WIN 7 64bit, schwedischer Ableger vom BKA Trojaner. U-Kash Aufforderung

mixas · 29.04.2014, 19:32

Hallo, ich habe den Laptop von einem nicht so versierten Freund hier, der sich in Schweden einen Trojaner eingefangen hat. Fährt man den Rechner hoch, so erscheint nach dem Einloggen in das Benutzerkonto eine Grafik die vorgibt vom schwedischen Staat zu stammen.
Hier habe ich eine Fotografie des gesperrten Bildschirms hochgeladen, falls das hilfreich ist:

hxxp://www.directupload.net/file/d/3607/f64pxaka_jpg.htm

Dort steht grob zusammengefasst, dass man allerhand Straftaten begangen habe und nun eine Zahlung an die schwedische Polizei zu leisten habe damit der Rechner wieder entsperrt wird.
Es ist mir nicht gelungen den Rechner im abgesicherten Modus oder auf anderem Wege zu starten, daher habe ich gemäß der Anleitung mittels eines USB Sticks einen FRST Scan durchgeführt. Hier das Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by SYSTEM on MININT-MUC4CCD on 29-04-2014 21:10:49
Running from F:\
Windows 7 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2011-02-20] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\mati\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\mati\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7tg9b8.lnk
ShortcutTarget: h7tg9b8.lnk -> C:\ProgramData\8b9gt7h.dss (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-10-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-10-14] (Avira Operations GmbH & Co. KG)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Broadband. RunOuc; C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe [657504 2012-11-11] ()
S2 Winmgmt; C:\ProgramData\h7tg9b8.pss [61536 2013-11-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-10-14] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-10-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-14] (Avira Operations GmbH & Co. KG)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-14] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [244736 2013-02-16] (Huawei Technologies Co., Ltd.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-08] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 1299D1EA00B7A4BF69C5869DCA31E0F6
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 7230F4CF9F20DCD1DBF4BB3296EEED68
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 5222D99C7E3245882E864D2EA7011387
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys CFA9DC7D001DE3D8E9899058A822162D
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 5651FBB74B1CE691BA1BE3E9D19D1BE1
C:\Windows\System32\DRIVERS\ew_juextctrl.sys 00020E8394BCBD6DCC8645B2599608E8
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 374EC8A7726F703306848447391F4201
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys B8E670D7EF61615FA03104552854FAC9
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys A523D9F6AEB152C4480D754DF7FA9F7F
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 21:10 - 2014-04-29 21:10 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-04-29 21:10 - 2014-04-29 21:10 - 00000000 ____D () C:\FRST
2014-04-29 09:34 - 2013-11-11 17:46 - 00000000 _____ () C:\ProgramData\h7tg9b8.fvv
2014-04-29 09:34 - 2013-11-11 17:45 - 95025368 ____T () C:\ProgramData\h7tg9b8.bxx
2014-04-29 09:34 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 09:33 - 2009-07-13 20:51 - 00049644 _____ () C:\Windows\setupact.log
2014-04-29 09:31 - 2013-10-14 08:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 21:05 - 2011-02-14 11:27 - 00000000 ____D () C:\users\mati
2014-03-30 21:05 - 2009-07-13 23:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-30 21:05 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-30 21:05 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-30 21:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-30 21:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-30 21:04 - 2013-11-06 08:29 - 00000000 ____D () C:\Program Files (x86)\Mobile Broadband
2014-03-30 21:04 - 2013-11-06 08:28 - 00000000 ____D () C:\ProgramData\DatacardService
2014-03-30 21:04 - 2013-10-14 09:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-30 21:04 - 2013-10-14 09:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-30 21:04 - 2013-10-14 08:32 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-30 21:04 - 2013-10-14 08:31 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-30 21:04 - 2011-02-14 12:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-30 21:04 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-30 21:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-03-30 21:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-03-30 21:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-03-30 21:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-30 21:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-30 21:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-30 20:56 - 2013-10-14 07:33 - 00000000 ____D () C:\Users\Wilfried\AppData\Roaming\Skype
2014-03-30 20:55 - 2013-11-06 08:30 - 00000000 ____D () C:\ProgramData\Mobile Broadband
2014-03-30 20:55 - 2013-11-06 07:26 - 00000000 ____D () C:\ProgramData\Avira
2014-03-30 20:54 - 2013-11-06 07:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-30 12:27 - 2011-02-14 11:25 - 01936353 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 12:27 - 2009-07-13 20:45 - 00015120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 12:27 - 2009-07-13 20:45 - 00015120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 12:08 - 2013-09-10 06:27 - 00000000 ____D () C:\users\Wilfried

Files to move or delete:
====================
C:\ProgramData\8b9gt7h.dss
C:\ProgramData\h7tg9b8.bxx
C:\ProgramData\h7tg9b8.fvv
C:\ProgramData\h7tg9b8.pss
C:\ProgramData\h7tg9b8.reg


Some content of TEMP:
====================
C:\Users\mati\AppData\Local\Temp\AskSLib.dll
C:\Users\mati\AppData\Local\Temp\binkw32.dll
C:\Users\mati\AppData\Local\Temp\d2l_Install.exe
C:\Users\mati\AppData\Local\Temp\DTLite4471-0333.exe
C:\Users\Wilfried\AppData\Local\Temp\AskSLib.dll
C:\Users\Wilfried\AppData\Local\Temp\~tmf5950952906528855071.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-10-14 08:17:28
Restore point made on: 2013-10-14 08:19:01
Restore point made on: 2013-10-14 08:21:40
Restore point made on: 2013-10-14 08:30:33
Restore point made on: 2013-10-14 08:47:19
Restore point made on: 2013-11-06 09:04:45
Restore point made on: 2013-11-06 13:22:15
Restore point made on: 2013-11-07 11:55:35
Restore point made on: 2013-11-07 12:12:05
Restore point made on: 2013-11-07 13:40:08
Restore point made on: 2013-11-12 01:22:19

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {12e7b615-38bb-11e0-99e7-bdb2c81c6abf}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {12e7b615-38bb-11e0-99e7-bdb2c81c6abf}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\12e7b617-38bb-11e0-99e7-bdb2c81c6abf\Winre.wim,{12e7b618-38bb-11e0-99e7-bdb2c81c6abf}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\12e7b617-38bb-11e0-99e7-bdb2c81c6abf\Winre.wim,{12e7b618-38bb-11e0-99e7-bdb2c81c6abf}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {12e7b615-38bb-11e0-99e7-bdb2c81c6abf}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {12e7b618-38bb-11e0-99e7-bdb2c81c6abf}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\12e7b617-38bb-11e0-99e7-bdb2c81c6abf\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4061.09 MB
Available physical RAM: 3463.46 MB
Total Pagefile: 4059.23 MB
Available Pagefile: 3455.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:145.94 GB) NTFS
Drive f: (BAMMEL) (Removable) (Total:7.37 GB) (Free:7.36 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 000667AB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-06 08:24

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Der Rechner kann laut meinem Freund gerne komplett auf Auslieferungszustand zurückgesetzt werden. er hat allerdings keinerlei CD`s mit Windows mehr dazu.

Für jede Hilfe bin ich sehr dankbar, meine Computerkenntnisse sind hier leider am Ende.

Michel

schrauber · 29.04.2014, 19:56

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7tg9b8.lnk
ShortcutTarget: h7tg9b8.lnk -> C:\ProgramData\8b9gt7h.dss (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\h7tg9b8.pss [61536 2013-11-11] (Microsoft Corporation)
C:\ProgramData\8b9gt7h.dss
C:\ProgramData\h7tg9b8.bxx
C:\ProgramData\h7tg9b8.fvv
C:\ProgramData\h7tg9b8.pss
C:\ProgramData\h7tg9b8.reg

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

mixas · 29.04.2014, 20:16

Hier das neue Log

Zitat:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
Ran by SYSTEM at 2014-04-29 22:08:20 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7tg9b8.lnk
ShortcutTarget: h7tg9b8.lnk -> C:\ProgramData\8b9gt7h.dss (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\h7tg9b8.pss [61536 2013-11-11] (Microsoft Corporation)
C:\ProgramData\8b9gt7h.dss
C:\ProgramData\h7tg9b8.bxx
C:\ProgramData\h7tg9b8.fvv
C:\ProgramData\h7tg9b8.pss
C:\ProgramData\h7tg9b8.reg

*****************

C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7tg9b8.lnk => Moved successfully.
C:\ProgramData\8b9gt7h.dss => Moved successfully.
Winmgmt => Service restored successfully.
"C:\ProgramData\8b9gt7h.dss" => File/Directory not found.
C:\ProgramData\h7tg9b8.bxx => Moved successfully.
C:\ProgramData\h7tg9b8.fvv => Moved successfully.
C:\ProgramData\h7tg9b8.pss => Moved successfully.
C:\ProgramData\h7tg9b8.reg => Moved successfully.

==== End of Fixlog ====

Computer startet normal und das Benutzerkonto lässt sich öffnen und Programme können ausgeführt werden. Soweit ich das bei einem fremden Rechner nach kurzer Zeit beurteilen kann läuft alles.

schrauber · 30.04.2014, 23:43

Supi, dann jetzt alles im normalen Modus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mixas · 06.05.2014, 12:30

Hallo Schrauber,

entschuldige, dass es etwas gedauert hat, hier kommen die FRST.txt und die Addition.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Wilfried (administrator) on MATI-PC on 06-05-2014 13:26:35
Running from C:\Users\Wilfried\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2011-02-20] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-06] (Microsoft Corporation)
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c15-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c21-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716ee-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716fe-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {93e60179-47f9-11e3-8a05-002618790c6d} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x47167104F1C8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3B05CE7E-4E85-456C-980D-3ABC67021C19}: [NameServer]195.67.199.18 195.67.199.19
Tcpip\..\Interfaces\{3DE7C11A-1A13-4291-9DBC-6FA8A3A018B3}: [NameServer]195.67.199.18 195.67.199.19

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Broadband. RunOuc; C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-14] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [244736 2013-02-17] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 13:26 - 2014-05-06 13:27 - 00009625 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-06 13:25 - 2014-05-06 13:25 - 02063872 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-04-30 07:10 - 2014-05-06 13:26 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-05-06 13:27 - 2014-05-06 13:26 - 00009625 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-06 13:27 - 2011-02-15 21:18 - 00664872 _____ () C:\Windows\system32\perfh007.dat
2014-05-06 13:27 - 2011-02-15 21:18 - 00134312 _____ () C:\Windows\system32\perfc007.dat
2014-05-06 13:27 - 2009-07-14 07:13 - 01525230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 13:26 - 2014-04-30 07:10 - 00000000 ____D () C:\FRST
2014-05-06 13:25 - 2014-05-06 13:25 - 02063872 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-05-06 13:24 - 2011-02-14 21:25 - 01437956 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 13:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 13:20 - 2009-07-14 06:51 - 00049868 _____ () C:\Windows\setupact.log
2014-05-06 13:19 - 2011-02-19 20:26 - 00011974 _____ () C:\Windows\PFRO.log
2014-04-30 13:45 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 13:45 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 13:42 - 2013-11-11 19:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 08:08 - 2013-09-10 16:27 - 00000000 ___RD () C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 19:31 - 2013-10-14 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

Some content of TEMP:
====================
C:\Users\mati\AppData\Local\Temp\AskSLib.dll
C:\Users\mati\AppData\Local\Temp\binkw32.dll
C:\Users\mati\AppData\Local\Temp\d2l_Install.exe
C:\Users\mati\AppData\Local\Temp\DTLite4471-0333.exe
C:\Users\Wilfried\AppData\Local\Temp\AskSLib.dll
C:\Users\Wilfried\AppData\Local\Temp\avgnt.exe
C:\Users\Wilfried\AppData\Local\Temp\~tmf5950952906528855071.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-06 18:24

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by Wilfried at 2014-05-06 13:28:07
Running from C:\Users\Wilfried\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
ETDWare PS/2-x64 7.0.5.7_WHQL (HKLM\...\Elantech) (Version:  - )
FiceMusic (HKLM-x32\...\{E3BA1B06-527A-43D1-A8AA-AE34D1DA2EAF}) (Version: 1.51 - United ODC Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.218 - Foxit Corporation)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\Mobile Broadband) (Version: 23.009.11.01.07 - Huawei Technologies Co.,Ltd)
Mozilla Firefox (3.6.18) (HKLM-x32\...\Mozilla Firefox (3.6.18)) (Version: 3.6.18 (de) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NPC-Reconstruction Models Mod (HKLM-x32\...\{8F2FE985-BCA2-44B1-9D05-9853DF8DFE52}) (Version: 0.6 - United ODC Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

14-10-2013 16:17:12 Windows Update
14-10-2013 16:17:27 Windows Live Essentials
14-10-2013 16:21:33 WLSetup
14-10-2013 16:30:24 Windows Live Essentials
14-10-2013 16:47:12 Windows Update
06-11-2013 17:04:22 Scheduled Checkpoint
06-11-2013 21:22:08 Windows Update
12-11-2013 09:21:46 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {095B3571-6BEC-437C-BDE7-1B4889C28788} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-11-06 18:31 - 2012-11-12 07:59 - 00657504 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe
2011-03-05 16:34 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-11-06 17:27 - 2013-10-14 18:15 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-06 18:31 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\mingwm10.dll
2013-11-06 18:31 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-11-06 18:31 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\QtCore4.dll
2013-11-06 18:31 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\QtNetwork4.dll
2013-11-06 18:31 - 2012-11-12 05:48 - 00843264 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\QueryStrategy.dll
2013-11-06 18:31 - 2012-10-31 11:11 - 00398336 _____ () C:\ProgramData\Mobile Broadband\OnlineUpdate\QtXml4.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 10:28:29 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/03/2014 01:39:17 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a1c

Startzeit: 01cefbf385a1ceb0

Endzeit: 0

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: cc178ad2-8cc7-11e3-8b44-002618790c6d

Error: (11/12/2013 11:48:18 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b10

Startzeit: 01cedf8b80e04bc5

Endzeit: 110

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 8aa5f5c0-4b7f-11e3-8bf5-002618790c6d

Error: (11/12/2013 11:24:52 AM) (Source: RasClient) (User: ) (EventID: 20227)
Description: CoID={D90D7916-63D0-41A5-BD87-017BAD4F2B1E}: Der Benutzer "mati-PC\Wilfried" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (11/12/2013 11:22:52 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1550

Startzeit: 01cedf49a93060ad

Endzeit: 0

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: fcaf9718-4b7b-11e3-9e21-002618790c6d

Error: (11/12/2013 11:21:34 AM) (Source: System Restore) (User: ) (EventID: 8193)
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (11/12/2013 03:25:41 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2120

Startzeit: 01cedf458fac9c12

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Berichts-ID: 06f436a9-4b39-11e3-9e21-002618790c6d

Error: (11/10/2013 08:31:37 PM) (Source: RasClient) (User: ) (EventID: 20227)
Description: CoID={008C1F40-FBB0-4937-9C82-E42792243513}: Der Benutzer "mati-PC\Wilfried" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (11/09/2013 09:51:39 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm iexplore.exe, Version 10.0.9200.16720 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bc0

Startzeit: 01cedd67606de5f4

Endzeit: 79

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 4e1b8aae-4978-11e3-92cc-002618790c6d

Error: (11/09/2013 05:48:02 PM) (Source: RasClient) (User: ) (EventID: 20227)
Description: CoID={5D8887E7-7CF9-4BF9-B97C-A00A1E96D709}: Der Benutzer "mati-PC\Wilfried" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.


System errors:
=============
Error: (05/06/2014 01:20:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Mobile Broadband. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/06/2014 01:20:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Broadband. OUC erreicht.

Error: (04/30/2014 01:49:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7043)
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/30/2014 02:34:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Mobile Broadband. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/30/2014 02:34:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Broadband. OUC erreicht.

Error: (04/29/2014 10:12:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Mobile Broadband. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/29/2014 10:12:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Broadband. OUC erreicht.

Error: (04/29/2014 10:03:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY) (EventID: 1001)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (04/29/2014 10:03:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY) (EventID: 1000)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007042d

Error: (04/29/2014 10:03:17 PM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1069TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}


Microsoft Office Sessions:
=========================
Error: (03/30/2014 10:28:29 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (02/03/2014 01:39:17 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: rundll32.exe6.1.7600.16385a1c01cefbf385a1ceb00C:\Windows\SysWOW64\rundll32.execc178ad2-8cc7-11e3-8b44-002618790c6d

Error: (11/12/2013 11:48:18 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: rundll32.exe6.1.7600.16385b1001cedf8b80e04bc5110C:\Windows\SysWOW64\rundll32.exe8aa5f5c0-4b7f-11e3-8bf5-002618790c6d

Error: (11/12/2013 11:24:52 AM) (Source: RasClient) (User: ) (EventID: 20227)
Description: {D90D7916-63D0-41A5-BD87-017BAD4F2B1E}mati-PC\WilfriedBreitbandverbindung651

Error: (11/12/2013 11:22:52 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: rundll32.exe6.1.7600.16385155001cedf49a93060ad0C:\Windows\SysWOW64\rundll32.exefcaf9718-4b7b-11e3-9e21-002618790c6d

Error: (11/12/2013 11:21:34 AM) (Source: System Restore) (User: ) (EventID: 8193)
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (11/12/2013 03:25:41 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: wmplayer.exe12.0.7601.17514212001cedf458fac9c1210C:\Program Files (x86)\Windows Media Player\wmplayer.exe06f436a9-4b39-11e3-9e21-002618790c6d

Error: (11/10/2013 08:31:37 PM) (Source: RasClient) (User: ) (EventID: 20227)
Description: {008C1F40-FBB0-4937-9C82-E42792243513}mati-PC\WilfriedBreitbandverbindung651

Error: (11/09/2013 09:51:39 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: iexplore.exe10.0.9200.16720bc001cedd67606de5f479C:\Program Files\Internet Explorer\iexplore.exe4e1b8aae-4978-11e3-92cc-002618790c6d

Error: (11/09/2013 05:48:02 PM) (Source: RasClient) (User: ) (EventID: 20227)
Description: {5D8887E7-7CF9-4BF9-B97C-A00A1E96D709}mati-PC\WilfriedBreitbandverbindung651


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 4061.09 MB
Available physical RAM: 2481.72 MB
Total Pagefile: 8120.35 MB
Available Pagefile: 6605.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:145.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 000667AB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 07.05.2014, 08:45

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

mixas · 07.05.2014, 19:18

Eine Ladung Logfiles:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.05.2014
Suchlauf-Zeit: 19:36:21
Logdatei: Mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.07.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Wilfried

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 273979
Verstrichene Zeit: 6 Std, 4 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.207 - Report created 07/05/2014 at 19:47:34
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Wilfried - MATI-PC
# Running from : C:\Users\Wilfried\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail-2012_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail-2012_RASMANCS
Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


*************************

AdwCleaner[R0].txt - [1251 octets] - [07/05/2014 19:44:35]
AdwCleaner[S0].txt - [1146 octets] - [07/05/2014 19:47:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1206 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Wilfried on 07.05.2014 at 20:03:12,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2014 at 20:10:39,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Wilfried (administrator) on MATI-PC on 07-05-2014 20:12:39
Running from C:\Users\Wilfried\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2011-02-20] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-06] (Microsoft Corporation)
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c15-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c21-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716ee-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716fe-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {93e60179-47f9-11e3-8a05-002618790c6d} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x47167104F1C8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3B05CE7E-4E85-456C-980D-3ABC67021C19}: [NameServer]195.67.199.18 195.67.199.19
Tcpip\..\Interfaces\{3DE7C11A-1A13-4291-9DBC-6FA8A3A018B3}: [NameServer]195.67.199.18 195.67.199.19

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Broadband. RunOuc; C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-14] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [244736 2013-02-17] (Huawei Technologies Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 19:53 - 2014-05-07 19:53 - 01016261 _____ (Thisisu) C:\Users\Wilfried\Desktop\JRT.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 19:44 - 2014-05-07 19:47 - 00000000 ____D () C:\AdwCleaner
2014-05-07 19:43 - 2014-05-07 19:43 - 01316991 _____ () C:\Users\Wilfried\Desktop\adwcleaner.exe
2014-05-07 13:26 - 2014-05-07 13:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 13:25 - 2014-05-07 13:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-07 13:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-07 13:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 13:28 - 2014-05-06 13:29 - 00017860 _____ () C:\Users\Wilfried\Desktop\Addition.txt
2014-05-06 13:26 - 2014-05-07 20:12 - 00009448 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-06 13:25 - 2014-05-06 13:25 - 02063872 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-04-30 07:10 - 2014-05-07 20:12 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-05-07 20:12 - 2014-05-06 13:26 - 00009448 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-07 20:12 - 2014-04-30 07:10 - 00000000 ____D () C:\FRST
2014-05-07 19:58 - 2013-10-14 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 19:57 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 19:57 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 19:56 - 2011-02-15 21:18 - 00664872 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 19:56 - 2011-02-15 21:18 - 00134312 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 19:56 - 2009-07-14 07:13 - 01525230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 19:53 - 2014-05-07 19:53 - 01016261 _____ (Thisisu) C:\Users\Wilfried\Desktop\JRT.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 19:53 - 2011-02-14 21:25 - 01911266 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 19:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 19:48 - 2011-02-19 20:26 - 00013140 _____ () C:\Windows\PFRO.log
2014-05-07 19:48 - 2009-07-14 06:51 - 00050070 _____ () C:\Windows\setupact.log
2014-05-07 19:47 - 2014-05-07 19:44 - 00000000 ____D () C:\AdwCleaner
2014-05-07 19:47 - 2011-02-14 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 19:43 - 2014-05-07 19:43 - 01316991 _____ () C:\Users\Wilfried\Desktop\adwcleaner.exe
2014-05-07 19:37 - 2013-10-14 19:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-07 19:37 - 2013-10-14 19:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-07 19:37 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-05-07 19:35 - 2013-10-14 18:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-07 19:35 - 2013-10-14 18:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 19:35 - 2013-10-14 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-07 13:35 - 2013-10-14 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-07 13:31 - 2014-05-07 13:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 13:30 - 2013-10-14 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-07 13:25 - 2014-05-07 13:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 13:29 - 2014-05-06 13:28 - 00017860 _____ () C:\Users\Wilfried\Desktop\Addition.txt
2014-05-06 13:25 - 2014-05-06 13:25 - 02063872 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-04-30 13:42 - 2013-11-11 19:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 08:08 - 2013-09-10 16:27 - 00000000 ___RD () C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Some content of TEMP:
====================
C:\Users\mati\AppData\Local\Temp\AskSLib.dll
C:\Users\mati\AppData\Local\Temp\binkw32.dll
C:\Users\mati\AppData\Local\Temp\d2l_Install.exe
C:\Users\Wilfried\AppData\Local\Temp\AskSLib.dll
C:\Users\Wilfried\AppData\Local\Temp\avgnt.exe
C:\Users\Wilfried\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-06 18:24

==================== End Of Log ============================

--- --- ---

--- --- ---
Schönen Gruß, Michel
--- --- ---

schrauber · 08.05.2014, 16:02

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

mixas · 08.05.2014, 22:20

War wohl leider noch nicht alles:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2501390b177e9942a4a51a5096a787bd
# engine=18183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-08 09:07:34
# local_time=2014-05-08 11:07:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 99137 170254559 91892 0
# compatibility_mode=5893 16776574 100 94 3340916 151213104 0 0
# scanned=472977
# found=13
# cleaned=0
# scan_time=16180
sh=90E9B12227EB7C4603759C05C5682C6FF6650577 ft=1 fh=414bb11b7e6ad718 vn="Variante von Win32/Kryptik.BOQW Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\8b9gt7h.dss.xBAD"
sh=0167A28F97719A794E445B524B244C8710A4D2EE ft=1 fh=ffc9834683aaf615 vn="Win64/Disabler.A Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\h7tg9b8.pss.xBAD"
sh=56978017BEB3E17A3A91446BCB455FB88DA0D731 ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Programme\Black Isle\BGII - SvA\BiG World Downloads\eldoth11.rar"
sh=C349FD69009246D2EE5084EFCF2022B3F126FC35 ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Programme\Black Isle\BGII - SvA\BiG World Downloads\KonTwk_v2_2.rar"
sh=45B15C727A4963B1B28A997EB2578F16B9E1C5AF ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Programme\Black Isle\BGII - SvA\BiG World Downloads\portablehole.zip"
sh=955B062F43A0772D9103F814FB3F4B0D98812B3B ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Programme\Black Isle\BGII - SvA\BiG World Downloads\Quayle Project v5.0.zip"
sh=B13DD52A34D938BA4D8581DAEE86EBE374461A5A ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Programme\Black Isle\BGII - SvA\BiG World Downloads\snakes_v3_4.zip"
sh=56978017BEB3E17A3A91446BCB455FB88DA0D731 ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Users\mati\Desktop\bg\BiG World Downloads\eldoth11.rar"
sh=C349FD69009246D2EE5084EFCF2022B3F126FC35 ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Users\mati\Desktop\bg\BiG World Downloads\KonTwk_v2_2.rar"
sh=45B15C727A4963B1B28A997EB2578F16B9E1C5AF ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Users\mati\Desktop\bg\BiG World Downloads\portablehole.zip"
sh=955B062F43A0772D9103F814FB3F4B0D98812B3B ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Users\mati\Desktop\bg\BiG World Downloads\Quayle Project v5.0.zip"
sh=B13DD52A34D938BA4D8581DAEE86EBE374461A5A ft=0 fh=0000000000000000 vn="Variante von Generik.KSZVEEK Trojaner" ac=I fn="C:\Users\mati\Desktop\bg\BiG World Downloads\snakes_v3_4.zip"
sh=359F2DAD231D4D67A61ED4961A3A61074E59567B ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-2465.CU Trojaner" ac=I fn="C:\Users\Wilfried\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5d7b8ca8-1e740caf"

Zitat:

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 23
Java version out of Date!
Adobe Flash Player 13.0.0.206
Mozilla Firefox (3.6.18) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Mobile Broadband OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

schrauber · 09.05.2014, 16:15

Java und FIrefox updaten. Funde von ESET sind schon in Quarantäne bzw in deinen Downloads.

Frisches FRST log fehtl sowie die Anwort auf meine Frage.

mixas · 10.05.2014, 11:41

Hallo Schrauber,

stimmt, das FRST Log hatte ich vergessen. Ansonsten gibt es mit der Funktionalität des Computers keine Probleme. Wenn du mir noch einen Tipp geben kannst, wie man das zweite Kennwortgeschützte Administratorenkonto auf diesem Rechner löschen kann wäre das super, aber nicht unbedingt notwendig. Ist halt ein altes Konto von dem Schwager des Computer Besitzers, dass eigentlich überflüssig ist. Nur das Kennwort weiß niemand mehr.

Hier erst mal das FRST Log und schon einmal ein riesiges Dankeschön für deine Hilfe bis hierhin.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Wilfried (administrator) on MATI-PC on 10-05-2014 12:34:22
Running from C:\Users\Wilfried\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2011-02-20] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-06] (Microsoft Corporation)
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c15-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {1a684c21-46f7-11e3-944f-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716ee-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {7fb716fe-4955-11e3-8a3a-002618790c6d} - F:\AutoRun.exe
HKU\S-1-5-21-3519401292-2373783698-457356965-1003\...\MountPoints2: {93e60179-47f9-11e3-8a05-002618790c6d} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x47167104F1C8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3B05CE7E-4E85-456C-980D-3ABC67021C19}: [NameServer]195.67.199.18 195.67.199.19
Tcpip\..\Interfaces\{3DE7C11A-1A13-4291-9DBC-6FA8A3A018B3}: [NameServer]195.67.199.18 195.67.199.19

FireFox:
========
FF ProfilePath: C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\tvubni84.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Broadband. RunOuc; C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-14] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [244736 2013-02-17] (Huawei Technologies Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 12:34 - 2014-05-10 12:34 - 00009559 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-10 12:33 - 2014-05-10 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-10 12:33 - 2014-05-10 12:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-10 12:32 - 2014-05-10 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-10 12:32 - 2014-05-10 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 12:29 - 2014-05-10 12:31 - 00921512 _____ (Oracle Corporation) C:\Users\Wilfried\Downloads\JavaSetup7u55.com
2014-05-10 12:25 - 2014-05-10 12:25 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-10 12:25 - 2014-05-10 12:25 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 __SHD () C:\Users\Wilfried\AppData\Local\EmieUserList
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 __SHD () C:\Users\Wilfried\AppData\Local\EmieSiteList
2014-05-10 12:24 - 2014-05-10 12:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-10 12:23 - 2014-05-10 12:23 - 00283144 _____ (Mozilla) C:\Users\Wilfried\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 12:23 - 2014-05-10 12:23 - 00000000 _____ () C:\Windows\nsreg.dat
2014-05-10 12:22 - 2014-05-10 12:25 - 00000000 ____D () C:\Users\Wilfried\AppData\Local\Mozilla
2014-05-10 12:22 - 2014-05-10 12:23 - 00000000 ____D () C:\Users\Wilfried\AppData\Roaming\Mozilla
2014-05-10 12:21 - 2014-05-10 12:21 - 00000000 ____D () C:\Users\Wilfried\Desktop\FRST-OlderVersion
2014-05-08 23:22 - 2014-05-08 23:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-08 23:13 - 2014-05-08 23:13 - 00855379 _____ () C:\Users\Wilfried\Desktop\SecurityCheck.exe
2014-05-08 19:45 - 2014-05-08 19:45 - 00000000 ____D () C:\Users\Wilfried\AppData\Roaming\Foxit Software
2014-05-08 19:32 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-05-08 19:32 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-05-08 19:32 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-05-08 19:32 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-05-08 19:22 - 2014-05-08 19:22 - 01611608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-08 19:06 - 2014-05-08 19:06 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-08 19:06 - 2014-05-08 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-08 19:06 - 2014-05-08 19:06 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-08 19:06 - 2014-05-08 19:06 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-08 19:06 - 2014-05-08 19:06 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-08 19:06 - 2014-05-08 19:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-08 19:06 - 2014-05-08 19:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-08 19:06 - 2014-05-08 19:06 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-08 19:06 - 2014-05-08 19:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-08 19:06 - 2014-05-08 19:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-08 19:06 - 2014-05-08 19:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-08 19:03 - 2014-05-08 19:16 - 00009962 _____ () C:\Windows\IE11_main.log
2014-05-08 18:32 - 2014-05-08 18:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-08 18:31 - 2014-05-08 18:31 - 02347384 _____ (ESET) C:\Users\Wilfried\Desktop\esetsmartinstaller_deu.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 01016261 _____ (Thisisu) C:\Users\Wilfried\Desktop\JRT.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 19:44 - 2014-05-07 19:47 - 00000000 ____D () C:\AdwCleaner
2014-05-07 19:43 - 2014-05-07 19:43 - 01316991 _____ () C:\Users\Wilfried\Desktop\adwcleaner.exe
2014-05-07 13:56 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-07 13:56 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 13:55 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-05-07 13:55 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-05-07 13:55 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-05-07 13:55 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-05-07 13:55 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-05-07 13:55 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-05-07 13:55 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-05-07 13:55 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-05-07 13:55 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-05-07 13:55 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-07 13:55 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-07 13:55 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-07 13:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-07 13:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-07 13:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-07 13:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-07 13:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-07 13:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-07 13:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-07 13:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-07 13:54 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-07 13:54 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-05-07 13:54 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-07 13:54 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-05-07 13:54 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-05-07 13:54 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-05-07 13:54 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-07 13:54 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-05-07 13:54 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-05-07 13:54 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-05-07 13:54 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-07 13:54 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-07 13:53 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-07 13:53 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-07 13:53 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-07 13:53 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-07 13:53 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-05-07 13:53 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-05-07 13:53 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-05-07 13:53 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-05-07 13:53 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-05-07 13:53 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-05-07 13:52 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-07 13:52 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-07 13:52 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-07 13:52 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-07 13:52 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-07 13:52 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-07 13:52 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-07 13:52 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-05-07 13:52 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-07 13:52 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-07 13:52 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-07 13:52 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-05-07 13:52 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-07 13:52 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-07 13:51 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-07 13:51 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-07 13:51 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-07 13:51 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-07 13:51 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-07 13:51 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-07 13:51 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-07 13:51 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-07 13:51 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-07 13:51 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-05-07 13:51 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-05-07 13:51 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-05-07 13:51 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-05-07 13:51 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-05-07 13:51 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-05-07 13:51 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-05-07 13:51 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-05-07 13:51 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-05-07 13:51 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-07 13:51 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-07 13:50 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-07 13:50 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-07 13:50 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-07 13:50 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-07 13:50 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-07 13:50 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-05-07 13:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-07 13:50 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-07 13:50 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-07 13:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-07 13:50 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-07 13:50 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-07 13:50 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-05-07 13:50 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-05-07 13:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-07 13:47 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-07 13:47 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-07 13:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-05-07 13:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-05-07 13:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-05-07 13:47 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-05-07 13:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-05-07 13:47 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-05-07 13:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-05-07 13:47 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-07 13:47 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-07 13:47 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-05-07 13:47 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-05-07 13:26 - 2014-05-07 13:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 13:25 - 2014-05-07 13:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-07 13:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-07 13:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 13:28 - 2014-05-06 13:29 - 00017860 _____ () C:\Users\Wilfried\Desktop\Addition.txt
2014-05-06 13:25 - 2014-05-10 12:21 - 02065408 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-04-30 07:10 - 2014-05-10 12:34 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-05-10 12:34 - 2014-05-10 12:34 - 00009559 _____ () C:\Users\Wilfried\Desktop\FRST.txt
2014-05-10 12:34 - 2014-04-30 07:10 - 00000000 ____D () C:\FRST
2014-05-10 12:33 - 2014-05-10 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-10 12:32 - 2014-05-10 12:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-10 12:32 - 2014-05-10 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-10 12:32 - 2014-05-10 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 12:32 - 2011-02-14 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-10 12:32 - 2011-02-14 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-10 12:32 - 2011-02-14 22:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-10 12:31 - 2014-05-10 12:29 - 00921512 _____ (Oracle Corporation) C:\Users\Wilfried\Downloads\JavaSetup7u55.com
2014-05-10 12:28 - 2011-02-14 21:25 - 01115800 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 12:25 - 2014-05-10 12:25 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-10 12:25 - 2014-05-10 12:25 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 __SHD () C:\Users\Wilfried\AppData\Local\EmieUserList
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 __SHD () C:\Users\Wilfried\AppData\Local\EmieSiteList
2014-05-10 12:25 - 2014-05-10 12:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 12:25 - 2014-05-10 12:22 - 00000000 ____D () C:\Users\Wilfried\AppData\Local\Mozilla
2014-05-10 12:25 - 2011-02-14 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-10 12:23 - 2014-05-10 12:23 - 00283144 _____ (Mozilla) C:\Users\Wilfried\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 12:23 - 2014-05-10 12:23 - 00000000 _____ () C:\Windows\nsreg.dat
2014-05-10 12:23 - 2014-05-10 12:22 - 00000000 ____D () C:\Users\Wilfried\AppData\Roaming\Mozilla
2014-05-10 12:23 - 2011-02-15 21:18 - 00710154 _____ () C:\Windows\system32\perfh007.dat
2014-05-10 12:23 - 2011-02-15 21:18 - 00153862 _____ () C:\Windows\system32\perfc007.dat
2014-05-10 12:23 - 2009-07-14 07:13 - 01647172 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 12:23 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 12:23 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 12:21 - 2014-05-10 12:21 - 00000000 ____D () C:\Users\Wilfried\Desktop\FRST-OlderVersion
2014-05-10 12:21 - 2014-05-06 13:25 - 02065408 _____ (Farbar) C:\Users\Wilfried\Desktop\FRST64.exe
2014-05-10 12:20 - 2013-09-10 16:27 - 00001421 _____ () C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-10 12:20 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-10 12:20 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-10 12:16 - 2011-02-19 20:26 - 00113132 _____ () C:\Windows\PFRO.log
2014-05-10 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 12:16 - 2009-07-14 06:51 - 00050182 _____ () C:\Windows\setupact.log
2014-05-10 12:16 - 2009-07-14 06:45 - 00287568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-08 23:22 - 2014-05-08 23:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-08 23:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-08 23:13 - 2014-05-08 23:13 - 00855379 _____ () C:\Users\Wilfried\Desktop\SecurityCheck.exe
2014-05-08 22:58 - 2013-10-14 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 19:45 - 2014-05-08 19:45 - 00000000 ____D () C:\Users\Wilfried\AppData\Roaming\Foxit Software
2014-05-08 19:22 - 2014-05-08 19:22 - 01611608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-08 19:16 - 2014-05-08 19:03 - 00009962 _____ () C:\Windows\IE11_main.log
2014-05-08 19:06 - 2014-05-08 19:06 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-08 19:06 - 2014-05-08 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-08 19:06 - 2014-05-08 19:06 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-08 19:06 - 2014-05-08 19:06 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-08 19:06 - 2014-05-08 19:06 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-08 19:06 - 2014-05-08 19:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-08 19:06 - 2014-05-08 19:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-08 19:06 - 2014-05-08 19:06 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-08 19:06 - 2014-05-08 19:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-08 19:06 - 2014-05-08 19:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-08 19:06 - 2014-05-08 19:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-08 19:06 - 2014-05-08 19:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-08 19:06 - 2014-05-08 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-08 19:01 - 2013-10-14 17:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-08 19:01 - 2013-10-14 17:33 - 00000000 ____D () C:\ProgramData\Skype
2014-05-08 18:32 - 2014-05-08 18:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-08 18:31 - 2014-05-08 18:31 - 02347384 _____ (ESET) C:\Users\Wilfried\Desktop\esetsmartinstaller_deu.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 01016261 _____ (Thisisu) C:\Users\Wilfried\Desktop\JRT.exe
2014-05-07 19:53 - 2014-05-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 19:47 - 2014-05-07 19:44 - 00000000 ____D () C:\AdwCleaner
2014-05-07 19:43 - 2014-05-07 19:43 - 01316991 _____ () C:\Users\Wilfried\Desktop\adwcleaner.exe
2014-05-07 19:37 - 2013-10-14 19:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-07 19:37 - 2013-10-14 19:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-07 19:37 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-05-07 19:35 - 2013-10-14 18:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-07 19:35 - 2013-10-14 18:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 19:35 - 2013-10-14 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-07 13:35 - 2013-10-14 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-07 13:31 - 2014-05-07 13:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 13:30 - 2013-10-14 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-07 13:25 - 2014-05-07 13:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 13:25 - 2014-05-07 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 13:29 - 2014-05-06 13:28 - 00017860 _____ () C:\Users\Wilfried\Desktop\Addition.txt
2014-04-30 13:42 - 2013-11-11 19:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 13:42 - 2013-11-06 17:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 08:08 - 2013-09-10 16:27 - 00000000 ___RD () C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 04:24 - 2014-05-07 13:56 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-07 13:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\mati\AppData\Local\Temp\AskSLib.dll
C:\Users\mati\AppData\Local\Temp\binkw32.dll
C:\Users\mati\AppData\Local\Temp\d2l_Install.exe
C:\Users\Wilfried\AppData\Local\Temp\AskSLib.dll
C:\Users\Wilfried\AppData\Local\Temp\avgnt.exe
C:\Users\Wilfried\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-06 18:24

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 11.05.2014, 06:36

Zitat:

Wenn du mir noch einen Tipp geben kannst, wie man das zweite Kennwortgeschützte Administratorenkonto auf diesem Rechner löschen kann wäre das super, aber nicht unbedingt notwendig. Ist halt ein altes Konto von dem Schwager des Computer Besitzers, dass eigentlich überflüssig ist. Nur das Kennwort weiß niemand mehr.

Sollte über die Benutzerkontensteuerung gehen, wenn du es mit einem anderen Admin machst. Geht das nicht?

mixas · 11.05.2014, 15:57

Hallo Schrauber,

dass das so einfach geht hatte ich nicht erwartet. Aber hat funktioniert. Muss ich denn ansonsten noch etwas machen? Oder kann ich davon ausgehen, dass der Computer wieder sauber ist?

schrauber · 12.05.2014, 12:54

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mixas · 12.05.2014, 14:24

Hallo Schrauber,

vielen Dank für die großartige Unterstützung. Ich habe hohe Achtung vor eurem Team und eurer Arbeit.

Ich habe die Schritte soweit abgearbeitet kann nur leider nicht die empfohlenen Schutzprogramme alle installieren, da der PC Eigentümer mit der Aktualisierung und Nutzung davon wohl hoffnungslos überfordert wäre. Ich werde ihm aber noch einige Verhaltensregeln mit auf den Weg geben.

Ich wünsche dir und dem Team alles Gute und verabschiede mich mit besten Grüßen.

Michel

WIN 7 64bit, schwedischer Ableger vom BKA Trojaner. U-Kash Aufforderung

Plagegeister aller Art und deren Bekämpfung: WIN 7 64bit, schwedischer Ableger vom BKA Trojaner. U-Kash Aufforderung