Probleme nach Bundestrojaner

Klimbir · 09.07.2014, 14:06

Sehr geehrte Trojaner-Board Community,

Ich hatte mit meinem Computer einen Bundestrojaner und jetzt, nachdem ich ihn erfolgreich entfernt habe, kommt beim Hochfahren die Meldung "Server überlastet". Wenn ich bei der Meldung auf "Wechseln zu" klicke öffnet sich einfach nur das Startmenü. Außerdem ist mir aufgefallen, dass sich die Netzwerkeinstellungen nichtmehr ändern lassen.

Ich wäre über eine schnelle Antwort sehr Glücklich.

Mit freundlichen Grüßen,

Klimbir

schrauber · 09.07.2014, 14:09

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Klimbir · 09.07.2014, 14:40

Hatte chkdsk gestartet gehabt und das hat leider ein wenig aufgehalten.

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by us (administrator) on PC-02 on 09-07-2014 15:33:55
Running from C:\Users\us\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Transaction Software, D 81829 Munich) C:\SDII\TRANSBAS\sd2D__D__.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Transaction Software, D 81829 Munich) D:\TECDOC_CD\4_2012\db\tbmux32.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Deutsche Automobil Treuhand) C:\SDII\D\D\EXE.W95\SD2VSD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403616 2011-12-16] (Acronis)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM-x32\...\Run: [AVK Client] => C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe [1539656 2010-06-23] (G Data Software AG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5992064 2011-12-16] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5853184 2009-12-17] (LaCie SA)
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [MFP and Storage Server] => [X]
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
ShortcutTarget: SanDisk Media Manager.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDASSIST.LNK
ShortcutTarget: SDASSIST.LNK -> C:\SDII\D\D\EXE.W95\SDASSIST.exe (Deutsche Automobil Treuhand GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD635E19D177CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CGMFragment Class - {0695F52A-89A2-4246-81B5-AFAD2D3B865F} - C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll ()
BHO-x32: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {14F94215-CA07-4CA0-B451-E5D78B68CC58} https://www.protect-software.com/download/PDLicHelperSetup2.exe
Tcpip\..\Interfaces\{FD8728E3-1FF0-4819-ADB5-A847190E391C}: [NameServer]192.168.10.100,192.168.10.1

FireFox:
========
FF ProfilePath: C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: VideoDownloadConverter - C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-10]
FF Extension: Advertising Cookie Opt-out - C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\Extensions\optout@google.com.xpi [2011-06-01]
FF Extension: WEB.DE MailCheck - C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\Extensions\toolbar@web.de.xpi [2012-06-29]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com",
			"hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=9423BCAEC5B72534&affID=119556&tsp=4930"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
CHR Extension: (YouTube) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google Search) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (No Name) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-07-01]
CHR Extension: (No Name) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-04-12]
CHR Extension: (Gmail) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]

==================== Services (Whitelisted) =================

R2 AntiVirusKit Client; C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe [1539656 2010-06-23] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1073224 2010-05-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe [1778336 2010-03-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [339016 2010-04-22] (G Data Software AG)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SD2D__D__; C:\SDII\TRANSBAS\SD2D__D__.EXE [401408 2006-08-03] (Transaction Software, D 81829 Munich) [File not signed]
R2 Transbase TECDOC CD 4_2012 Service; D:\TECDOC_CD\4_2012\db\tbmux32.exe [360448 2012-08-29] (Transaction Software, D 81829 Munich) [File not signed]
S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 Winmgmt; C:\PROGRA~3\73BC95D0E4982B2B8753E30EB60B9770\zlodhgr.dot [X]

==================== Drivers (Whitelisted) ====================

R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG                         )
R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG                         )
S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG                         )
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [84936 2011-05-09] (G Data Software AG)
S1 GRD; C:\Windows\SysWOW64\drivers\GRD.sys [106224 2014-07-07] (G Data Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 15:33 - 2014-07-09 15:34 - 00018410 _____ () C:\Users\us\Desktop\FRST.txt
2014-07-09 15:33 - 2014-07-09 15:33 - 00000000 ____D () C:\FRST
2014-07-09 15:33 - 2014-07-09 15:13 - 02084352 _____ (Farbar) C:\Users\us\Desktop\FRST64.exe
2014-07-09 14:26 - 2014-07-09 14:26 - 00007614 _____ () C:\Users\us\AppData\Local\Resmon.ResmonCfg
2014-07-09 14:11 - 2014-07-09 14:11 - 00087408 _____ () C:\Users\us\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-09 14:08 - 2014-07-09 15:32 - 00001075 _____ () C:\Windows\setupact.log
2014-07-09 14:08 - 2014-07-09 14:08 - 00000378 _____ () C:\Windows\PFRO.log
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 11:47 - 2014-07-09 11:48 - 00000000 ____D () C:\AdwCleaner
2014-07-08 12:34 - 2014-07-08 12:34 - 00000000 ____D () C:\ProgramData\73BC95~1
2014-07-08 10:54 - 2014-07-08 10:54 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4700-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4980-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-4208-F.txt
2014-07-08 10:42 - 2014-07-08 10:42 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2920-F.txt
2014-07-08 10:36 - 2014-07-08 10:36 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4988-F.txt
2014-07-08 10:35 - 2014-07-08 10:35 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-07-08 10:32 - 2014-07-08 10:32 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-07-08 10:31 - 2014-07-08 10:31 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-08 10:27 - 2014-07-08 10:27 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4392-F.txt
2014-07-08 10:26 - 2014-07-08 10:26 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-544-F.txt
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\Program Files\.directory
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\.directory
2014-07-07 14:35 - 2014-07-07 14:35 - 00000118 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-07 14:20 - 2014-07-07 14:20 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-07 14:19 - 2014-07-07 14:19 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3812-F.txt
2014-07-07 14:16 - 2014-07-07 14:16 - 00003336 ____N () C:\bootsqm.dat
2014-07-07 14:10 - 2014-07-07 14:10 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-07-07 14:08 - 2014-07-07 14:09 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-5040-F.txt
2014-07-07 11:16 - 2014-07-07 11:20 - 00000622 _____ () C:\ProgramData\RUNDLL32.EXE-3580-F.txt
2014-07-07 08:24 - 2014-07-07 09:57 - 00012513 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-07-07 08:22 - 2014-07-07 08:22 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-3672-F.txt
2014-07-07 07:54 - 2014-07-07 08:17 - 00019978 _____ () C:\ProgramData\RUNDLL32.EXE-968-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-06 17:30 - 2014-07-07 07:03 - 00008280 _____ () C:\ProgramData\RUNDLL32.EXE-2296-F.txt
2014-07-06 17:25 - 2014-07-06 17:27 - 00001506 _____ () C:\ProgramData\RUNDLL32.EXE-4820-F.txt
2014-07-06 17:21 - 2014-07-06 17:21 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-1696-F.txt
2014-07-05 11:26 - 2014-07-05 11:29 - 00024907 _____ () C:\ProgramData\RUNDLL32.EXE-6560-F.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f6a4faa5682.job
2014-06-18 17:29 - 2014-07-09 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 07:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 07:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 07:10 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 07:10 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 07:10 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 07:10 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 07:10 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 07:10 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 07:10 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 07:10 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 07:10 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 07:10 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 07:10 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 07:10 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 07:10 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 07:10 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 07:10 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 07:10 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 07:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 07:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 07:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 07:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 07:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 07:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 07:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 07:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 07:09 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 07:09 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 07:09 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 07:09 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 07:09 - 2014-05-24 02:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 07:09 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2014-07-09 16:05 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-07-09 15:34 - 2014-07-09 15:33 - 00018410 _____ () C:\Users\us\Desktop\FRST.txt
2014-07-09 15:34 - 2011-05-09 11:00 - 01175462 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 15:33 - 2014-07-09 15:33 - 00000000 ____D () C:\FRST
2014-07-09 15:32 - 2014-07-09 14:08 - 00001075 _____ () C:\Windows\setupact.log
2014-07-09 15:13 - 2014-07-09 15:33 - 02084352 _____ (Farbar) C:\Users\us\Desktop\FRST64.exe
2014-07-09 14:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 14:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 14:26 - 2014-07-09 14:26 - 00007614 _____ () C:\Users\us\AppData\Local\Resmon.ResmonCfg
2014-07-09 14:11 - 2014-07-09 14:11 - 00087408 _____ () C:\Users\us\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-09 14:08 - 2014-07-09 14:08 - 00000378 _____ () C:\Windows\PFRO.log
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 13:41 - 2011-05-10 13:37 - 00000000 ____D () C:\Windows\pss
2014-07-09 11:57 - 2014-03-06 11:59 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-09 11:56 - 2014-06-18 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-09 11:56 - 2014-03-05 19:23 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 11:56 - 2011-05-09 11:51 - 00000000 ____D () C:\Windows\Panther
2014-07-09 11:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-09 11:48 - 2014-07-09 11:47 - 00000000 ____D () C:\AdwCleaner
2014-07-08 15:18 - 2009-07-14 06:45 - 00345016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 12:34 - 2014-07-08 12:34 - 00000000 ____D () C:\ProgramData\73BC95~1
2014-07-08 11:10 - 2014-03-12 20:02 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-07-08 10:54 - 2014-07-08 10:54 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4700-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4980-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-4208-F.txt
2014-07-08 10:42 - 2014-07-08 10:42 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2920-F.txt
2014-07-08 10:36 - 2014-07-08 10:36 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4988-F.txt
2014-07-08 10:35 - 2014-07-08 10:35 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-07-08 10:32 - 2014-07-08 10:32 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-07-08 10:31 - 2014-07-08 10:31 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-08 10:27 - 2014-07-08 10:27 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4392-F.txt
2014-07-08 10:26 - 2014-07-08 10:26 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-544-F.txt
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\Program Files\.directory
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\.directory
2014-07-07 14:35 - 2014-07-07 14:35 - 00000118 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-07 14:20 - 2014-07-07 14:20 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-07 14:19 - 2014-07-07 14:19 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3812-F.txt
2014-07-07 14:16 - 2014-07-07 14:16 - 00003336 ____N () C:\bootsqm.dat
2014-07-07 14:10 - 2014-07-07 14:10 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-07-07 14:09 - 2014-07-07 14:08 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-5040-F.txt
2014-07-07 12:49 - 2011-05-16 12:05 - 00106224 _____ (G Data Software) C:\Windows\SysWOW64\Drivers\GRD.sys
2014-07-07 11:20 - 2014-07-07 11:16 - 00000622 _____ () C:\ProgramData\RUNDLL32.EXE-3580-F.txt
2014-07-07 09:57 - 2014-07-07 08:24 - 00012513 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-07-07 08:25 - 2011-05-09 14:17 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-07 08:22 - 2014-07-07 08:22 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-3672-F.txt
2014-07-07 08:17 - 2014-07-07 07:54 - 00019978 _____ () C:\ProgramData\RUNDLL32.EXE-968-F.txt
2014-07-07 07:54 - 2011-05-12 09:55 - 00000000 ____D () C:\Program Files (x86)\KPfW
2014-07-07 07:04 - 2014-07-07 07:04 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-07 07:03 - 2014-07-06 17:30 - 00008280 _____ () C:\ProgramData\RUNDLL32.EXE-2296-F.txt
2014-07-06 17:27 - 2014-07-06 17:25 - 00001506 _____ () C:\ProgramData\RUNDLL32.EXE-4820-F.txt
2014-07-06 17:21 - 2014-07-06 17:21 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-1696-F.txt
2014-07-05 11:29 - 2014-07-05 11:26 - 00024907 _____ () C:\ProgramData\RUNDLL32.EXE-6560-F.txt
2014-07-04 11:44 - 2014-04-04 14:06 - 00000496 _____ () C:\Windows\TOPTRUCK.INI
2014-07-04 10:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-04 08:44 - 2013-01-08 12:30 - 00000348 _____ () C:\Windows\ODBC.INI
2014-06-24 16:19 - 2011-06-01 11:44 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-06-24 07:08 - 2014-06-24 07:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f6a4faa5682.job
2014-06-21 08:50 - 2013-03-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 09:09 - 2014-04-30 09:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 09:04 - 2013-08-15 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 13:05 - 2011-12-08 18:29 - 00000000 ____D () C:\Users\us\AppData\Roaming\ZoomBrowser EX
2014-06-11 13:05 - 2011-12-08 18:25 - 00000000 ____D () C:\ProgramData\ZoomBrowser

Files to move or delete:
====================
C:\Users\hotkey\TopTapi2.dll
C:\Users\us\TopTapi2.dll
C:\Users\us\AppData\Roaming\msconfig.ini


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-28 11:19

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by us at 2014-07-09 15:35:06
Running from C:\Users\us\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible) (Version: 15.0.6154 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.6154 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.0 (HKLM-x32\...\InstallShield_{FEDCEFC4-62F6-4B71-B37E-11A7CB6BC5F8}) (Version: 7.0.50.03 - PTC)
Arbortext IsoView 7.0 (x32 Version: 7.0.50.03 - PTC) Hidden
Auerswald COMfortel Melody 1.3.0 (HKLM-x32\...\{527BB01E-3067-4608-BF7F-EFEF0920C203}) (Version: 1.3.0 - Auerswald GmbH & Co.KG)
Auerswald COMfortel Set 2.8.0 (HKLM-x32\...\{A2B09CFD-F0B2-30AF-8DF4-1DF6B63FC7B5}) (Version: 2.8.0 - Auerswald GmbH & Co.KG)
Auerswald Uni TAPI Treiber (HKLM\...\Auerswald Uni TAPI Treiber) (Version:  - Auerswald GmbH & Co.KG)
Auerswald-CAPI-2.0-Treiber (HKLM\...\Auerswald CAPI 2.0 Treiber) (Version:  - Auerswald GmbH & Co.KG)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Brother MFL-Pro Suite MFC-8370DN (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2560 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
G Data AntiVirus Client (HKLM-x32\...\{7F07767B-0141-49E4-A850-5EAB7D08C2FA}) (Version: 10.7.0 - G Data Software AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet 6100 - Grundlegende Software für das Gerät (HKLM\...\{2FC1E742-A4E6-4EBA-8179-E0DFE7231324}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
ICOP Server (HKLM-x32\...\{53E1ACE8-50DE-44EB-9DE4-CB24103743F0}) (Version: 2.0.40 - General Motors)
Image Plugin (HKLM-x32\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.05.0001 - Snap-on Business Solutions)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 14.6.9.0 (HKLM\...\PROSetDX) (Version: 14.6.9.0 - Intel)
Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0 - Intel) Hidden
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JRE 1.6.1 (HKLM-x32\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
KfzPilot für Windows (HKLM-x32\...\ODEUNST #1) (Version:  - )
LaCie Network Assistant 1.4.1.35 (HKLM-x32\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.4.1.35 - LaCie SA)
MetaWeb (HKLM-x32\...\{73DE96F9-C03B-4FF4-A027-FFBF6B087EBD}) (Version: 3.2.0.2 - CGM Technology Services)
MFP and Storage Server (HKLM-x32\...\InstallShield_{5B13ECF5-5B59-45B7-83A4-BC27F33F39BA}) (Version: 0.09.1006.0040 - Ihr Firmenname)
MFP and Storage Server (Version: 0.09.1006.0040 - Ihr Firmenname) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SanDisk ® Media Manager (HKLM-x32\...\{591B2FA3-E8BC-4163-B1E8-0723DFB67E1D}) (Version: 2.1.0.4 - SanDisk)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SilverDATII(Remove only) (HKLM-x32\...\SilverDATII) (Version:  - Deutsche Automobil Treuhand GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12142 - TeamViewer)
TECDOC CD (x32 Version: 4.2012 - www.tecdoc.net) Hidden
TECDOC CD 4.2012 (HKLM-x32\...\InstallShield_{2B742458-40DF-4E91-B369-897750C44050}) (Version: 4.2012 - www.tecdoc.net)
TIFF Viewer Plugin (HKLM-x32\...\TIFF Viewer Plugin) (Version:  - )
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
TOPTRUCK (02/2014) (HKLM-x32\...\{4E95F911-B344-48FB-8E5E-1CED78E0FBDE}) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C5A11E0-5522-4660-812B-0B07B34D3D4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23] (Adobe Systems Incorporated)
Task: {98CEA0FC-54EE-4B68-86A2-307796417A64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {A4855E9A-785F-4F49-9C43-81B0096F9739} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {FCC1FF64-35D3-4B9A-9516-3DA08B12EA2E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f6a4faa5682.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-01-16 13:27 - 2007-01-16 13:27 - 00022016 _____ () C:\Windows\System32\clpa1l6.dll
2011-05-12 12:49 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-29 18:18 - 2012-06-08 13:02 - 00021432 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2011-12-16 15:02 - 2011-12-16 15:02 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-07-09 14:12 - 2014-07-09 14:12 - 00115137 _____ () C:\Users\us\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
2011-12-16 18:51 - 2011-12-16 18:51 - 13923280 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2013-06-26 10:24 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-04-03 10:38 - 2011-12-20 15:14 - 00306176 _____ () c:\SDII\D\D\EXE.W95\TL416m4n.dll
2012-04-03 10:38 - 2011-12-20 15:18 - 00916992 _____ () c:\SDII\D\D\EXE.W95\SV416m4n.dll
2011-06-09 16:52 - 2013-02-22 10:59 - 02847744 _____ () c:\SDII\D\D\EXE.W95\dattool.dll
2011-06-09 16:53 - 2014-03-25 06:35 - 00268800 _____ () c:\SDII\D\D\EXE.W95\PVW32CNV.DLL
2011-12-16 15:37 - 2011-12-16 15:37 - 00018784 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\as\Documents\Immobilienmarkt _ Anzeige.eml:OECustomProperty
AlternateDataStreams: C:\Users\as\Documents\Messe Gondorf 26_06_2010 Jörg Schuh.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^us^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^autostart.lnk => C:\Windows\pss\autostart.lnk.Startup

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 03:32:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (5888) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\us\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (07/09/2014 02:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chkdsk.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc262
Name des fehlerhaften Moduls: ifsutil.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c6bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001229c
ID des fehlerhaften Prozesses: 0x11d8
Startzeit der fehlerhaften Anwendung: 0xchkdsk.exe0
Pfad der fehlerhaften Anwendung: chkdsk.exe1
Pfad des fehlerhaften Moduls: chkdsk.exe2
Berichtskennung: chkdsk.exe3

Error: (07/09/2014 02:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chkdsk.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc262
Name des fehlerhaften Moduls: ifsutil.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c6bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001229c
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xchkdsk.exe0
Pfad der fehlerhaften Anwendung: chkdsk.exe1
Pfad des fehlerhaften Moduls: chkdsk.exe2
Berichtskennung: chkdsk.exe3

Error: (07/09/2014 11:59:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: defraggler64.exe, Version: 2.17.0.898, Zeitstempel: 0x52f0e4c6
Name des fehlerhaften Moduls: dbghelp.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce7c5ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fef9061ef0
ID des fehlerhaften Prozesses: 0x12a8
Startzeit der fehlerhaften Anwendung: 0xdefraggler64.exe0
Pfad der fehlerhaften Anwendung: defraggler64.exe1
Pfad des fehlerhaften Moduls: defraggler64.exe2
Berichtskennung: defraggler64.exe3

Error: (07/07/2014 00:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 7.0.12142.0, Zeitstempel: 0x4ed4aac4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012019f
ID des fehlerhaften Prozesses: 0x97c
Startzeit der fehlerhaften Anwendung: 0xTeamViewer_Service.exe0
Pfad der fehlerhaften Anwendung: TeamViewer_Service.exe1
Pfad des fehlerhaften Moduls: TeamViewer_Service.exe2
Berichtskennung: TeamViewer_Service.exe3

Error: (07/07/2014 07:01:57 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/07/07 07:01:57.030]: [00000692]: lperrcode->api = 3 , lperrcode->code = 2

Error: (07/06/2014 05:38:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/07/06 17:38:15.349]: [00000692]: lperrcode->api = 3 , lperrcode->code = 2

Error: (07/05/2014 09:32:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 08:16:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/09/2014 03:40:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:39:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:38:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:38:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:37:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:37:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:36:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:36:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/09/2014 03:35:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (07/09/2014 03:32:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost5888WebCacheLocal: C:\Users\us\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (07/09/2014 02:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chkdsk.exe6.1.7600.163854a5bc262ifsutil.dll6.1.7601.175144ce7c6bbc0000005000000000001229c11d801cf9b7110479681C:\Windows\system32\chkdsk.exeC:\Windows\system32\ifsutil.dll4df42162-0764-11e4-bd40-bcaec5b72534

Error: (07/09/2014 02:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chkdsk.exe6.1.7600.163854a5bc262ifsutil.dll6.1.7601.175144ce7c6bbc0000005000000000001229cda801cf9b71049e98eaC:\Windows\system32\chkdsk.exeC:\Windows\system32\ifsutil.dll42974fd3-0764-11e4-bd40-bcaec5b72534

Error: (07/09/2014 11:59:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: defraggler64.exe2.17.0.89852f0e4c6dbghelp.dll_unloaded0.0.0.04ce7c5acc0000005000007fef9061ef012a801cf9b5c8474f3d9C:\Program Files\Defraggler\defraggler64.exedbghelp.dllc34647fb-074f-11e4-b19e-bcaec5b72534

Error: (07/07/2014 00:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Service.exe7.0.12142.04ed4aac4unknown0.0.0.000000000c00000050012019f97c01cf99c4ef9695b4C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exeunknownd96bcc75-05c2-11e4-b96b-bcaec5b72534

Error: (07/07/2014 07:01:57 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/07/07 07:01:57.030]: [00000692]: lperrcode->api = 3 , lperrcode->code = 2

Error: (07/06/2014 05:38:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/07/06 17:38:15.349]: [00000692]: lperrcode->api = 3 , lperrcode->code = 2

Error: (07/05/2014 09:32:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 08:16:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8075.99 MB
Available physical RAM: 5823.47 MB
Total Pagefile: 16150.16 MB
Available Pagefile: 13467.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:371.8 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:373.98 GB) NTFS
Drive j: () (Removable) (Total:3.26 GB) (Free:3.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 823491AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F1C1EFE7)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 4 GB) (Disk ID: 000CA1BE)
Partition 1: (Not Active) - (Size=3 GB) - (Type=83)
Partition 2: (Active) - (Size=97 MB) - (Type=83)
Partition 3: (Not Active) - (Size=485 MB) - (Type=83)

==================== End Of Log ============================

Vielen Dank für die schnelle Antwort.

Mit freundlichen Grüßen,

Klimbir

schrauber · 10.07.2014, 13:47

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Klimbir · 10.07.2014, 14:14

Danke für die Antwort.

Ich hab die Anweisung exakt verfolgt, aber leider wird kein Logfile erstellt. Was allerdings erstellt wurde ist ein Dateinordner im Verzeichnis C: welches lautet "32788R22FWJFW" und wenn ich auf diesen drücke werden mir wieder nur die Festplatten und Wechselmedien angezeigt.

Als Virenprogramm habe ich GData, welches abgeschaltet ist.
Beim mehrfachen ausführen der Datei bleibt das Ergebnis das selbe.
Hab ich einen Fehler gemacht? :O

Mit freundlichen Grüßen,

Klimbir

schrauber · 11.07.2014, 10:57

LÖsch Combofix und lade es neu, dann nochmal laufen lassen.

Klimbir · 11.07.2014, 11:30

Die einzige Veränderung ist, dass ich jetzt auf den Ordner zugreifen kann. Aber eine Log-File schreibt er mir leider nicht.

Mit freundlichen Grüßen,

Klimbir

schrauber · 12.07.2014, 07:33

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Klimbir · 14.07.2014, 15:11

Malwarebytes' Anti-Malware Auswertung:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.07.2014
Scan Time: 09:17:33
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.13.07
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: us

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417116
Time Elapsed: 7 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1525581117-826083904-922843488-1113-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [23e89b046e0dd264ea0a8243ca387c84], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1525581117-826083904-922843488-1124-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [52b9633c85f6ed4924d0c9fcaf53d828], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1525581117-826083904-922843488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [a269316e64179e98ad4783427a88a65a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2634351021-1317230882-2459318913-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [ab60dec17506280e2dc74283e220be42], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.Conduit, C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl, Quarantined, [aa611788097281b5f4266c3444beb848], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins, Quarantined, [9972e7b81863b08620b94065f50d04fc], 

Files: 12
Trojan.Agent, C:\Users\us\AppData\Roaming\msconfig.ini, Quarantined, [a06b1b84a1da0b2bfdc5ac27b84b5da3], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\bootstrap.js, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome.manifest, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install.rdf, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install_no_bootstrap.rdf, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome\4zffxtbr.jar, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\manifest.mf, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.rsa, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.sf, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\EXEManager.dll, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\FF-NativeMessagingDispatcher.dll, Quarantined, [9972e7b81863b08620b94065f50d04fc], 
PUP.Optional.MindSpark.A, C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\Verify.dll, Quarantined, [9972e7b81863b08620b94065f50d04fc], 

Physical Sectors: 0
(No malicious items detected)


(end)

und die ADWCleaner Auswertung:

Code:

ATTFilter

# AdwCleaner v3.215 - Bericht erstellt am 14/07/2014 um 10:36:10
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : us - PC-02
# Gestartet von : C:\Users\us\Desktop\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\users\us\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=9423BCAEC5B72534
Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9423BCAEC5B72534&affID=119556&tsp=4930
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=9423BCAEC5B72534&affID=119556&tsp=4930
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [1898 octets] - [09/07/2014 11:48:27]
AdwCleaner[R1].txt - [2741 octets] - [10/07/2014 12:05:35]
AdwCleaner[R2].txt - [2539 octets] - [14/07/2014 10:35:14]
AdwCleaner[S0].txt - [2414 octets] - [14/07/2014 10:36:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2474 octets] ##########

Das Junkware Removal Tool zeigt mir leider die Fehlermeldung "Error during execution "C:\User\us\AppData\Local\Temp\jrt\get.bat". "C:\User\us\AppData\Local\Temp\jrt\get.bat" ist keine zulässige Win32-Anwendung."
Ich hab das Anti-Viren Programm ausgeschaltet aber leider immer wieder der selbe Fehler.

Mit freundlichen Grüßen,

Klimbir

schrauber · 14.07.2014, 18:09

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Klimbir · 15.07.2014, 11:08

ESEN Online Scanner log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=acdff221f0cd064a83611abad9a28538
# engine=19181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-15 09:29:13
# local_time=2014-07-15 11:29:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21167 157046403 0 0
# scanned=170266
# found=0
# cleaned=0
# scan_time=4814

Bei dem SecurityCheck sagt er mir wieder, dass es keine zulässige Win32 anwendung ist. Das ist noch etwas komisch. Das ist nicht normal oder?

Neues FRST log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by us (administrator) on PC-02 on 15-07-2014 11:57:44
Running from C:\Users\us\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Transaction Software, D 81829 Munich) C:\SDII\TRANSBAS\sd2D__D__.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Transaction Software, D 81829 Munich) D:\TECDOC_CD\4_2012\db\tbmux32.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Deutsche Automobil Treuhand) C:\SDII\D\D\EXE.W95\SD2VSD.EXE
(G Data Software AG) C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403616 2011-12-16] (Acronis)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM-x32\...\Run: [AVK Client] => C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe [1539656 2010-06-23] (G Data Software AG)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5992064 2011-12-16] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5853184 2009-12-17] (LaCie SA)
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Run: [MFP and Storage Server] => [X]
HKU\S-1-5-21-1525581117-826083904-922843488-1143\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDASSIST.LNK
ShortcutTarget: SDASSIST.LNK -> C:\SDII\D\D\EXE.W95\SDASSIST.exe (Deutsche Automobil Treuhand GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD635E19D177CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advertising Cookie Opt-out - C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\Extensions\optout@google.com.xpi [2011-06-01]
FF Extension: WEB.DE MailCheck - C:\Users\us\AppData\Roaming\Mozilla\Firefox\Profiles\owkmg8kk.default\Extensions\toolbar@web.de.xpi [2012-06-29]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com",
			"hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=9423BCAEC5B72534&affID=119556&tsp=4930"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
CHR Extension: (YouTube) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google-Suche) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Google Mail) - C:\Users\us\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]

==================== Services (Whitelisted) =================

R2 AntiVirusKit Client; C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe [1539656 2010-06-23] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1073224 2010-05-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe [1778336 2010-03-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [339016 2010-04-22] (G Data Software AG)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SD2D__D__; C:\SDII\TRANSBAS\SD2D__D__.EXE [401408 2006-08-03] (Transaction Software, D 81829 Munich) [File not signed]
R2 Transbase TECDOC CD 4_2012 Service; D:\TECDOC_CD\4_2012\db\tbmux32.exe [360448 2012-08-29] (Transaction Software, D 81829 Munich) [File not signed]
S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG                         )
R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG                         )
S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG                         )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( ) [File not signed]
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [84936 2011-05-09] (G Data Software AG)
S1 GRD; C:\Windows\SysWOW64\drivers\GRD.sys [106224 2014-07-15] (G Data Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 11:57 - 2014-07-15 11:58 - 00015989 _____ () C:\Users\us\Desktop\FRST.txt
2014-07-15 11:57 - 2014-07-15 11:57 - 00000000 ____D () C:\FRST
2014-07-15 11:57 - 2014-07-09 15:13 - 02084352 _____ (Farbar) C:\Users\us\Desktop\FRST64.exe
2014-07-15 09:02 - 2014-06-26 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 15:04 - 2014-07-10 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 14:43 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 14:43 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 14:43 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 14:43 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 14:43 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 14:43 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 14:43 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 14:43 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 14:43 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 14:43 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 14:43 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 14:43 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 14:43 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 14:43 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 14:43 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 14:43 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 14:43 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 14:43 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 14:43 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 14:43 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 14:43 - 2014-06-19 01:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-10 14:43 - 2014-06-19 01:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-10 14:43 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 14:43 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 14:43 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 14:43 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 14:43 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 14:43 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 14:41 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 14:41 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 14:41 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 14:41 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 14:41 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 12:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\Users\us\Desktop\backups
2014-07-09 14:26 - 2014-07-09 14:26 - 00007614 _____ () C:\Users\us\AppData\Local\Resmon.ResmonCfg
2014-07-09 14:11 - 2014-07-09 14:11 - 00087408 _____ () C:\Users\us\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-09 14:08 - 2014-07-15 09:20 - 00001635 _____ () C:\Windows\setupact.log
2014-07-09 14:08 - 2014-07-14 10:37 - 00007822 _____ () C:\Windows\PFRO.log
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-08 12:34 - 2014-07-08 12:34 - 00000000 ____D () C:\ProgramData\73BC95~1
2014-07-08 10:54 - 2014-07-08 10:54 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4700-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4980-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-4208-F.txt
2014-07-08 10:42 - 2014-07-08 10:42 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2920-F.txt
2014-07-08 10:36 - 2014-07-08 10:36 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4988-F.txt
2014-07-08 10:35 - 2014-07-08 10:35 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-07-08 10:32 - 2014-07-08 10:32 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-07-08 10:31 - 2014-07-08 10:31 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-08 10:27 - 2014-07-08 10:27 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4392-F.txt
2014-07-08 10:26 - 2014-07-08 10:26 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-544-F.txt
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\Program Files\.directory
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\.directory
2014-07-07 14:35 - 2014-07-07 14:35 - 00000118 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-07 14:20 - 2014-07-07 14:20 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-07 14:19 - 2014-07-07 14:19 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3812-F.txt
2014-07-07 14:16 - 2014-07-07 14:16 - 00003336 ____N () C:\bootsqm.dat
2014-07-07 14:10 - 2014-07-07 14:10 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-07-07 14:08 - 2014-07-07 14:09 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-5040-F.txt
2014-07-07 11:16 - 2014-07-07 11:20 - 00000622 _____ () C:\ProgramData\RUNDLL32.EXE-3580-F.txt
2014-07-07 08:24 - 2014-07-07 09:57 - 00012513 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-07-07 08:22 - 2014-07-07 08:22 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-3672-F.txt
2014-07-07 07:54 - 2014-07-07 08:17 - 00019978 _____ () C:\ProgramData\RUNDLL32.EXE-968-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-06 17:30 - 2014-07-07 07:03 - 00008280 _____ () C:\ProgramData\RUNDLL32.EXE-2296-F.txt
2014-07-06 17:25 - 2014-07-06 17:27 - 00001506 _____ () C:\ProgramData\RUNDLL32.EXE-4820-F.txt
2014-07-06 17:21 - 2014-07-06 17:21 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-1696-F.txt
2014-07-05 11:26 - 2014-07-05 11:29 - 00024907 _____ () C:\ProgramData\RUNDLL32.EXE-6560-F.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f6a4faa5682.job
2014-06-18 17:29 - 2014-07-09 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-15 11:58 - 2014-07-15 11:57 - 00015989 _____ () C:\Users\us\Desktop\FRST.txt
2014-07-15 11:57 - 2014-07-15 11:57 - 00000000 ____D () C:\FRST
2014-07-15 09:48 - 2011-05-09 11:00 - 01962801 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 09:26 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 09:26 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 09:22 - 2011-05-16 12:05 - 00106224 _____ (G Data Software) C:\Windows\SysWOW64\Drivers\GRD.sys
2014-07-15 09:20 - 2014-07-09 14:08 - 00001635 _____ () C:\Windows\setupact.log
2014-07-15 09:20 - 2011-05-09 11:51 - 00000000 ____D () C:\Windows\Panther
2014-07-15 09:20 - 2009-07-14 06:45 - 00345016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 09:19 - 2014-04-30 09:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 09:19 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 09:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 09:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-15 09:02 - 2013-08-15 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 10:37 - 2014-07-09 14:08 - 00007822 _____ () C:\Windows\PFRO.log
2014-07-14 10:27 - 2011-05-09 13:58 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 15:04 - 2014-07-10 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\Users\us\Desktop\backups
2014-07-09 16:05 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-07-09 15:13 - 2014-07-15 11:57 - 02084352 _____ (Farbar) C:\Users\us\Desktop\FRST64.exe
2014-07-09 14:26 - 2014-07-09 14:26 - 00007614 _____ () C:\Users\us\AppData\Local\Resmon.ResmonCfg
2014-07-09 14:11 - 2014-07-09 14:11 - 00087408 _____ () C:\Users\us\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 13:41 - 2011-05-10 13:37 - 00000000 ____D () C:\Windows\pss
2014-07-09 11:57 - 2014-03-06 11:59 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-09 11:56 - 2014-06-18 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-09 11:56 - 2014-03-05 19:23 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 11:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-08 12:34 - 2014-07-08 12:34 - 00000000 ____D () C:\ProgramData\73BC95~1
2014-07-08 10:54 - 2014-07-08 10:54 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4700-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4980-F.txt
2014-07-08 10:45 - 2014-07-08 10:45 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-4208-F.txt
2014-07-08 10:42 - 2014-07-08 10:42 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2920-F.txt
2014-07-08 10:36 - 2014-07-08 10:36 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4988-F.txt
2014-07-08 10:35 - 2014-07-08 10:35 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-07-08 10:32 - 2014-07-08 10:32 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-07-08 10:31 - 2014-07-08 10:31 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-5080-F.txt
2014-07-08 10:27 - 2014-07-08 10:27 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-4392-F.txt
2014-07-08 10:26 - 2014-07-08 10:26 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-544-F.txt
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\Program Files\.directory
2014-07-07 16:31 - 2014-07-07 16:31 - 00000068 _____ () C:\.directory
2014-07-07 14:35 - 2014-07-07 14:35 - 00000118 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-07 14:20 - 2014-07-07 14:20 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-07 14:19 - 2014-07-07 14:19 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3812-F.txt
2014-07-07 14:16 - 2014-07-07 14:16 - 00003336 ____N () C:\bootsqm.dat
2014-07-07 14:10 - 2014-07-07 14:10 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-07-07 14:09 - 2014-07-07 14:08 - 00000165 _____ () C:\ProgramData\RUNDLL32.EXE-5040-F.txt
2014-07-07 11:20 - 2014-07-07 11:16 - 00000622 _____ () C:\ProgramData\RUNDLL32.EXE-3580-F.txt
2014-07-07 09:57 - 2014-07-07 08:24 - 00012513 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-07-07 08:25 - 2011-05-09 14:17 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-07 08:22 - 2014-07-07 08:22 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-3672-F.txt
2014-07-07 08:17 - 2014-07-07 07:54 - 00019978 _____ () C:\ProgramData\RUNDLL32.EXE-968-F.txt
2014-07-07 07:54 - 2011-05-12 09:55 - 00000000 ____D () C:\Program Files (x86)\KPfW
2014-07-07 07:04 - 2014-07-07 07:04 - 00000376 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-07 07:04 - 2014-07-07 07:04 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-07 07:03 - 2014-07-06 17:30 - 00008280 _____ () C:\ProgramData\RUNDLL32.EXE-2296-F.txt
2014-07-06 17:27 - 2014-07-06 17:25 - 00001506 _____ () C:\ProgramData\RUNDLL32.EXE-4820-F.txt
2014-07-06 17:21 - 2014-07-06 17:21 - 00000373 _____ () C:\ProgramData\RUNDLL32.EXE-1696-F.txt
2014-07-05 11:29 - 2014-07-05 11:26 - 00024907 _____ () C:\ProgramData\RUNDLL32.EXE-6560-F.txt
2014-07-04 11:44 - 2014-04-04 14:06 - 00000496 _____ () C:\Windows\TOPTRUCK.INI
2014-07-04 10:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-04 08:44 - 2013-01-08 12:30 - 00000348 _____ () C:\Windows\ODBC.INI
2014-06-30 04:09 - 2014-07-10 14:43 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 14:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:40 - 2014-07-15 09:02 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-24 16:19 - 2011-06-01 11:44 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-06-24 07:08 - 2014-06-24 07:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f6a4faa5682.job
2014-06-21 08:50 - 2013-03-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 04:12 - 2014-07-10 14:43 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-10 14:43 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-10 14:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-10 14:43 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-10 14:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-10 14:43 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-10 14:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-10 14:43 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-10 14:43 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-10 14:43 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-10 14:43 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-10 14:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-10 14:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-10 14:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-10 14:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-10 14:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-10 14:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-10 14:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:37 - 2014-07-10 14:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-19 01:34 - 2014-07-10 14:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-18 04:18 - 2014-07-10 14:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-10 14:43 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-10 14:43 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\hotkey\TopTapi2.dll
C:\Users\us\TopTapi2.dll


Some content of TEMP:
====================
C:\Users\us\AppData\Local\Temp\ComboFix(1).exe
C:\Users\us\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-28 11:19

==================== End Of Log ============================

--- --- ---

An Problemen ist wie gesagt die Fehlermeldung mit der Nicht zulässigen Win32 Anwendung und dass ich immernoch kein chkdsk ausführen kann. Sonst habe ich im moment keine Fehler die mir auffallen.

Vielen dank schonmal für die Mühe

Mit freundlichen Grüßen,

Klimbir

schrauber · 16.07.2014, 09:47

Screenshot von der Meldung bitte.

Schritt 1

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

Klimbir · 17.07.2014, 16:05

Sooo also er ist zwar immernoch nicht 100% in Ordnung aber ich glaube um das zu schaffen muss man ihn neu installieren

Naja egal er läuft und sonst zeigt er im ganz normalen Betrieb keinen Fehler mehr an oder sonst was.

Ich möchte mich bei dir bedanken Schrauber!

Jetzt schon das 2. mal dass du mir geholfen hast bei so einem Viren Schlamassel

schrauber · 17.07.2014, 17:11

Was besteht denn noch an Problemen?

11.07.2014, 10:57	#6
schrauber /// the machine /// TB-Ausbilder	Probleme nach Bundestrojaner LÖsch Combofix und lade es neu, dann nochmal laufen lassen. __________________ --> Probleme nach Bundestrojaner

17.07.2014, 17:11	#14
schrauber /// the machine /// TB-Ausbilder	Probleme nach Bundestrojaner Was besteht denn noch an Problemen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Probleme nach Bundestrojaner

Plagegeister aller Art und deren Bekämpfung: Probleme nach Bundestrojaner