppData\Local\Microsoft Help
2014-04-28 15:15 - 2013-08-12 13:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-28 15:01 - 2014-04-28 15:01 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 15:01 - 2014-04-28 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-28 15:01 - 2014-04-28 15:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-28 15:01 - 2013-05-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 15:00 - 2014-04-28 15:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lila\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-28 14:54 - 2014-04-27 20:09 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher
2014-04-28 14:52 - 2013-03-01 18:30 - 00000000 ___RD () C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\ProgramData\ESET
2014-04-28 14:28 - 2014-04-28 14:28 - 00000000 ____D () C:\Program Files\ESET
2014-04-28 14:27 - 2014-04-28 14:27 - 01581384 _____ (ESET) C:\Users\Lila\Downloads\eset_smart_security_live_installer_.exe
2014-04-28 14:15 - 2014-04-28 14:15 - 00030209 _____ () C:\Users\Lila\Downloads\FRST.txt
2014-04-28 14:14 - 2013-03-01 18:37 - 00065184 _____ () C:\Users\Lila\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 14:14 - 2009-07-14 06:50 - 03031920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-28 14:12 - 2014-04-28 14:12 - 02061824 _____ (Farbar) C:\Users\Lila\Desktop\FRST64.exe
2014-04-28 14:09 - 2013-03-05 15:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-28 14:08 - 2013-03-05 15:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-28 14:08 - 2013-03-01 20:47 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Adobe
2014-04-28 14:08 - 2013-03-01 20:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-28 14:06 - 2014-02-17 15:33 - 00001268 _____ () C:\Users\Lila\Desktop\Revo Uninstaller.lnk
2014-04-28 14:06 - 2014-02-17 15:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 11:41 - 2013-03-07 20:46 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE5A86A8-D88D-40C8-AA45-438AD91DF71B}
2014-04-28 11:36 - 2013-05-02 20:01 - 00000000 ____D () C:\Users\Lila\AppData\Local\CrashDumps
2014-04-28 11:36 - 2013-03-22 21:17 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\UseNeXT
2014-04-27 22:15 - 2014-03-24 12:48 - 00000000 ____D () C:\Users\Lila\Desktop\karten
2014-04-27 22:15 - 2013-12-22 18:22 - 00002076 _____ () C:\Users\Lila\Desktop\musii.txt
2014-04-27 21:05 - 2014-04-26 17:36 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin
2014-04-26 15:33 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\Lila\Desktop\texte
2014-04-25 22:42 - 2013-05-15 20:43 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\vlc
2014-04-25 22:06 - 2014-04-25 21:53 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-25 22:05 - 2014-04-25 21:53 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-25 21:58 - 2013-08-30 23:52 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-25 21:55 - 2014-04-25 21:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-04-25 21:55 - 2013-03-03 16:01 - 00000000 ____D () C:\Users\Lila\Documents\My Games
2014-04-25 21:45 - 2014-04-25 21:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-25 21:45 - 2014-04-25 21:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-25 21:45 - 2014-04-25 21:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-25 21:27 - 2013-03-09 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 18:00 - 2014-04-23 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-23 13:32 - 2014-04-09 13:27 - 00000000 ____D () C:\Users\Lila\Desktop\narr
2014-04-23 12:50 - 2013-12-11 12:48 - 00000576 _____ () C:\Users\Lila\Desktop\film.txt
2014-04-16 23:35 - 2014-04-15 14:21 - 00000000 ____D () C:\Users\Lila\Desktop\magier
2014-04-16 20:37 - 2014-04-16 20:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe
2014-04-16 20:35 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration
2014-04-15 13:00 - 2014-04-15 13:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd
2014-04-15 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 10:40 - 2014-04-15 10:39 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder
2014-04-15 10:39 - 2014-04-09 19:53 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks
2014-04-12 21:25 - 2013-04-06 16:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-12 21:23 - 2014-04-12 21:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif
2014-04-09 23:28 - 2013-09-02 15:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:28 - 2013-03-01 18:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 22:45 - 2014-04-09 22:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\ProgramData\SulusGames
2014-04-09 22:45 - 2014-04-09 22:45 - 00000000 ____D () C:\Program Files (x86)\Games
2014-04-09 19:58 - 2013-10-30 01:04 - 00000000 ____D () C:\Users\Lila\AppData\Local\Windows Live
2014-04-09 19:11 - 2014-04-09 19:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre
2014-04-06 18:45 - 2014-04-06 18:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt
2014-04-06 02:51 - 2013-06-12 13:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job
2014-04-06 02:46 - 2013-06-12 13:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA
2014-04-06 02:46 - 2013-06-12 13:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core
2014-04-05 21:10 - 2013-08-12 22:58 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 21:10 - 2013-08-12 22:58 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-28 15:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-28 15:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-28 15:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:16 - 2014-04-09 13:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

Some content of TEMP:
====================
C:\Users\Lila\AppData\Local\temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Lila\AppData\Local\temp\Quarantine.exe
C:\Users\Lila\AppData\Local\temp\_is44BD.exe
C:\Users\Lila\AppData\Local\temp\_is7458.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 15:23

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Lila at 2014-04-28 18:34:51
Running from C:\Users\Lila\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.43 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Age of Mythology Gold (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2200 series Benutzerregistrierung (HKLM-x32\...\Canon MG2200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Poster Printer (HKLM-x32\...\{1B5979B5-FE79-405A-A023-592DCE48C522}) (Version: 6.0.0 - GD Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{F5A3E880-A737-48F2-A124-6F5D4CEA6AB4}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Poker 770 (HKLM-x32\...\Poker 770) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PreFlopper (HKLM-x32\...\{021A87FA-0D44-4B5F-8791-FFFD359849BD}) (Version: 2.1.0 - None provided)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Cases The Tarot Card Mystery 1.00 (HKLM-x32\...\Strange Cases The Tarot Card Mystery 1.00) (Version:  - )
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIRTU MVP 2.1.110 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.110 - Lucidlogix Technologies LTD)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

09-04-2014 11:04:18 Windows Update
09-04-2014 21:28:09 Windows Update
15-04-2014 08:11:25 Windows Update
16-04-2014 18:38:02 Installed Adobe Photoshop Lightroom 3.4 64-bit.
22-04-2014 19:34:33 Windows Update
25-04-2014 19:45:37 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
25-04-2014 19:45:42 Uniblue SpeedUpMyPC installation
25-04-2014 19:46:23 Removed calibre
25-04-2014 19:48:18 Removed Adobe Photoshop Lightroom 3.4 64-bit.


==================== Scheduled Tasks (whitelisted) =============

Task: {499293DA-FE23-4A1E-AAC9-00C29E2E3A9C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {52DB3FE1-FD35-49AE-A798-A031751E05F0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {79B1D23E-D9E5-44CA-B2B4-EE322E0F6FB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: {9227EDEB-5C17-43F6-AF4C-1B3E91416116} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B229787E-BCF3-4D1A-AA7B-C6ABD462F7B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {BC85140D-8E5D-475E-BB44-5CA5C0F02BF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)
Task: {CEA0F661-E4EF-4B0C-8174-747271058321} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-04-06 16:37 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-03-01 18:38 - 2012-02-07 18:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 17:26 - 2012-02-09 17:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 17:26 - 2012-02-09 17:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2013-03-01 18:34 - 2012-01-05 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-01 18:40 - 2012-02-05 14:36 - 03010336 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
2013-03-01 18:40 - 2012-02-05 14:36 - 00139552 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll
2013-08-31 13:00 - 2013-06-06 04:09 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 13:53 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 13:53 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Lila\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-02-13 16:15 - 2014-02-13 16:15 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-03-01 18:36 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-01 18:37 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Personal ID => C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 05:52:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 05:50:26 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 05:50:24 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 03:17:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 03:15:45 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 03:15:43 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 03:00:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:59:12 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (04/28/2014 02:59:09 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 02:16:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/28/2014 05:50:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 05:50:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Time" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2014 03:15:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 03:15:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Time" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2014 02:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Time" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2014 02:59:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 02:51:28 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Time" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/28/2014 02:28:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/28/2014 02:14:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/28/2014 01:54:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (04/28/2014 05:52:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 05:50:26 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 05:50:24 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 03:17:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 03:15:45 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 03:15:43 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 03:00:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:59:12 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (04/28/2014 02:59:09 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/28/2014 02:16:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-22 11:04:51.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.420
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 20:52:14.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 16268.42 MB
Available physical RAM: 13819.59 MB
Total Pagefile: 32535.02 MB
Available Pagefile: 29717.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:22.09 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:749.38 GB) NTFS
Drive e: (Ablage) (Fixed) (Total:10 GB) (Free:1.32 GB) NTFS
Drive f: (Datensammlung) (Fixed) (Total:50.01 GB) (Free:7.45 GB) NTFS
Drive g: (Musik) (Fixed) (Total:100.01 GB) (Free:94.05 GB) NTFS
Drive h: (Down) (Fixed) (Total:305.74 GB) (Free:58.05 GB) NTFS
Drive j: (AoE3 Complete) (CDROM) (Total:5.69 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 862E84D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E792C529)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 086D086C)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=05)

==================== End Of Log ============================

M-K-D-B · 28.04.2014, 18:31

Sieht gut aus.

Wir kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 2
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ESET,
die Logdatei von SecurityCheck.

joycelle · 28.04.2014, 19:53

Eset auch noch was gefunden. Kann ich die gefundenen Dateien einfach löschen?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c21399f6cd9b614f96a29458e624ef2b
# engine=14746
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-12 12:58:19
# local_time=2013-08-12 02:58:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 4287 127942149 0 0
# compatibility_mode=8216 16776701 100 98 404179 126325251 0 0
# scanned=69176
# found=0
# cleaned=0
# scan_time=584
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c21399f6cd9b614f96a29458e624ef2b
# engine=18060
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-28 06:48:29
# local_time=2014-04-28 08:48:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 5932 150340759 0 0
# scanned=309245
# found=2
# cleaned=0
# scan_time=3643
# nod_component=V3 Build:0x30000000
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von MSIL/CoinMiner.EW Trojaner" ac=I fn="H:\down\The Sims Into Future - FLT - s3if\flt-s3if.iso"
sh=CE29C7DAC0731393C21EB1FBED16CBC9CB369D86 ft=1 fh=2608d9160d4fbc4b vn="Variante von Win32/AdWare.iBryte.V.gen Anwendung" ac=I fn="H:\down\cards\pic\Setup.exe"

Security:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 7.0   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

28.04.2014, 16:41	#10
M-K-D-B /// TB-Ausbilder	Windows 7 gvu, pc gesperrt Servus, AdwCleaner dann von hier downloaden und wie beschrieben ausführen.

28.04.2014, 16:59	#12
M-K-D-B /// TB-Ausbilder	Windows 7 gvu, pc gesperrt Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Wie läuft der Rechner derzeit?

Windows 7 gvu, pc gesperrt

Plagegeister aller Art und deren Bekämpfung: Windows 7 gvu, pc gesperrt