Computer Checkup für Online Banking

Alpenkant · 25.05.2014, 17:53

Hallo liebe Leute

Ich hatte vor ca, 1,5 Monaten Virenprobleme, unter anderem hatte ich eine (scheinbar) harmlose Variante des BKA Trojaners und ca 170 Potentially Unwanted Programs, die ich dann mit Taskmanager und anschliessendem Herunterladen durch Malwarebytes eliminiert habe. Nachfolgende Scans mit Avira Antivir und Malwarebytes haben dann keine Funde mehr ergeben.

Der Computer funktioniert einwandfrei, Scans ergeben regelmässig null Funde. Ich möchte allerdings auf Nummer sicher gehen, da ich den Computer jetzt auch für Online Banking und andere Dinge nutzen möchte.

Vielleicht könnt ihr mir dabei helfen meine Paranoia zu beseitigen.

Liebe Grüsse

Alpenkant

schrauber · 25.05.2014, 18:03

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Alpenkant · 28.05.2014, 16:50

Hallo

Vielen Dank erstmal für deine Bemühungen.

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Sebastian (administrator) on DANNEBROG on 27-05-2014 22:18:51
Running from C:\Users\Sebastian\Downloads
Platform: Windows 8.1 Pro (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sebastian\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2049587197-461063494-1963073296-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-05] (Comfort Software Group)
HKU\S-1-5-21-2049587197-461063494-1963073296-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [358000 2014-01-17] (CyberGhost S.R.L.)
HKU\S-1-5-21-2049587197-461063494-1963073296-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 200.108.35.60:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/?rd=1&ucc=AT&dcc=AT&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DFD8E23300BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,de-AT;q=0.5,de;q=0.3
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 78.104.176.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-30] (Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-17] (CyberGhost S.R.L)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [651736 2012-11-03] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-03] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 megasas2; C:\Windows\System32\drivers\megasas2.sys [53552 2012-10-02] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-03] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 22:17 - 2014-05-27 22:17 - 00029300 _____ () C:\Users\Sebastian\Documents\Addition.txt
2014-05-27 22:17 - 2014-05-27 22:17 - 00029300 _____ () C:\Users\Sebastian\Documents\Addition 1.txt
2014-05-27 22:13 - 2014-05-27 22:13 - 00029300 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-05-27 22:12 - 2014-05-27 22:18 - 00011341 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-05-27 22:09 - 2014-05-27 22:09 - 02066944 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64 (1).exe
2014-05-27 22:05 - 2014-05-27 22:18 - 00000000 ____D () C:\FRST
2014-05-27 22:03 - 2014-05-27 22:04 - 02066944 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-25 19:42 - 2014-05-25 19:42 - 07643919 _____ () C:\Users\Sebastian\Downloads\npp.6.6.3.Installer.exe
2014-05-25 19:03 - 2014-05-25 19:12 - 00000000 ____D () C:\Users\Sebastian\Documents\Malwarebytes
2014-05-15 17:51 - 2014-05-15 17:51 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\hpqLog
2014-05-15 17:51 - 2014-05-15 17:51 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-15 17:50 - 2014-05-15 17:50 - 02803704 _____ (Hewlett-Packard ) C:\Users\Sebastian\Downloads\sp59835 (1).exe
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-15 00:10 - 2014-05-15 00:10 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 08:54 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:54 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:54 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:54 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:54 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 08:54 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 08:54 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:54 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 08:54 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:53 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:53 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:53 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:53 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:53 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:53 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:53 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:53 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:53 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 08:53 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:53 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:53 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:53 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:53 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:53 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:53 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:53 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:53 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:53 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:53 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:53 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:53 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:53 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:53 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:53 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:53 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:53 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 08:48 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 08:48 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 08:48 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:48 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:48 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 08:48 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-08 14:58 - 2014-05-08 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-05-08 13:50 - 2014-05-08 13:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\OpenOffice
2014-05-08 13:48 - 2014-05-08 13:48 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-08 13:48 - 2014-05-08 13:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-08 13:47 - 2014-05-08 13:47 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-08 13:44 - 2014-05-08 13:44 - 164962843 _____ () C:\Users\Sebastian\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-08 13:44 - 2014-05-08 13:44 - 00000000 ____D () C:\Users\Sebastian\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-05-05 03:51 - 2014-05-05 03:51 - 00002239 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-05 03:51 - 2014-05-05 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-05 03:50 - 2014-05-05 03:50 - 00884688 _____ (Google Inc.) C:\Users\Sebastian\Downloads\GoogleEarthSetup.exe
2014-05-03 03:02 - 2014-05-03 03:02 - 80451868 _____ () C:\Users\Sebastian\Downloads\trailer_Ilse_movie_f_001.wmv
2014-05-02 19:45 - 2014-05-02 19:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 19:45 - 2014-05-02 19:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2014-05-27 22:18 - 2014-05-27 22:12 - 00011341 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-05-27 22:18 - 2014-05-27 22:05 - 00000000 ____D () C:\FRST
2014-05-27 22:17 - 2014-05-27 22:17 - 00029300 _____ () C:\Users\Sebastian\Documents\Addition.txt
2014-05-27 22:17 - 2014-05-27 22:17 - 00029300 _____ () C:\Users\Sebastian\Documents\Addition 1.txt
2014-05-27 22:17 - 2014-01-08 09:04 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 22:13 - 2014-05-27 22:13 - 00029300 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-05-27 22:09 - 2014-05-27 22:09 - 02066944 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64 (1).exe
2014-05-27 22:04 - 2014-05-27 22:03 - 02066944 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-05-27 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-27 20:59 - 2014-02-03 12:27 - 01769094 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 17:24 - 2014-01-04 00:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2049587197-461063494-1963073296-1001
2014-05-27 16:50 - 2014-01-08 09:04 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-27 16:50 - 2014-01-08 09:04 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-25 19:42 - 2014-05-25 19:42 - 07643919 _____ () C:\Users\Sebastian\Downloads\npp.6.6.3.Installer.exe
2014-05-25 19:12 - 2014-05-25 19:03 - 00000000 ____D () C:\Users\Sebastian\Documents\Malwarebytes
2014-05-25 18:56 - 2014-03-29 05:46 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 09:51 - 2013-11-14 09:29 - 01996656 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-25 09:51 - 2012-08-20 17:01 - 00938378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-25 09:51 - 2012-08-20 17:01 - 00201580 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-25 09:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-25 09:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-24 07:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-20 11:00 - 2014-02-03 15:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-05-20 11:00 - 2014-02-03 15:50 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-05-15 17:51 - 2014-05-15 17:51 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\hpqLog
2014-05-15 17:51 - 2014-05-15 17:51 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-15 17:50 - 2014-05-15 17:50 - 02803704 _____ (Hewlett-Packard ) C:\Users\Sebastian\Downloads\sp59835 (1).exe
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-15 17:50 - 2011-02-11 18:32 - 00000000 ____D () C:\SWSETUP
2014-05-15 12:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 09:19 - 2014-01-04 00:32 - 00000000 ___RD () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:19 - 2014-01-04 00:32 - 00000000 ___RD () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 09:18 - 2013-08-22 16:44 - 00500232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 02:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 00:11 - 2014-02-02 10:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 00:10 - 2014-05-15 00:10 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 00:09 - 2014-01-07 13:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 00:08 - 2014-01-07 13:34 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 00:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-13 10:27 - 2014-03-13 11:48 - 00001156 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 10:27 - 2014-02-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 10:27 - 2014-02-02 02:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-12 11:12 - 2014-01-08 09:04 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 11:12 - 2014-01-08 09:04 - 00003666 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 14:58 - 2014-05-08 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-05-08 14:58 - 2013-08-22 16:46 - 00291577 _____ () C:\WINDOWS\setupact.log
2014-05-08 13:50 - 2014-05-08 13:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\OpenOffice
2014-05-08 13:48 - 2014-05-08 13:48 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-08 13:48 - 2014-05-08 13:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-08 13:47 - 2014-05-08 13:47 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-08 13:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-08 13:44 - 2014-05-08 13:44 - 164962843 _____ () C:\Users\Sebastian\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-08 13:44 - 2014-05-08 13:44 - 00000000 ____D () C:\Users\Sebastian\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-05-06 06:40 - 2014-05-14 08:54 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 08:54 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 08:54 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 08:54 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-05 03:51 - 2014-05-05 03:51 - 00002239 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-05-05 03:51 - 2014-05-05 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-05 03:51 - 2014-01-08 09:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-05 03:51 - 2014-01-08 09:03 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Google
2014-05-05 03:50 - 2014-05-05 03:50 - 00884688 _____ (Google Inc.) C:\Users\Sebastian\Downloads\GoogleEarthSetup.exe
2014-05-03 03:02 - 2014-05-03 03:02 - 80451868 _____ () C:\Users\Sebastian\Downloads\trailer_Ilse_movie_f_001.wmv
2014-05-02 19:45 - 2014-05-02 19:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 19:45 - 2014-05-02 19:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 11:09 - 2013-11-14 09:20 - 00155360 _____ () C:\WINDOWS\PFRO.log

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe
C:\Users\Sebastian\AppData\Local\Temp\SIntf16.dll
C:\Users\Sebastian\AppData\Local\Temp\SIntf32.dll
C:\Users\Sebastian\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sebastian\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-26 04:04

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Sebastian at 2014-05-27 22:19:04
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version:  - Microsoft)
Free Alarm Clock 3.0.3 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TopSpin (HKLM-x32\...\InstallShield_{1EC73FB6-97FD-48EE-8100-CA969A56E727}) (Version: 1.00.0000 - Atari)
TopSpin (x32 Version: 1.00.0000 - Atari) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

==================== Restore Points  =========================

08-05-2014 11:45:11 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
14-05-2014 11:38:01 Windows Update
15-05-2014 15:51:12 Installed HP Wireless Button Driver.
23-05-2014 16:31:08 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {058DAC6C-7F92-4965-B8A2-2EE2A7EB80F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E3F98A5-32B4-45C7-8BB1-10A3AC994426} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24C92969-DE47-4F43-8115-8B2DAA8EA35C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {297AE60C-1597-4BD1-AA51-12137AFA79B0} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E0DF176-4825-4A11-8B63-8555DF8E07A4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {53C34D7E-37C7-4F60-AEAA-E55BBDCDEFDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78DE65F9-DD10-4017-8504-A1A4B9E594C6} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9AD49AAD-E02D-4456-A217-9119EE51C77C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7768871-6D48-41F4-89AF-EDAE640DD554} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-30] (Synaptics Incorporated)
Task: {C5568D5F-0FE5-4B49-9858-F63D79B89967} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D21409B1-221F-4B90-9A5A-A3D6A1D1177F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC679C63-3E82-42D1-AE34-EE373F3F22EB} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Uninstall survey 1396070352.job => ?
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 10:17 - 2013-09-05 10:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-03 01:01 - 2014-01-06 22:14 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-02-03 01:01 - 2014-01-06 22:14 - 00003072 _____ () C:\Program Files\CyberGhost 5\de\MobileConcepts.resources.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-02-03 15:50 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 19:25 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Qualcomm Atheros QCA9565 Bluetooth 4.0 + HS Adapter
Description: Qualcomm Atheros QCA9565 Bluetooth 4.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 06:31:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/23/2014 01:56:35 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=34.0.1847.137;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\4f8f8a7e-6a15-46bc-a677-2cc8dd4e0bf2.dmp

Error: (05/15/2014 05:51:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/15/2014 04:59:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 34.0.1847.137, Zeitstempel: 0x536aae9d
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 34.0.1847.137, Zeitstempel: 0x536aae9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000322ff
ID des fehlerhaften Prozesses: 0x1234
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5

Error: (05/14/2014 01:38:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/08/2014 01:45:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2014 05:35:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2014 05:35:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2014 05:34:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (05/02/2014 08:07:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (05/27/2014 08:20:38 AM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/27/2014 08:20:08 AM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/27/2014 02:03:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (05/26/2014 06:31:52 PM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/26/2014 06:27:34 PM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/26/2014 06:27:01 PM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/26/2014 04:16:08 PM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/26/2014 04:15:38 PM) (Source: DCOM) (EventID: 10010) (User: DANNEBROG)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/26/2014 06:41:42 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (05/26/2014 00:16:51 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.


Microsoft Office Sessions:
=========================
Error: (05/23/2014 06:31:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/23/2014 01:56:35 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=34.0.1847.137;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\4f8f8a7e-6a15-46bc-a677-2cc8dd4e0bf2.dmp

Error: (05/15/2014 05:51:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/15/2014 04:59:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe34.0.1847.137536aae9ddelegate_execute.exe34.0.1847.137536aae9dc0000005000322ff123401cf704e4e7cdd0fC:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\delegate_execute.exe8f352086-dc41-11e3-be84-40f02f2f1a8d

Error: (05/14/2014 01:38:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/08/2014 01:45:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/06/2014 05:35:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/06/2014 05:35:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/06/2014 05:34:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/02/2014 08:07:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3977.11 MB
Available physical RAM: 2238.82 MB
Total Pagefile: 6153.11 MB
Available Pagefile: 3918.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.66 GB) (Free:407.11 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.1 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 618D8341)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

So, bin gespannt wie es weiter geht

LG

Hallo Allerseits

Vielleicht kann mir irgenjemand der anwesenden Experten mitteilen ob den Logs nach mein Computer in Ordnung ist, bzw. mir die nächsten Schritte ansagen.
Ich kann ab morgen keine neuen Logs posten, erst dann ab Montag wieder.

LG

Alpenkant

Hab jetzt noch einen Malwarebytes Scan durchgeführt und es wurden pot. Bedrohungen erkannt.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.05.2014
Suchlauf-Zeit: 17:41:23
Logdatei: Log 28.05.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.28.05
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260391
Verstrichene Zeit: 2 Std, 29 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, , [41cec98bc5b661d54d68c3ccef13dc24], 

Dateien: 5
PUP.Optional.Bandoo, C:\Users\Sebastian\Downloads\iLividSetup-r420-n-bc (1).exe, , [5ab53420de9d6bcba6d835d5f40da060], 
PUP.Optional.Bandoo, C:\Users\Sebastian\Downloads\iLividSetup-r420-n-bc.exe, , [48c7342088f3999dcab49278f809d52b], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, , [41cec98bc5b661d54d68c3ccef13dc24], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, , [41cec98bc5b661d54d68c3ccef13dc24], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk, , [41cec98bc5b661d54d68c3ccef13dc24], 

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber · 29.05.2014, 16:02

Zitat:

ProxyServer: 200.108.35.60:8080

Hast DU den Proxy gesetzt?

Funde von MBAM löschen lassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Computer Checkup für Online Banking

Plagegeister aller Art und deren Bekämpfung: Computer Checkup für Online Banking