Hallo Leute,

seit einiger Zeit taucht nach dem Windowsstart folgende Fehlermeldung auf dem Desktop auf:



Als Antivirensoftware ist die aktuellste Freeware Version von avast! installiert. In einem Thread bezüglich des selben Thema's auf eurer Seite sollte sich dieser "DDS.exe" herunterladen und die Logfiles posten. Dies habe ich jetzt schonmal gemacht. Ein großes schonmal an alle!

Anhang 67332
Anhang 67333

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:

• Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
• Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
• Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Matthias,

danke für die rasche Antwort. Vorab, das ist das Netbook einer Bekannten um das ich mich kümmern soll. Ist dieser mal für ein paar Tage vergriffen, gebe ich Bescheid.

FRST:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by Alexandra (administrator) on ALEXANDRA-PC on 01-06-2014 13:03:57
Running from C:\Users\Alexandra\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-01-02] (Broadcom Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2909968 2013-01-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3486488955-2479430902-3047591147-1000\...\Run: [cisczhl] => regsvr32.exe "C:\ProgramData\cisczhl.dat"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5836800 2013-01-02] (Broadcom Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 13:03 - 2014-06-01 13:04 - 00006000 _____ () C:\Users\Alexandra\Desktop\FRST.txt
2014-06-01 13:03 - 2014-06-01 13:03 - 00000000 ____D () C:\FRST
2014-06-01 13:02 - 2014-06-01 13:02 - 02067456 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2014-05-31 20:32 - 2014-05-31 20:32 - 00008765 _____ () C:\Users\Alexandra\Desktop\dds.txt
2014-05-31 20:32 - 2014-05-31 20:32 - 00002415 _____ () C:\Users\Alexandra\Desktop\attach.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 00700783 ____R (Swearware) C:\Users\Alexandra\Desktop\dds+.exe
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-05-31 18:28 - 2014-05-31 18:28 - 01087058 _____ (Huntersoft ) C:\Users\Alexandra\Downloads\Unknown80DeviceIdentifier.exe
2014-05-31 18:03 - 2014-05-31 18:03 - 00003544 ____N () C:\bootsqm.dat
2014-05-31 16:41 - 2014-05-31 16:41 - 00002213 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00002205 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-04-15 15:59 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-05-31 16:41 - 2014-04-15 15:59 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-05-31 16:41 - 2014-04-15 15:59 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-05-31 16:39 - 2014-05-31 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-31 16:38 - 2014-05-31 16:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-31 16:38 - 2014-05-31 16:38 - 27883432 _____ (TuneUp Software) C:\Users\Alexandra\Downloads\TuneUpUtilities2014_de-DE.exe
2014-05-29 18:36 - 2014-05-29 20:13 - 00012849 _____ () C:\Users\Alexandra\Desktop\Neues Textdokument.txt
2014-05-27 12:21 - 2014-05-27 12:21 - 00233737 _____ () C:\Users\Alexandra\Downloads\Vieles in der Bibel ist nicht Gottes Wort_ Fälschungen und Widersprüche in der Bibel.mht
2014-05-19 12:29 - 2014-05-19 12:29 - 00295907 _____ () C:\Users\Alexandra\Downloads\Elberfelder Bibel – Wikipedia.mht
2014-05-19 12:06 - 2014-05-19 12:06 - 00317967 _____ () C:\Users\Alexandra\Downloads\El (Gott) – Wikipedia.mht
2014-05-19 11:56 - 2014-05-19 11:56 - 00305376 _____ () C:\Users\Alexandra\Downloads\Biblia Hebraica – Wikipedia.mht
2014-05-19 11:53 - 2014-05-19 11:53 - 00630962 _____ () C:\Users\Alexandra\Downloads\JHWH – Wikipedia.mht
2014-05-18 15:24 - 2014-05-18 15:24 - 01587123 _____ () C:\Users\Alexandra\Downloads\Bibelkunde __ bibelwissenschaft.de.mht
2014-05-18 15:16 - 2014-05-18 15:16 - 00973641 _____ () C:\Users\Alexandra\Downloads\„Der Tag des Herrn“ im Buch des Propheten Amos _ Wissenschaftlich-Theologisches Portal Bogoslov.Ru.mht
2014-05-18 15:08 - 2014-05-18 15:08 - 00469106 _____ () C:\Users\Alexandra\Downloads\Gilgamesch-Epos – Wikipedia.mht
2014-05-18 15:06 - 2014-05-18 15:06 - 00328323 _____ () C:\Users\Alexandra\Downloads\Theophanie – Wikipedia.mht
2014-05-18 14:26 - 2014-05-18 14:26 - 00310463 _____ () C:\Users\Alexandra\Downloads\Buch Esra – Wikipedia.mht
2014-05-18 14:25 - 2014-05-18 14:25 - 00346628 _____ () C:\Users\Alexandra\Downloads\Esra (Person) – Wikipedia.mht
2014-05-18 14:24 - 2014-05-18 14:24 - 00407106 _____ () C:\Users\Alexandra\Downloads\Maleachi – Wikipedia.mht
2014-05-18 14:19 - 2014-05-18 14:19 - 00319703 _____ () C:\Users\Alexandra\Downloads\Tag des Herrn – Wikipedia.mht
2014-05-18 14:05 - 2014-05-18 14:05 - 00000000 ____D () C:\Users\Alexandra\Documents\Neuer Ordner (2)
2014-05-18 14:00 - 2014-05-18 14:00 - 00662437 _____ () C:\Users\Alexandra\Downloads\1. Buch Mose – Wikipedia.mht
2014-05-18 13:58 - 2014-05-18 13:58 - 00292457 _____ () C:\Users\Alexandra\Downloads\Eisegese – Wikipedia.mht
2014-05-18 13:54 - 2014-05-18 13:54 - 00423769 _____ () C:\Users\Alexandra\Downloads\Biblische Exegese – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00477781 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Matthäus – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00296522 _____ () C:\Users\Alexandra\Downloads\Das Matthäus-Evangelium – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00818595 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Johannes – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00337492 _____ () C:\Users\Alexandra\Downloads\Sacharja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00789547 _____ () C:\Users\Alexandra\Downloads\Zeugen Jehovas – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00506443 _____ () C:\Users\Alexandra\Downloads\Jesaja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00334722 _____ () C:\Users\Alexandra\Downloads\Eschatologie – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00519500 _____ () C:\Users\Alexandra\Downloads\Jüngstes Gericht – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00457709 _____ () C:\Users\Alexandra\Downloads\Finsternis bei der Kreuzigung Jesu – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00336333 _____ () C:\Users\Alexandra\Downloads\Buch Amos – Wikipedia.mht

==================== One Month Modified Files and Folders =======

2014-06-01 13:04 - 2014-06-01 13:03 - 00006000 _____ () C:\Users\Alexandra\Desktop\FRST.txt
2014-06-01 13:04 - 2013-01-02 17:50 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\Temp
2014-06-01 13:03 - 2014-06-01 13:03 - 00000000 ____D () C:\FRST
2014-06-01 13:02 - 2014-06-01 13:02 - 02067456 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2014-06-01 13:01 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 13:01 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 12:53 - 2013-01-03 00:41 - 01607147 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 12:50 - 2013-01-07 00:57 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-06-01 12:50 - 2013-01-07 00:53 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-06-01 12:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 12:50 - 2009-07-14 06:51 - 00080412 _____ () C:\Windows\setupact.log
2014-06-01 11:37 - 2013-05-24 23:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 11:24 - 2013-01-04 02:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-31 20:32 - 2014-05-31 20:32 - 00008765 _____ () C:\Users\Alexandra\Desktop\dds.txt
2014-05-31 20:32 - 2014-05-31 20:32 - 00002415 _____ () C:\Users\Alexandra\Desktop\attach.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 00700783 ____R (Swearware) C:\Users\Alexandra\Desktop\dds+.exe
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-05-31 18:28 - 2014-05-31 18:28 - 01087058 _____ (Huntersoft ) C:\Users\Alexandra\Downloads\Unknown80DeviceIdentifier.exe
2014-05-31 18:04 - 2013-01-07 00:54 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-05-31 18:04 - 2013-01-07 00:53 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-05-31 18:04 - 2010-11-21 05:47 - 00518412 _____ () C:\Windows\PFRO.log
2014-05-31 18:03 - 2014-05-31 18:03 - 00003544 ____N () C:\bootsqm.dat
2014-05-31 16:46 - 2014-05-31 16:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-31 16:46 - 2013-06-04 19:46 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-31 16:46 - 2013-06-04 19:40 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-05-31 16:42 - 2014-05-31 16:39 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00002213 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00002205 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-05-31 16:38 - 2014-05-31 16:38 - 27883432 _____ (TuneUp Software) C:\Users\Alexandra\Downloads\TuneUpUtilities2014_de-DE.exe
2014-05-31 16:19 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-29 20:13 - 2014-05-29 18:36 - 00012849 _____ () C:\Users\Alexandra\Desktop\Neues Textdokument.txt
2014-05-27 12:21 - 2014-05-27 12:21 - 00233737 _____ () C:\Users\Alexandra\Downloads\Vieles in der Bibel ist nicht Gottes Wort_ Fälschungen und Widersprüche in der Bibel.mht
2014-05-19 12:29 - 2014-05-19 12:29 - 00295907 _____ () C:\Users\Alexandra\Downloads\Elberfelder Bibel – Wikipedia.mht
2014-05-19 12:06 - 2014-05-19 12:06 - 00317967 _____ () C:\Users\Alexandra\Downloads\El (Gott) – Wikipedia.mht
2014-05-19 11:56 - 2014-05-19 11:56 - 00305376 _____ () C:\Users\Alexandra\Downloads\Biblia Hebraica – Wikipedia.mht
2014-05-19 11:53 - 2014-05-19 11:53 - 00630962 _____ () C:\Users\Alexandra\Downloads\JHWH – Wikipedia.mht
2014-05-18 20:10 - 2011-04-12 09:43 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 20:10 - 2011-04-12 09:43 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 20:10 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 15:24 - 2014-05-18 15:24 - 01587123 _____ () C:\Users\Alexandra\Downloads\Bibelkunde __ bibelwissenschaft.de.mht
2014-05-18 15:16 - 2014-05-18 15:16 - 00973641 _____ () C:\Users\Alexandra\Downloads\„Der Tag des Herrn“ im Buch des Propheten Amos _ Wissenschaftlich-Theologisches Portal Bogoslov.Ru.mht
2014-05-18 15:08 - 2014-05-18 15:08 - 00469106 _____ () C:\Users\Alexandra\Downloads\Gilgamesch-Epos – Wikipedia.mht
2014-05-18 15:06 - 2014-05-18 15:06 - 00328323 _____ () C:\Users\Alexandra\Downloads\Theophanie – Wikipedia.mht
2014-05-18 14:26 - 2014-05-18 14:26 - 00310463 _____ () C:\Users\Alexandra\Downloads\Buch Esra – Wikipedia.mht
2014-05-18 14:25 - 2014-05-18 14:25 - 00346628 _____ () C:\Users\Alexandra\Downloads\Esra (Person) – Wikipedia.mht
2014-05-18 14:24 - 2014-05-18 14:24 - 00407106 _____ () C:\Users\Alexandra\Downloads\Maleachi – Wikipedia.mht
2014-05-18 14:19 - 2014-05-18 14:19 - 00319703 _____ () C:\Users\Alexandra\Downloads\Tag des Herrn – Wikipedia.mht
2014-05-18 14:05 - 2014-05-18 14:05 - 00000000 ____D () C:\Users\Alexandra\Documents\Neuer Ordner (2)
2014-05-18 14:00 - 2014-05-18 14:00 - 00662437 _____ () C:\Users\Alexandra\Downloads\1. Buch Mose – Wikipedia.mht
2014-05-18 13:58 - 2014-05-18 13:58 - 00292457 _____ () C:\Users\Alexandra\Downloads\Eisegese – Wikipedia.mht
2014-05-18 13:54 - 2014-05-18 13:54 - 00423769 _____ () C:\Users\Alexandra\Downloads\Biblische Exegese – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00477781 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Matthäus – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00296522 _____ () C:\Users\Alexandra\Downloads\Das Matthäus-Evangelium – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00818595 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Johannes – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00337492 _____ () C:\Users\Alexandra\Downloads\Sacharja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00789547 _____ () C:\Users\Alexandra\Downloads\Zeugen Jehovas – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00506443 _____ () C:\Users\Alexandra\Downloads\Jesaja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00334722 _____ () C:\Users\Alexandra\Downloads\Eschatologie – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00519500 _____ () C:\Users\Alexandra\Downloads\Jüngstes Gericht – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00457709 _____ () C:\Users\Alexandra\Downloads\Finsternis bei der Kreuzigung Jesu – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00336333 _____ () C:\Users\Alexandra\Downloads\Buch Amos – Wikipedia.mht
2014-05-17 20:48 - 2014-01-18 16:52 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-17 20:48 - 2013-01-04 02:17 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-17 20:48 - 2013-01-04 02:17 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 21:02 - 2013-05-20 19:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 11:38 - 2013-05-24 23:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 11:38 - 2013-04-19 21:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:38 - 2013-04-19 21:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 22:25 - 2013-08-19 13:31 - 00028856 _____ () C:\Users\Alexandra\Documents\Ilie.odt
2014-05-06 23:24 - 2014-04-12 21:25 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\Google
2014-05-06 23:24 - 2013-11-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-02 23:04 - 2013-05-03 17:24 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\Spotify
2014-05-02 22:09 - 2013-05-03 17:24 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-05-09 19:32] - [2012-05-09 19:32] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-05-09 20:12] - [2012-05-09 20:12] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D

C:\Windows\SysWOW64\explorer.exe
[2012-05-09 20:12] - [2012-05-09 20:12] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2012-05-09 19:42] - [2012-05-09 19:42] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C

C:\Windows\SysWOW64\User32.dll
[2012-05-09 19:42] - [2012-05-09 19:42] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-09 20:09] - [2012-05-09 20:09] - 0512512 ____A (Microsoft Corporation) 29AC62409BF4939EE14D70EC07CA12BB

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2012-05-09 19:43] - [2012-05-09 19:43] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA



LastRegBack: 2014-05-29 13:43

==================== End Of Log ============================
         

--- --- ---


Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Alexandra at 2014-06-01 13:04:36
Running from C:\Users\Alexandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{486BEA43-6245-451C-9399-8600DB5E4D5A}) (Version: 15.2.5.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.18 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
office wörterbuch 3 (HKLM-x32\...\office wörterbuch 3) (Version: 3.0 - Lingenio GmbH)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 18.0.1284.68 (HKLM-x32\...\Opera 18.0.1284.68) (Version: 18.0.1284.68 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.0.0 - Synaptics Incorporated)
translate quick 11 (HKLM-x32\...\translate quick 11) (Version: 11.0 - Lingenio GmbH, Heidelberg)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
Unknown Device Identifier 8.00 (HKLM\...\Unknown Device Identifier_is1) (Version:  - Huntersoft)

==================== Restore Points  =========================

25-12-2013 21:43:55 Geplanter Prüfpunkt
18-01-2014 14:50:35 avast! antivirus system restore point
16-02-2014 15:05:45 avast! antivirus system restore point
27-02-2014 22:49:15 Geplanter Prüfpunkt
26-03-2014 09:23:23 Geplanter Prüfpunkt
12-04-2014 19:22:24 avast! antivirus system restore point
30-04-2014 22:03:33 avast! antivirus system restore point
14-05-2014 20:09:54 Geplanter Prüfpunkt
27-05-2014 15:00:35 Geplanter Prüfpunkt
31-05-2014 14:40:35 TuneUp Utilities 2014 wird installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AA73C65-B680-41A3-B734-80FAB55F9D7D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {88725DF7-9E12-48F1-8BAF-DFC60236589F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: {C4BA5C92-AFEF-4410-A18C-6B37AB2BBA94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 15:59 - 2014-04-15 15:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-03-27 09:33 - 2012-03-27 09:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-01 11:24 - 2014-06-01 11:24 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14060100\algo.dll
2013-11-28 13:18 - 2013-11-28 13:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-03 21:58 - 2013-01-03 21:58 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e04a5b3161f602a97ca595fda311ba36\IsdiInterop.ni.dll
2013-01-03 21:57 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 00:50:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 11:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 07:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 06:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:40:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert
.

Error: (05/31/2014 04:19:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 05:33:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 02:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 00:23:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 11:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/01/2014 00:52:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 00:52:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 00:50:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/01/2014 11:33:01 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 11:32:58 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 11:26:03 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 11:24:52 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 11:24:36 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (06/01/2014 11:24:36 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (06/01/2014 11:24:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (06/01/2014 00:50:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 11:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 07:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 06:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:40:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert

Error: (05/31/2014 04:19:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 05:33:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 02:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 00:23:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 11:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3932.36 MB
Available physical RAM: 2737.21 MB
Total Pagefile: 7862.91 MB
Available Pagefile: 6612.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200.76 GB) (Free:157.62 GB) NTFS
Drive d: () (Fixed) (Total:264.9 GB) (Free:250.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 12E5A217)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=265 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=201 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Servus,


wir beginnen so:




Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Guten Abend

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-05-29.01 - Alexandra 02.06.2014  23:59:05.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3932.2834 [GMT 2:00]
ausgeführt von:: c:\users\Alexandra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-02 bis 2014-06-02  ))))))))))))))))))))))))))))))
.
.
2014-06-02 22:05 . 2014-06-02 22:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-01 11:03 . 2014-06-01 11:04	--------	d-----w-	C:\FRST
2014-05-31 16:29 . 2014-05-31 16:29	--------	d-----w-	c:\program files\Unknown Device Identifier
2014-05-31 14:41 . 2014-04-15 13:59	40760	----a-w-	c:\windows\system32\TURegOpt.exe
2014-05-31 14:41 . 2014-04-15 13:59	29496	----a-w-	c:\windows\system32\authuitu.dll
2014-05-31 14:41 . 2014-04-15 13:59	25400	----a-w-	c:\windows\SysWow64\authuitu.dll
2014-05-31 14:41 . 2014-05-31 14:41	--------	d-----w-	c:\users\Alexandra\AppData\Roaming\TuneUp Software
2014-05-31 14:41 . 2014-05-31 14:41	--------	d-----w-	c:\users\Alexandra\AppData\Local\TuneUp Software
2014-05-31 14:41 . 2014-05-31 14:41	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2014
2014-05-31 14:39 . 2014-05-31 14:42	--------	d-----w-	c:\programdata\TuneUp Software
2014-05-31 14:38 . 2014-05-31 14:46	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 22:06 . 2013-01-06 22:53	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2014-06-02 22:06 . 2013-01-06 22:57	58288	----a-w-	c:\windows\SysWow64\rpcnet.dll
2014-05-31 16:04 . 2013-01-06 22:54	17920	----a-w-	c:\windows\SysWow64\rpcnetp.dll
2014-05-31 16:04 . 2013-01-06 22:53	17920	----a-w-	c:\windows\SysWow64\rpcnetp.exe
2014-05-17 18:48 . 2014-01-18 14:52	85328	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-05-17 18:48 . 2013-01-04 00:17	423240	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-05-17 18:48 . 2013-01-04 00:17	1039096	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-05-14 09:38 . 2013-04-19 19:16	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 09:38 . 2013-04-19 19:16	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 22:04 . 2013-04-15 22:44	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-04-30 22:04 . 2014-04-30 22:04	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-04-30 22:04 . 2013-04-15 22:44	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-04-30 22:04 . 2013-01-04 00:17	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-04-30 22:04 . 2013-01-04 00:17	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-04-30 22:04 . 2013-01-04 00:17	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-04-30 22:04 . 2014-04-30 22:04	43152	----a-w-	c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-30 3888648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-19 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-30 22:04	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-01-02 7144960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-cisczhl - c:\programdata\cisczhl.dat
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-03  00:10:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-02 22:10
.
Vor Suchlauf: 7 Verzeichnis(se), 169.022.427.136 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 168.595.492.864 Bytes frei
.
- - End Of File - - C6E64237E94D8E0BB4FA83BAFEEA1EA9
         

Fehlermeldung noch da?

• Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Nein, sie ist weg :-)

FRST:
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Alexandra (administrator) on ALEXANDRA-PC on 04-06-2014 10:30:22
Running from C:\Users\Alexandra\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-01-02] (Broadcom Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2909968 2013-01-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5836800 2013-01-02] (Broadcom Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 10:30 - 2014-06-04 10:30 - 00000000 ____D () C:\Users\Alexandra\Desktop\FRST-OlderVersion
2014-06-03 01:12 - 2014-06-03 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-06-03 00:10 - 2014-06-03 00:10 - 00009233 _____ () C:\ComboFix.txt
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 23:57 - 2014-06-03 00:10 - 00000000 ____D () C:\Qoobox
2014-06-02 23:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 23:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 23:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 23:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 23:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 23:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 23:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 23:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 23:56 - 2014-06-03 00:08 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 23:53 - 2014-06-02 23:53 - 05203398 ____R (Swearware) C:\Users\Alexandra\Desktop\ComboFix.exe
2014-06-01 13:04 - 2014-06-01 13:04 - 00014675 _____ () C:\Users\Alexandra\Desktop\Addition.txt
2014-06-01 13:03 - 2014-06-04 10:30 - 00006006 _____ () C:\Users\Alexandra\Desktop\FRST.txt
2014-06-01 13:03 - 2014-06-04 10:30 - 00000000 ____D () C:\FRST
2014-06-01 13:02 - 2014-06-04 10:30 - 02068992 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2014-05-31 20:32 - 2014-05-31 20:32 - 00008765 _____ () C:\Users\Alexandra\Desktop\dds.txt
2014-05-31 20:32 - 2014-05-31 20:32 - 00002415 _____ () C:\Users\Alexandra\Desktop\attach.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 00700783 ____R (Swearware) C:\Users\Alexandra\Desktop\dds+.exe
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-05-31 18:28 - 2014-05-31 18:28 - 01087058 _____ (Huntersoft ) C:\Users\Alexandra\Downloads\Unknown80DeviceIdentifier.exe
2014-05-31 18:03 - 2014-05-31 18:03 - 00003544 ____N () C:\bootsqm.dat
2014-05-31 16:41 - 2014-05-31 16:41 - 00002213 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00002205 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-04-15 15:59 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-05-31 16:41 - 2014-04-15 15:59 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-05-31 16:41 - 2014-04-15 15:59 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-05-31 16:39 - 2014-05-31 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-31 16:38 - 2014-05-31 16:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-31 16:38 - 2014-05-31 16:38 - 27883432 _____ (TuneUp Software) C:\Users\Alexandra\Downloads\TuneUpUtilities2014_de-DE.exe
2014-05-29 18:36 - 2014-05-29 20:13 - 00012849 _____ () C:\Users\Alexandra\Desktop\Neues Textdokument.txt
2014-05-27 12:21 - 2014-05-27 12:21 - 00233737 _____ () C:\Users\Alexandra\Downloads\Vieles in der Bibel ist nicht Gottes Wort_ Fälschungen und Widersprüche in der Bibel.mht
2014-05-19 12:29 - 2014-05-19 12:29 - 00295907 _____ () C:\Users\Alexandra\Downloads\Elberfelder Bibel – Wikipedia.mht
2014-05-19 12:06 - 2014-05-19 12:06 - 00317967 _____ () C:\Users\Alexandra\Downloads\El (Gott) – Wikipedia.mht
2014-05-19 11:56 - 2014-05-19 11:56 - 00305376 _____ () C:\Users\Alexandra\Downloads\Biblia Hebraica – Wikipedia.mht
2014-05-19 11:53 - 2014-05-19 11:53 - 00630962 _____ () C:\Users\Alexandra\Downloads\JHWH – Wikipedia.mht
2014-05-18 15:24 - 2014-05-18 15:24 - 01587123 _____ () C:\Users\Alexandra\Downloads\Bibelkunde __ bibelwissenschaft.de.mht
2014-05-18 15:16 - 2014-05-18 15:16 - 00973641 _____ () C:\Users\Alexandra\Downloads\„Der Tag des Herrn“ im Buch des Propheten Amos _ Wissenschaftlich-Theologisches Portal Bogoslov.Ru.mht
2014-05-18 15:08 - 2014-05-18 15:08 - 00469106 _____ () C:\Users\Alexandra\Downloads\Gilgamesch-Epos – Wikipedia.mht
2014-05-18 15:06 - 2014-05-18 15:06 - 00328323 _____ () C:\Users\Alexandra\Downloads\Theophanie – Wikipedia.mht
2014-05-18 14:26 - 2014-05-18 14:26 - 00310463 _____ () C:\Users\Alexandra\Downloads\Buch Esra – Wikipedia.mht
2014-05-18 14:25 - 2014-05-18 14:25 - 00346628 _____ () C:\Users\Alexandra\Downloads\Esra (Person) – Wikipedia.mht
2014-05-18 14:24 - 2014-05-18 14:24 - 00407106 _____ () C:\Users\Alexandra\Downloads\Maleachi – Wikipedia.mht
2014-05-18 14:19 - 2014-05-18 14:19 - 00319703 _____ () C:\Users\Alexandra\Downloads\Tag des Herrn – Wikipedia.mht
2014-05-18 14:05 - 2014-05-18 14:05 - 00000000 ____D () C:\Users\Alexandra\Documents\Neuer Ordner (2)
2014-05-18 14:00 - 2014-05-18 14:00 - 00662437 _____ () C:\Users\Alexandra\Downloads\1. Buch Mose – Wikipedia.mht
2014-05-18 13:58 - 2014-05-18 13:58 - 00292457 _____ () C:\Users\Alexandra\Downloads\Eisegese – Wikipedia.mht
2014-05-18 13:54 - 2014-05-18 13:54 - 00423769 _____ () C:\Users\Alexandra\Downloads\Biblische Exegese – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00477781 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Matthäus – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00296522 _____ () C:\Users\Alexandra\Downloads\Das Matthäus-Evangelium – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00818595 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Johannes – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00337492 _____ () C:\Users\Alexandra\Downloads\Sacharja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00789547 _____ () C:\Users\Alexandra\Downloads\Zeugen Jehovas – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00506443 _____ () C:\Users\Alexandra\Downloads\Jesaja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00334722 _____ () C:\Users\Alexandra\Downloads\Eschatologie – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00519500 _____ () C:\Users\Alexandra\Downloads\Jüngstes Gericht – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00457709 _____ () C:\Users\Alexandra\Downloads\Finsternis bei der Kreuzigung Jesu – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00336333 _____ () C:\Users\Alexandra\Downloads\Buch Amos – Wikipedia.mht

==================== One Month Modified Files and Folders =======

2014-06-04 10:30 - 2014-06-04 10:30 - 00000000 ____D () C:\Users\Alexandra\Desktop\FRST-OlderVersion
2014-06-04 10:30 - 2014-06-01 13:03 - 00006006 _____ () C:\Users\Alexandra\Desktop\FRST.txt
2014-06-04 10:30 - 2014-06-01 13:03 - 00000000 ____D () C:\FRST
2014-06-04 10:30 - 2014-06-01 13:02 - 02068992 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2014-06-04 10:30 - 2013-01-02 17:50 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\Temp
2014-06-04 10:28 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 10:28 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 10:24 - 2013-01-03 00:41 - 01626296 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 10:22 - 2013-01-04 02:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-04 10:21 - 2013-01-07 00:57 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-06-04 10:21 - 2013-01-07 00:53 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-06-04 10:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 10:21 - 2009-07-14 06:51 - 00080804 _____ () C:\Windows\setupact.log
2014-06-03 21:37 - 2013-05-24 23:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 01:12 - 2014-06-03 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-06-03 00:10 - 2014-06-03 00:10 - 00009233 _____ () C:\ComboFix.txt
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 00:10 - 2014-06-03 00:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 00:10 - 2014-06-02 23:57 - 00000000 ____D () C:\Qoobox
2014-06-03 00:10 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-03 00:08 - 2014-06-02 23:56 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 00:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-03 00:05 - 2010-11-21 05:47 - 00518946 _____ () C:\Windows\PFRO.log
2014-06-02 23:53 - 2014-06-02 23:53 - 05203398 ____R (Swearware) C:\Users\Alexandra\Desktop\ComboFix.exe
2014-06-01 13:04 - 2014-06-01 13:04 - 00014675 _____ () C:\Users\Alexandra\Desktop\Addition.txt
2014-05-31 20:32 - 2014-05-31 20:32 - 00008765 _____ () C:\Users\Alexandra\Desktop\dds.txt
2014-05-31 20:32 - 2014-05-31 20:32 - 00002415 _____ () C:\Users\Alexandra\Desktop\attach.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 00700783 ____R (Swearware) C:\Users\Alexandra\Desktop\dds+.exe
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
2014-05-31 18:29 - 2014-05-31 18:29 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-05-31 18:28 - 2014-05-31 18:28 - 01087058 _____ (Huntersoft ) C:\Users\Alexandra\Downloads\Unknown80DeviceIdentifier.exe
2014-05-31 18:04 - 2013-01-07 00:54 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-05-31 18:04 - 2013-01-07 00:53 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-05-31 18:03 - 2014-05-31 18:03 - 00003544 ____N () C:\bootsqm.dat
2014-05-31 16:46 - 2014-05-31 16:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-31 16:46 - 2013-06-04 19:46 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-31 16:46 - 2013-06-04 19:40 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-05-31 16:42 - 2014-05-31 16:39 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00002213 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00002205 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Roaming\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\TuneUp Software
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-05-31 16:41 - 2014-05-31 16:41 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-05-31 16:38 - 2014-05-31 16:38 - 27883432 _____ (TuneUp Software) C:\Users\Alexandra\Downloads\TuneUpUtilities2014_de-DE.exe
2014-05-31 16:19 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-29 20:13 - 2014-05-29 18:36 - 00012849 _____ () C:\Users\Alexandra\Desktop\Neues Textdokument.txt
2014-05-27 12:21 - 2014-05-27 12:21 - 00233737 _____ () C:\Users\Alexandra\Downloads\Vieles in der Bibel ist nicht Gottes Wort_ Fälschungen und Widersprüche in der Bibel.mht
2014-05-19 12:29 - 2014-05-19 12:29 - 00295907 _____ () C:\Users\Alexandra\Downloads\Elberfelder Bibel – Wikipedia.mht
2014-05-19 12:06 - 2014-05-19 12:06 - 00317967 _____ () C:\Users\Alexandra\Downloads\El (Gott) – Wikipedia.mht
2014-05-19 11:56 - 2014-05-19 11:56 - 00305376 _____ () C:\Users\Alexandra\Downloads\Biblia Hebraica – Wikipedia.mht
2014-05-19 11:53 - 2014-05-19 11:53 - 00630962 _____ () C:\Users\Alexandra\Downloads\JHWH – Wikipedia.mht
2014-05-18 20:10 - 2011-04-12 09:43 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 20:10 - 2011-04-12 09:43 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 20:10 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 15:24 - 2014-05-18 15:24 - 01587123 _____ () C:\Users\Alexandra\Downloads\Bibelkunde __ bibelwissenschaft.de.mht
2014-05-18 15:16 - 2014-05-18 15:16 - 00973641 _____ () C:\Users\Alexandra\Downloads\„Der Tag des Herrn“ im Buch des Propheten Amos _ Wissenschaftlich-Theologisches Portal Bogoslov.Ru.mht
2014-05-18 15:08 - 2014-05-18 15:08 - 00469106 _____ () C:\Users\Alexandra\Downloads\Gilgamesch-Epos – Wikipedia.mht
2014-05-18 15:06 - 2014-05-18 15:06 - 00328323 _____ () C:\Users\Alexandra\Downloads\Theophanie – Wikipedia.mht
2014-05-18 14:26 - 2014-05-18 14:26 - 00310463 _____ () C:\Users\Alexandra\Downloads\Buch Esra – Wikipedia.mht
2014-05-18 14:25 - 2014-05-18 14:25 - 00346628 _____ () C:\Users\Alexandra\Downloads\Esra (Person) – Wikipedia.mht
2014-05-18 14:24 - 2014-05-18 14:24 - 00407106 _____ () C:\Users\Alexandra\Downloads\Maleachi – Wikipedia.mht
2014-05-18 14:19 - 2014-05-18 14:19 - 00319703 _____ () C:\Users\Alexandra\Downloads\Tag des Herrn – Wikipedia.mht
2014-05-18 14:05 - 2014-05-18 14:05 - 00000000 ____D () C:\Users\Alexandra\Documents\Neuer Ordner (2)
2014-05-18 14:00 - 2014-05-18 14:00 - 00662437 _____ () C:\Users\Alexandra\Downloads\1. Buch Mose – Wikipedia.mht
2014-05-18 13:58 - 2014-05-18 13:58 - 00292457 _____ () C:\Users\Alexandra\Downloads\Eisegese – Wikipedia.mht
2014-05-18 13:54 - 2014-05-18 13:54 - 00423769 _____ () C:\Users\Alexandra\Downloads\Biblische Exegese – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00477781 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Matthäus – Wikipedia.mht
2014-05-18 13:52 - 2014-05-18 13:52 - 00296522 _____ () C:\Users\Alexandra\Downloads\Das Matthäus-Evangelium – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00818595 _____ () C:\Users\Alexandra\Downloads\Evangelium nach Johannes – Wikipedia.mht
2014-05-18 13:39 - 2014-05-18 13:39 - 00337492 _____ () C:\Users\Alexandra\Downloads\Sacharja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00789547 _____ () C:\Users\Alexandra\Downloads\Zeugen Jehovas – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00506443 _____ () C:\Users\Alexandra\Downloads\Jesaja – Wikipedia.mht
2014-05-18 13:38 - 2014-05-18 13:38 - 00334722 _____ () C:\Users\Alexandra\Downloads\Eschatologie – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00519500 _____ () C:\Users\Alexandra\Downloads\Jüngstes Gericht – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00457709 _____ () C:\Users\Alexandra\Downloads\Finsternis bei der Kreuzigung Jesu – Wikipedia.mht
2014-05-18 13:37 - 2014-05-18 13:37 - 00336333 _____ () C:\Users\Alexandra\Downloads\Buch Amos – Wikipedia.mht
2014-05-17 20:48 - 2014-01-18 16:52 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-17 20:48 - 2013-01-04 02:17 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-17 20:48 - 2013-01-04 02:17 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 21:02 - 2013-05-20 19:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 11:38 - 2013-05-24 23:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 11:38 - 2013-04-19 21:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:38 - 2013-04-19 21:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 22:25 - 2013-08-19 13:31 - 00028856 _____ () C:\Users\Alexandra\Documents\Ilie.odt
2014-05-06 23:24 - 2014-04-12 21:25 - 00000000 ____D () C:\Users\Alexandra\AppData\Local\Google
2014-05-06 23:24 - 2013-11-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Google

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-05-09 19:32] - [2012-05-09 19:32] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-05-09 20:12] - [2012-05-09 20:12] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D

C:\Windows\SysWOW64\explorer.exe
[2012-05-09 20:12] - [2012-05-09 20:12] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2012-05-09 19:42] - [2012-05-09 19:42] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C

C:\Windows\SysWOW64\User32.dll
[2012-05-09 19:42] - [2012-05-09 19:42] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-09 20:09] - [2012-05-09 20:09] - 0512512 ____A (Microsoft Corporation) 29AC62409BF4939EE14D70EC07CA12BB

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2012-05-09 19:43] - [2012-05-09 19:43] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA



LastRegBack: 2014-05-29 13:43

==================== End Of Log ============================
         

--- --- ---


Addition:

Code: Alles auswählenAufklappen

ATTFilter

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Alexandra at 2014-06-04 10:31:04
Running from C:\Users\Alexandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{486BEA43-6245-451C-9399-8600DB5E4D5A}) (Version: 15.2.5.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.18 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
office wörterbuch 3 (HKLM-x32\...\office wörterbuch 3) (Version: 3.0 - Lingenio GmbH)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 18.0.1284.68 (HKLM-x32\...\Opera 18.0.1284.68) (Version: 18.0.1284.68 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.0.0 - Synaptics Incorporated)
translate quick 11 (HKLM-x32\...\translate quick 11) (Version: 11.0 - Lingenio GmbH, Heidelberg)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
Unknown Device Identifier 8.00 (HKLM\...\Unknown Device Identifier_is1) (Version:  - Huntersoft)

==================== Restore Points  =========================

25-12-2013 21:43:55 Geplanter Prüfpunkt
18-01-2014 14:50:35 avast! antivirus system restore point
16-02-2014 15:05:45 avast! antivirus system restore point
27-02-2014 22:49:15 Geplanter Prüfpunkt
26-03-2014 09:23:23 Geplanter Prüfpunkt
12-04-2014 19:22:24 avast! antivirus system restore point
30-04-2014 22:03:33 avast! antivirus system restore point
14-05-2014 20:09:54 Geplanter Prüfpunkt
27-05-2014 15:00:35 Geplanter Prüfpunkt
31-05-2014 14:40:35 TuneUp Utilities 2014 wird installiert
02-06-2014 21:57:19 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-03 00:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AA73C65-B680-41A3-B734-80FAB55F9D7D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {88725DF7-9E12-48F1-8BAF-DFC60236589F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: {9B82E6EF-4E0A-4C55-9760-0F341812F9F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {C4BA5C92-AFEF-4410-A18C-6B37AB2BBA94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 15:59 - 2014-04-15 15:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-03-27 09:33 - 2012-03-27 09:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-03 21:03 - 2014-06-03 21:03 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060300\algo.dll
2014-06-04 10:22 - 2014-06-04 10:22 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060301\algo.dll
2013-11-28 13:18 - 2013-11-28 13:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-03 21:58 - 2013-01-03 21:58 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e04a5b3161f602a97ca595fda311ba36\IsdiInterop.ni.dll
2013-01-03 21:57 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 10:22:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 09:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 00:07:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert
.

Error: (06/02/2014 11:35:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 00:50:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 11:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 07:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 06:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:40:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (06/04/2014 10:23:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/04/2014 10:21:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/03/2014 09:46:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/03/2014 09:43:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/03/2014 09:05:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/03/2014 09:03:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/03/2014 09:03:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.12
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (06/03/2014 09:03:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/03/2014 00:37:11 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/03/2014 00:37:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (06/04/2014 10:22:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 09:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 00:07:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert

Error: (06/02/2014 11:35:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 00:50:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 11:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 07:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 06:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:40:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.

System Error:
Zugriff verweigert


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3932.36 MB
Available physical RAM: 2742.27 MB
Total Pagefile: 7862.91 MB
Available Pagefile: 6613.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200.76 GB) (Free:157.04 GB) NTFS
Drive d: () (Fixed) (Total:264.9 GB) (Free:250.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 12E5A217)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=265 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=201 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
 
 

Wir kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.





Schritt 1

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 2
Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort

• die Logdatei von ESET,
• die Logdatei von SecurityCheck.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!