Interpol Virus auch in abgesichertem Modus + logfile

derhai · 16.07.2014, 13:55

Hi zusammen,

ich hab den Interpol Virus, der auch im abgesicherten Modus auftritt.

Da hier in den Threads, die ich bisher gelesen habe immer nach der FRST Datei gefragt wird, poste ich diese erstmal und hoffe, jemand kann mit damit weiterhelfen. Sollte soweit alles ueblich sein, werde ich einfach die Vorgehensweise aus anderen Threads kopieren - falls dies kontroproduktiv sein koennte, lasst es mich bitte wissen.

Danke im Voraus und viele Gruesse

PS: Fuer meine ungeschulten Augen sehen die manche Dateien in der Datei recht auffaellig aus (Huaweifake?? Nutze nicht mal irgendetwas von Huawei). Bitte haltet auch die Augen nach soetwas offen.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by SYSTEM on MININT-QQD5T94 on 16-07-2014 14:30:13
Running from e:\
Platform: Windows 7 Starter (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [90560 2010-07-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [90560 2010-07-26] (AsusTek Computer Inc.)
HKU\Sebastian\...\Policies\Explorer: [NoCDBurning] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
ShortcutTarget: autostart.lnk -> c:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp (Oracle Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S2 SuperRam; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [1942264 2013-07-07] (PGWARE LLC)
S2 Winmgmt; C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp [371712 2014-07-15] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-30] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-20] (Broadcom Corporation.)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [119592 2011-04-12] (ELAN Microelectronics Corp.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2010-08-12] (Huawei Technologies Co., Ltd.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-06] (Avira GmbH)
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 14:29 - 2014-07-16 14:30 - 00000000 ____D () C:\FRST
2014-07-16 03:43 - 2014-07-16 03:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 03:37 - 2014-07-16 03:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 02:15 - 2014-07-16 02:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 02:14 - 2014-07-16 03:41 - 00000224 _____ () C:\Windows\setupact.log
2014-07-16 02:14 - 2014-07-16 02:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 02:13 - 2014-07-16 03:42 - 00000000 _____ () C:\Windows\System32\ztUASvSloy
2014-07-16 02:09 - 2014-07-16 02:12 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-15 17:16 - 2014-07-15 17:16 - 00000000 ____D () C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6
2014-07-09 23:20 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 23:20 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 23:20 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-09 23:20 - 2014-06-18 15:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-09 23:20 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-09 23:20 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-09 23:20 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-09 23:20 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-09 23:20 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 23:20 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-09 23:20 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-09 23:20 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-09 23:20 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-09 23:20 - 2014-06-18 15:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-09 23:20 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-09 23:20 - 2014-06-18 15:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-09 23:20 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 23:20 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-09 23:20 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-09 23:20 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 23:20 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 23:20 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 23:20 - 2014-06-18 14:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 23:20 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 23:20 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-09 23:20 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 23:20 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 23:20 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 23:20 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 23:20 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 23:17 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 23:17 - 2014-06-17 16:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 23:17 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-09 23:17 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-09 23:17 - 2014-05-29 22:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 23:16 - 2014-06-05 06:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 23:09 - 2014-07-09 23:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-09 23:09 - 2014-07-09 23:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-02 15:40 - 2014-07-02 15:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-02 07:13 - 2014-07-02 07:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 00:56 - 2014-06-25 00:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 08:26 - 2014-06-19 08:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 02:47 - 2014-06-19 02:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 07:15 - 2014-06-17 07:15 - 00000868 _____ () C:\Users\Sebastian\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-07-16 14:30 - 2014-07-16 14:29 - 00000000 ____D () C:\FRST
2014-07-16 03:43 - 2014-07-16 03:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 03:42 - 2014-07-16 02:13 - 00000000 _____ () C:\Windows\System32\ztUASvSloy
2014-07-16 03:41 - 2014-07-16 02:14 - 00000224 _____ () C:\Windows\setupact.log
2014-07-16 03:40 - 2011-12-27 15:24 - 00000000 ____D () C:\Windows\pss
2014-07-16 03:37 - 2014-07-16 03:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 02:15 - 2014-07-16 02:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 02:14 - 2014-07-16 02:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 02:12 - 2014-07-16 02:09 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-16 02:04 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 02:04 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 02:00 - 2012-02-03 06:21 - 01581678 ____N () C:\Windows\WindowsUpdate.log
2014-07-15 17:21 - 2010-12-25 10:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\VirtualStore
2014-07-15 17:16 - 2014-07-15 17:16 - 00000000 ____D () C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6
2014-07-15 01:52 - 2013-05-11 06:27 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2014-07-11 10:07 - 2009-07-13 20:33 - 00438992 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-11 05:36 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-07-11 03:37 - 2013-08-14 17:16 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-11 03:30 - 2011-01-11 03:21 - 93585272 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 23:09 - 2014-07-09 23:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-09 23:09 - 2014-07-09 23:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-09 03:19 - 2012-11-11 06:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-07-09 03:19 - 2011-05-28 03:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-07-03 07:51 - 2013-04-06 09:27 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2014-07-02 15:41 - 2014-04-06 08:06 - 00000000 ____D () C:\Program Files\Horland Scan2Pdf 3.0
2014-07-02 15:40 - 2014-07-02 15:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-02 15:36 - 2009-07-24 23:50 - 01635912 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-02 07:13 - 2014-07-02 07:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 01:13 - 2011-08-12 09:25 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-06-25 00:56 - 2014-06-25 00:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 00:56 - 2014-06-25 00:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-25 00:55 - 2011-08-12 09:24 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 11:39 - 2014-07-09 23:20 - 00240824 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-06-19 23:24 - 2012-04-27 05:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 12:42 - 2014-06-02 12:52 - 00016231 _____ () C:\Users\Sebastian\Desktop\Euro Stoxx Auditors.ods
2014-06-19 08:29 - 2013-12-08 08:59 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\banshee-1
2014-06-19 08:27 - 2012-10-23 10:48 - 00000000 ____D () C:\Users\Sebastian\Desktop\HS Rhein Waal
2014-06-19 08:26 - 2014-06-19 08:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 02:47 - 2014-06-19 02:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 16:16 - 2014-07-09 23:20 - 17276416 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-18 15:56 - 2014-07-09 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-18 15:56 - 2014-07-09 23:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-18 15:38 - 2014-07-09 23:20 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-18 15:37 - 2014-07-09 23:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-18 15:36 - 2014-07-09 23:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-18 15:35 - 2014-07-09 23:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-06-18 15:32 - 2014-07-09 23:20 - 02179072 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-18 15:28 - 2014-07-09 23:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-18 15:28 - 2014-07-09 23:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-18 15:25 - 2014-07-09 23:20 - 00442368 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-18 15:23 - 2014-07-09 23:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-18 15:23 - 2014-07-09 23:20 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-18 15:22 - 2014-07-09 23:20 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-18 15:16 - 2014-07-09 23:20 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 15:12 - 2014-07-09 23:20 - 00367616 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-18 15:06 - 2014-07-09 23:20 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 15:01 - 2014-07-09 23:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-18 14:59 - 2014-07-09 23:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-18 14:58 - 2014-07-09 23:20 - 00239616 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-18 14:52 - 2014-07-09 23:20 - 04254720 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-18 14:52 - 2014-07-09 23:20 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-18 14:49 - 2014-07-09 23:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-18 14:46 - 2014-07-09 23:20 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-18 14:45 - 2014-07-09 23:20 - 01964544 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-18 14:35 - 2014-07-09 23:20 - 11742208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-18 14:13 - 2014-07-09 23:20 - 01791488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-18 14:09 - 2014-07-09 23:20 - 01139200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-18 14:07 - 2014-07-09 23:20 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-17 17:51 - 2014-07-09 23:17 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-06-17 16:52 - 2014-07-09 23:17 - 02350080 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-06-17 07:19 - 2012-06-06 08:06 - 00000000 ____D () C:\Users\Sebastian\.gimp-2.8
2014-06-17 07:15 - 2014-06-17 07:15 - 00000868 _____ () C:\Users\Sebastian\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\1405.dll
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-27 15:35:50
Restore point made on: 2014-06-30 23:07:08
Restore point made on: 2014-07-03 23:24:08
Restore point made on: 2014-07-07 22:14:45
Restore point made on: 2014-07-11 03:25:01
Restore point made on: 2014-07-15 16:55:56

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 2038.12 MB
Available physical RAM: 1650.11 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1646.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:45.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:31.02 GB) NTFS
Drive e: (PENDRIVE) (Removable) (Total:14.83 GB) (Free:1.12 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-07-02 08:29

==================== End Of Log ============================

schrauber · 16.07.2014, 17:00

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
ShortcutTarget: autostart.lnk -> c:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp (Oracle Corporation)
S2 Winmgmt; C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp [371712 2014-07-15] (Oracle Corporation)
C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

derhai · 17.07.2014, 15:33

et voila

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by SYSTEM at 2014-07-17 16:31:25 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
ShortcutTarget: autostart.lnk -> c:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp (Oracle Corporation)
S2 Winmgmt; C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp [371712 2014-07-15] (Oracle Corporation)
C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6
         
*****************

C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk => Moved successfully.
c:\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\611416C862A5F96B9C700E7DA3523DE6 => Moved successfully.

==== End of Fixlog ====

und das Interpol-Fenster startet tatsaechlich nicht mehr.

schrauber · 17.07.2014, 17:11

Dann jetzt im normalen MOdus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

derhai · 17.07.2014, 17:24

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 17-07-2014 18:17:16
Running from C:\Users\Sebastian\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SuperRam] => C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe [1956600 2013-07-07] (PGWARE LLC)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [GraphicsSwitch] => AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GraphicsSwitch.exe /auto
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-08-09] (ASUSTek Computer Inc.)
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {12966e6a-6859-11e1-8029-20cf306bfd7e} - E:\Setup.exe
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {dad4b290-c371-11e0-9927-20cf306bfd7e} - E:\Setup.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default
FF NetworkProxy: "ftp", "178.21.112.27"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.21.112.27"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.21.112.27"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.21.112.27"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Personas Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\personas@christopher.beard.xpi [2012-01-25]
FF Extension: Stealthy - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\stealthyextension@gmail.com.xpi [2012-05-05]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV="
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-11]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-11]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-07]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 SuperRam; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [1942264 2013-07-07] (PGWARE LLC)

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [163840 2010-04-03] (Microsoft Corporation) [File not signed]
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [119592 2011-04-13] (ELAN Microelectronics Corp.)
S3 hwdatacard; C:\windows\System32\DRIVERS\ewusbmdm.sys [102784 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\windows\System32\DRIVERS\ewusbfake.sys [103040 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-06] (Avira GmbH)
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 18:17 - 2014-07-17 18:18 - 00014552 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-17 18:16 - 2014-07-17 18:17 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-17 16:56 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-17 16:56 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-17 16:56 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-17 16:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-17 16:56 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-17 16:55 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-17 16:55 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-17 16:54 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-17 16:54 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-17 16:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-17 16:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-17 16:54 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-17 16:54 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-17 16:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-17 16:54 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-17 16:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-17 16:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-07-17 00:29 - 2014-07-17 18:17 - 00000000 ____D () C:\FRST
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-17 18:04 - 00000392 _____ () C:\windows\setupact.log
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:13 - 2014-07-16 13:42 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 12:09 - 2014-07-16 12:12 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-10 09:20 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:20 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:20 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:20 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:20 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:20 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:20 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:20 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:20 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:20 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:20 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:20 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:20 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:20 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:20 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:17 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:17 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:17 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:17 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 09:16 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 17:15 - 2014-06-17 17:15 - 00000868 _____ () C:\Users\Sebastian\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-07-17 18:19 - 2013-06-08 02:29 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 18:18 - 2014-07-17 18:17 - 00014552 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-17 18:17 - 2014-07-17 18:16 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 18:17 - 2014-07-17 00:29 - 00000000 ____D () C:\FRST
2014-07-17 18:12 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 18:12 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 18:08 - 2012-02-03 16:21 - 01675921 _____ () C:\windows\WindowsUpdate.log
2014-07-17 18:06 - 2011-03-03 01:10 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 18:06 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-17 18:05 - 2011-12-28 01:24 - 00000000 ____D () C:\windows\pss
2014-07-17 18:05 - 2010-12-25 21:17 - 00000000 ____D () C:\Users\Sebastian\Documents\Youcam
2014-07-17 18:04 - 2014-07-16 12:14 - 00000392 _____ () C:\windows\setupact.log
2014-07-17 18:04 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-17 17:21 - 2011-03-03 01:10 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 17:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-17 17:03 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-07-17 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:42 - 2014-07-16 12:13 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:12 - 2014-07-16 12:09 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-16 03:21 - 2010-12-25 20:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\VirtualStore
2014-07-15 11:52 - 2013-05-11 16:27 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-11 20:07 - 2009-07-14 06:33 - 00438992 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 13:37 - 2013-08-15 03:16 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 13:30 - 2011-01-11 13:21 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-09 13:19 - 2012-11-11 16:25 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:19 - 2011-05-28 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 17:51 - 2013-04-06 19:27 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-03 01:41 - 2014-04-06 18:06 - 00000000 ____D () C:\Program Files\Horland Scan2Pdf 3.0
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-03 01:40 - 2014-04-06 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horland Scan2Pdf 3
2014-07-03 01:36 - 2009-07-25 09:50 - 01635912 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 11:13 - 2011-08-12 19:25 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-25 10:55 - 2011-08-12 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 21:39 - 2014-07-10 09:20 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 09:24 - 2012-04-27 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 22:42 - 2014-06-02 22:52 - 00016231 _____ () C:\Users\Sebastian\Desktop\Euro Stoxx Auditors.ods
2014-06-19 18:29 - 2013-12-08 18:59 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\banshee-1
2014-06-19 18:27 - 2012-10-23 20:48 - 00000000 ____D () C:\Users\Sebastian\Desktop\HS Rhein Waal
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 02:16 - 2014-07-10 09:20 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-10 09:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-10 09:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-10 09:20 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-10 09:20 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-10 09:20 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 09:20 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-10 09:20 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-10 09:20 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-10 09:20 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-10 09:20 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-10 09:20 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-10 09:20 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-10 09:20 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 09:20 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 09:20 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-10 09:20 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 09:20 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-10 09:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 09:20 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 09:20 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 09:20 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-10 09:20 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-10 09:20 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-10 09:20 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 03:51 - 2014-07-10 09:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 02:52 - 2014-07-10 09:17 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 17:19 - 2012-06-06 18:06 - 00000000 ____D () C:\Users\Sebastian\.gimp-2.8
2014-06-17 17:15 - 2014-06-17 17:15 - 00000868 _____ () C:\Users\Sebastian\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\1405.dll
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-02 18:29

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Sebastian at 2014-07-17 18:19:33
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.29 - Atheros Communications Inc.)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Banshee 2.4.0 - ALPHA (HKLM\...\{5B613B0D-4197-4B57-BF22-7BD229FEB2F4}) (Version: 2.4.0 - Banshee Project)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
Bullzip PDF Printer 7.2.0.1338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1338 - Bullzip)
CamStudio (HKLM\...\CamStudio) (Version:  - )
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.5 - AsusTek Computer)
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718a - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3718a - CyberLink Corp.) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Eee Docking 3.8.1 (HKLM\...\Eee Docking_is1) (Version: 3.8.1 - ASUSTek Computer Inc.)
ETDWare PS/2-X86 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.0527 - Foxit Corporation)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Horland's Scan2Pdf (check your license!) (HKLM\...\Horlands Scan2Pdf 3_is1) (Version: 3.4.0.7 - Horland Software)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.22 - AsusTek Computer Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobistel Cynus T2 Drivers(x64) (HKLM\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Mobistel)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
OOBERegBackup (HKLM\...\OOBERegBackup_is1) (Version:  - ASUSTeK Computer Inc.)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfsam (HKCU\...\pdfsam) (Version: 2.2.1 - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SoftMaker FreeOffice (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 1.0.3395 - SoftMaker Software GmbH)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.50.0 - SRS Labs, Inc.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.16 - AsusTek Computer)
SuperRam (HKLM\...\SuperRam_is1) (Version: 6.7.8.2013 - PGWARE LLC)
syncables desktop SE (HKLM\...\{300A98D6-8DA2-45FF-9314-A6861D76A535}) (Version: 5.5.634.9753 - syncables)
Teachmaster 4.3 (nur Entfernen) (HKLM\...\Teachmaster 4.3) (Version:  - )
TeXstudio 2.5.2 (HKLM\...\TeXstudio_is1) (Version: 2.5.2 - Benito van der Zander)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbine 3.1 (HKCU\...\Turbine 3.1) (Version:  - )
TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

27-06-2014 23:34:58 Windows Update
01-07-2014 07:06:14 Windows Update
04-07-2014 07:22:34 Windows Update
08-07-2014 06:14:02 Windows Update
11-07-2014 11:23:54 Windows Update
16-07-2014 00:55:12 Windows Update
17-07-2014 14:53:06 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17B7711C-5E06-4FB6-8A38-B625D6274BEE} - System32\Tasks\{319C4012-6F74-4234-863C-8ADFA1094EB3} => C:\ProgramData\U3\U3Launcher\LaunchU3.exe
Task: {31A56F42-16F1-4CB8-B0B8-E883A83482F3} - System32\Tasks\{B8300C4D-FAA2-44E8-BB08-3E0173573C0F} => C:\ProgramData\U3\U3Launcher\LaunchU3.exe
Task: {38430268-8A17-456C-8EA3-7803A4C3C125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-03] (Google Inc.)
Task: {465D69AD-B44D-4515-9575-17638BEE8547} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {60EAF69A-178C-4A56-B58B-802D8350A6DD} - System32\Tasks\{051B935D-5AD7-4B98-9A23-B3220516CDB5} => C:\ProgramData\U3\U3Launcher\LaunchU3.exe
Task: {BDFCDEF2-D252-4128-AC37-FD8B4D523D8C} - System32\Tasks\{020E4D40-50D6-4DC4-9CC6-703944C77C42} => C:\ProgramData\U3\U3Launcher\LaunchU3.exe
Task: {C2EC0DC1-C629-4E81-88D2-86F9E5278A04} - System32\Tasks\{E9A818FC-4076-4E31-AF58-B930AAD48B48} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.113&amp;LastError=12002
Task: {D143E5A2-F589-44BD-AF7E-D3FFDAEF6D16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-03] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-12 17:28 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 17:28 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 17:28 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-04-11 18:30 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 18:30 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AqagVuzu => regsvr32.exe "
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\windows\AsScrPro.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: LG LinkAir => C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
MSCONFIG\startupreg: LiveUpdate => AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
MSCONFIG\startupreg: OOBESetup => C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files\syncables\syncables desktop\Syncables.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 06:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x414
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (07/16/2014 01:38:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (07/16/2014 01:35:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (07/11/2014 01:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x3ec
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (07/09/2014 00:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xc0000010
ID des fehlerhaften Prozesses: 0x408
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (07/03/2014 02:03:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: CNC520C.dll, Version: 1.0.0.0, Zeitstempel: 0x4a5bda1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006d8a
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_StiSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_StiSvc1
Pfad des fehlerhaften Moduls: svchost.exe_StiSvc2
Berichtskennung: svchost.exe_StiSvc3

Error: (07/02/2014 01:43:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x3e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (06/26/2014 03:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x408
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3

Error: (06/20/2014 03:14:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (06/19/2014 05:58:05 PM) (Source: Userenv) (EventID: 1000) (User: )
Description: FLOOLA: couldn't delete file E:\iPod_Control\Music\F01\RFTVI.mp3


System errors:
=============
Error: (07/17/2014 06:07:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (07/17/2014 06:07:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (07/17/2014 06:06:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (07/17/2014 06:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000041401cfa1d8bdbf40bbC:\windows\system32\svchost.exeunknown08da378d-0dcc-11e4-9fad-20cf306bfd7e

Error: (07/16/2014 01:38:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (07/16/2014 01:35:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (07/11/2014 01:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005000000003ec01cf9cf9e762eff7C:\windows\system32\svchost.exeunknown33fe1e55-08ed-11e4-8b0b-20cf306bfd7e

Error: (07/09/2014 00:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005c000001040801cf9b64a38cf823C:\windows\system32\svchost.exeunknowned7d3a0d-0757-11e4-92d9-20cf306bfd7e

Error: (07/03/2014 02:03:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_StiSvc6.1.7600.163854a5bc100CNC520C.dll1.0.0.04a5bda1ac000000500006d8a4d401cf96523a60e0cfC:\windows\system32\svchost.exeC:\windows\system32\CNC520C.dll7ac21c1f-0245-11e4-9fd3-20cf306bfd7e

Error: (07/02/2014 01:43:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005000000003e801cf95eacd755c92C:\windows\system32\svchost.exeunknown17bac466-01de-11e4-9fd3-20cf306bfd7e

Error: (06/26/2014 03:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000040801cf91452473cc1bC:\windows\system32\svchost.exeunknown6fd2c312-fd38-11e3-9889-20cf306bfd7e

Error: (06/20/2014 03:14:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (06/19/2014 05:58:05 PM) (Source: Userenv) (EventID: 1000) (User: )
Description: FLOOLA: couldn't delete file E:\iPod_Control\Music\F01\RFTVI.mp3


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 2038.12 MB
Available physical RAM: 1054.88 MB
Total Pagefile: 4076.23 MB
Available Pagefile: 2805.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:44.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:31.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)

==================== End Of Log ============================

schrauber · 18.07.2014, 04:49

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

derhai · 18.07.2014, 10:39

Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.07.2014
Suchlauf-Zeit: 10:19:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.18.03
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260084
Verstrichene Zeit: 25 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
Trojan.Reveton, C:\Users\Sebastian\AppData\Local\Temp\1405.dll, In Quarantäne, [de1d415f7407142270777c1ffd04768a], 
PUP.Optional.DownloadSponsor, C:\Users\Sebastian\Downloads\setup_turbine_31.exe, In Quarantäne, [7388762aa9d24de91a85027038cc36ca], 
PUP.Optional.Conduit.A, C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=",), Ersetzt,[2fcc247c6318e15596afd50117ed07f9]
PUP.Optional.Conduit.A, C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=" ],), Ersetzt,[5ba0653bbbc058de98df4f871de708f8]

Physische Sektoren: 0
(No malicious items detected)


(end)

ADW Cleaner:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.07.2014
Suchlauf-Zeit: 10:19:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.18.03
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260084
Verstrichene Zeit: 25 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
Trojan.Reveton, C:\Users\Sebastian\AppData\Local\Temp\1405.dll, In Quarantäne, [de1d415f7407142270777c1ffd04768a], 
PUP.Optional.DownloadSponsor, C:\Users\Sebastian\Downloads\setup_turbine_31.exe, In Quarantäne, [7388762aa9d24de91a85027038cc36ca], 
PUP.Optional.Conduit.A, C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=",), Ersetzt,[2fcc247c6318e15596afd50117ed07f9]
PUP.Optional.Conduit.A, C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=" ],), Ersetzt,[5ba0653bbbc058de98df4f871de708f8]

Physische Sektoren: 0
(No malicious items detected)


(end)

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Sebastian on 18.07.2014 at 11:12:37,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\jtkbnsoj.default\minidumps [378 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2014 at 11:20:06,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 18-07-2014 11:33:39
Running from C:\Users\Sebastian\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SuperRam] => C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe [1956600 2013-07-07] (PGWARE LLC)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [GraphicsSwitch] => AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GraphicsSwitch.exe /auto
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-08-09] (ASUSTek Computer Inc.)
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {12966e6a-6859-11e1-8029-20cf306bfd7e} - E:\Setup.exe
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {dad4b290-c371-11e0-9927-20cf306bfd7e} - E:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default
FF NetworkProxy: "ftp", "178.21.112.27"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.21.112.27"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.21.112.27"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.21.112.27"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Personas Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\personas@christopher.beard.xpi [2012-01-25]
FF Extension: Stealthy - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\stealthyextension@gmail.com.xpi [2012-05-05]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV="
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-11]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-11]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-07]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 SuperRam; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [1942264 2013-07-07] (PGWARE LLC)

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [163840 2010-04-03] (Microsoft Corporation) [File not signed]
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [119592 2011-04-13] (ELAN Microelectronics Corp.)
S3 hwdatacard; C:\windows\System32\DRIVERS\ewusbmdm.sys [102784 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\windows\System32\DRIVERS\ewusbfake.sys [103040 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-06] (Avira GmbH)
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 11:20 - 2014-07-18 11:20 - 00000761 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-07-18 11:12 - 2014-07-18 11:12 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 11:10 - 2014-07-18 11:11 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-07-18 11:08 - 2014-07-18 11:08 - 00002356 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2014-07-18 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-18 10:57 - 2014-07-18 10:58 - 01354223 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.216.exe
2014-07-18 10:52 - 2014-07-18 11:06 - 00001136 _____ () C:\windows\PFRO.log
2014-07-18 10:46 - 2014-07-18 10:46 - 00002137 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-07-18 10:19 - 2014-07-18 10:55 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 10:14 - 2014-07-18 10:14 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-18 10:14 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-18 10:14 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-18 10:11 - 2014-07-18 10:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 18:19 - 2014-07-17 18:21 - 00028689 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-17 18:17 - 2014-07-18 11:33 - 00014180 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-17 18:16 - 2014-07-17 18:17 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-17 16:56 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-17 16:56 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-17 16:56 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-17 16:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-17 16:56 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-17 16:55 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-17 16:55 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-17 16:54 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-17 16:54 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-17 16:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-17 16:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-17 16:54 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-17 16:54 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-17 16:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-17 16:54 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-17 16:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-17 16:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-07-17 00:29 - 2014-07-18 11:33 - 00000000 ____D () C:\FRST
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-18 11:06 - 00000672 _____ () C:\windows\setupact.log
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:13 - 2014-07-16 13:42 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 12:09 - 2014-07-16 12:12 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-10 09:20 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:20 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:20 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:20 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:20 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:20 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:20 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:20 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:20 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:20 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:20 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:20 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:20 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:20 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:20 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:17 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:17 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:17 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:17 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 09:16 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-18 11:35 - 2014-07-17 18:17 - 00014180 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-18 11:33 - 2014-07-17 00:29 - 00000000 ____D () C:\FRST
2014-07-18 11:22 - 2012-02-03 16:21 - 01753137 _____ () C:\windows\WindowsUpdate.log
2014-07-18 11:21 - 2011-03-03 01:10 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 11:20 - 2014-07-18 11:20 - 00000761 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-07-18 11:19 - 2013-06-08 02:29 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 11:14 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 11:14 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 11:12 - 2014-07-18 11:12 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 11:11 - 2014-07-18 11:10 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-07-18 11:08 - 2014-07-18 11:08 - 00002356 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2014-07-18 11:07 - 2011-03-03 01:10 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 11:06 - 2014-07-18 10:52 - 00001136 _____ () C:\windows\PFRO.log
2014-07-18 11:06 - 2014-07-16 12:14 - 00000672 _____ () C:\windows\setupact.log
2014-07-18 11:06 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-18 11:05 - 2014-04-19 00:50 - 00000000 ____D () C:\AdwCleaner
2014-07-18 10:58 - 2014-07-18 10:57 - 01354223 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.216.exe
2014-07-18 10:55 - 2014-07-18 10:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 10:46 - 2014-07-18 10:46 - 00002137 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-07-18 10:14 - 2014-07-18 10:14 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-18 10:13 - 2014-07-18 10:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 02:32 - 2013-07-11 21:02 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 18:21 - 2014-07-17 18:19 - 00028689 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-17 18:17 - 2014-07-17 18:16 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 18:05 - 2011-12-28 01:24 - 00000000 ____D () C:\windows\pss
2014-07-17 18:05 - 2010-12-25 21:17 - 00000000 ____D () C:\Users\Sebastian\Documents\Youcam
2014-07-17 18:04 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-17 17:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-17 17:03 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-07-17 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:42 - 2014-07-16 12:13 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:12 - 2014-07-16 12:09 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-16 03:21 - 2010-12-25 20:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\VirtualStore
2014-07-15 11:52 - 2013-05-11 16:27 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-11 20:07 - 2009-07-14 06:33 - 00438992 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 13:37 - 2013-08-15 03:16 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 13:30 - 2011-01-11 13:21 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-09 13:19 - 2012-11-11 16:25 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:19 - 2011-05-28 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 17:51 - 2013-04-06 19:27 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-03 01:41 - 2014-04-06 18:06 - 00000000 ____D () C:\Program Files\Horland Scan2Pdf 3.0
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-03 01:40 - 2014-04-06 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horland Scan2Pdf 3
2014-07-03 01:36 - 2009-07-25 09:50 - 01635912 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 11:13 - 2011-08-12 19:25 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-25 10:55 - 2011-08-12 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 21:39 - 2014-07-10 09:20 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 09:24 - 2012-04-27 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 22:42 - 2014-06-02 22:52 - 00016231 _____ () C:\Users\Sebastian\Desktop\Euro Stoxx Auditors.ods
2014-06-19 18:29 - 2013-12-08 18:59 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\banshee-1
2014-06-19 18:27 - 2012-10-23 20:48 - 00000000 ____D () C:\Users\Sebastian\Desktop\HS Rhein Waal
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 02:16 - 2014-07-10 09:20 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-10 09:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-10 09:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-10 09:20 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-10 09:20 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-10 09:20 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 09:20 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-10 09:20 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-10 09:20 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-10 09:20 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-10 09:20 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-10 09:20 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-10 09:20 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-10 09:20 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 09:20 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 09:20 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-10 09:20 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 09:20 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-10 09:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 09:20 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 09:20 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 09:20 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-10 09:20 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-10 09:20 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-10 09:20 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 03:51 - 2014-07-10 09:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 02:52 - 2014-07-10 09:17 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-02 18:29

==================== End Of Log ============================

--- --- ---

schrauber · 18.07.2014, 18:53

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

derhai · 19.07.2014, 11:33

da ist ja doch noch einiges...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0e59f967883064408dcde29878f08dfc
# engine=19247
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-19 04:14:19
# local_time=2014-07-19 06:14:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 49536 150295436 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157374449 0 0
# scanned=108388
# found=25
# cleaned=0
# scan_time=4203
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\01A0725A552A45DAA68570DCABAD407E\rcmswdlm_275.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\rcmswdlm_275.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\Whitesmoke_directN_p1v1.exe.vir"
sh=106EFCCB1D0A03AC459425BDA373BA0A14F88186 ft=1 fh=8c55f9db2ed1d83f vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp.xBAD"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=307426AB7709CC9DF5D797E1451DA858D8E101AB ft=1 fh=fade2d9b903b2da7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\FFSetup3.3.1.0.exe"
sh=8D991BC4871908031B82214097171B3A48D67173 ft=1 fh=64be63e22d39ac92 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J22MBLHC\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J97ODCVY\ApnIC[1].0"

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0e59f967883064408dcde29878f08dfc
# engine=19247
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-19 04:14:19
# local_time=2014-07-19 06:14:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 49536 150295436 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157374449 0 0
# scanned=108388
# found=25
# cleaned=0
# scan_time=4203
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\01A0725A552A45DAA68570DCABAD407E\rcmswdlm_275.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\rcmswdlm_275.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\OpenCandy\E04397695DFC4600BB58968F003432F8\Whitesmoke_directN_p1v1.exe.vir"
sh=106EFCCB1D0A03AC459425BDA373BA0A14F88186 ft=1 fh=8c55f9db2ed1d83f vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\611416C862A5F96B9C700E7DA3523DE6\q8loij.cpp.xBAD"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=307426AB7709CC9DF5D797E1451DA858D8E101AB ft=1 fh=fade2d9b903b2da7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\FFSetup3.3.1.0.exe"
sh=8D991BC4871908031B82214097171B3A48D67173 ft=1 fh=64be63e22d39ac92 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J22MBLHC\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J97ODCVY\ApnIC[1].0"

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 19-07-2014 12:28:14
Running from C:\Users\Sebastian\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\Sebastian\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SuperRam] => C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe [1956600 2013-07-07] (PGWARE LLC)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [GraphicsSwitch] => AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GraphicsSwitch.exe /auto
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-08-09] (ASUSTek Computer Inc.)
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {12966e6a-6859-11e1-8029-20cf306bfd7e} - E:\Setup.exe
HKU\S-1-5-21-3537988428-1571804110-173448233-1000\...\MountPoints2: {dad4b290-c371-11e0-9927-20cf306bfd7e} - E:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default
FF NetworkProxy: "ftp", "178.21.112.27"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.21.112.27"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.21.112.27"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.21.112.27"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Personas Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\personas@christopher.beard.xpi [2012-01-25]
FF Extension: Stealthy - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\stealthyextension@gmail.com.xpi [2012-05-05]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\jtkbnsoj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M7CF4B603-3FBA-4E48-9D96-960C12DAB4B6&SearchSource=55&CUI=&UM=5&UP=SP5A1627A4-284F-4B73-9B0F-F13F4A300033&SSPV="
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-11]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-11]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-07]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 SuperRam; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [1942264 2013-07-07] (PGWARE LLC)

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [163840 2010-04-03] (Microsoft Corporation) [File not signed]
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [119592 2011-04-13] (ELAN Microelectronics Corp.)
S3 hwdatacard; C:\windows\System32\DRIVERS\ewusbmdm.sys [102784 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\windows\System32\DRIVERS\ewusbfake.sys [103040 2010-08-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-06] (Avira GmbH)
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 12:17 - 2014-07-19 12:17 - 00854390 _____ () C:\Users\Sebastian\Downloads\SecurityCheck.exe
2014-07-19 04:56 - 2014-07-19 04:56 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe
2014-07-19 04:56 - 2014-07-19 04:56 - 00000000 ____D () C:\Program Files\ESET
2014-07-18 11:20 - 2014-07-18 11:20 - 00000761 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-07-18 11:12 - 2014-07-18 11:12 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 11:10 - 2014-07-18 11:11 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-07-18 11:08 - 2014-07-18 11:08 - 00002356 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2014-07-18 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-18 10:57 - 2014-07-18 10:58 - 01354223 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.216.exe
2014-07-18 10:52 - 2014-07-18 11:06 - 00001136 _____ () C:\windows\PFRO.log
2014-07-18 10:46 - 2014-07-18 10:46 - 00002137 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-07-18 10:32 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-18 10:32 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-18 10:19 - 2014-07-18 10:55 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 10:14 - 2014-07-18 10:14 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-18 10:14 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-18 10:14 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-18 10:11 - 2014-07-18 10:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 18:19 - 2014-07-17 18:21 - 00028689 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-17 18:17 - 2014-07-19 12:28 - 00014284 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-17 18:16 - 2014-07-17 18:17 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-17 16:56 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-17 16:56 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-17 16:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-17 16:55 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-17 16:55 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-17 16:54 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-17 16:54 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-17 16:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-17 16:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-17 16:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-17 16:54 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-17 16:54 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-17 16:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-17 16:54 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-17 16:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-17 16:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-07-17 00:29 - 2014-07-19 12:28 - 00000000 ____D () C:\FRST
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-19 12:09 - 00000896 _____ () C:\windows\setupact.log
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:13 - 2014-07-16 13:42 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 12:09 - 2014-07-16 12:12 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-10 09:20 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 09:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 09:20 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 09:20 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 09:20 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 09:20 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 09:20 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 09:20 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 09:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 09:20 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 09:20 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 09:20 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 09:20 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 09:20 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 09:20 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 09:20 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:20 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 09:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 09:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 09:20 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 09:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 09:20 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 09:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 09:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 09:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 09:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 09:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 09:17 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 09:17 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 09:17 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 09:17 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 09:17 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 09:16 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-19 12:29 - 2014-07-17 18:17 - 00014284 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-19 12:28 - 2014-07-17 00:29 - 00000000 ____D () C:\FRST
2014-07-19 12:21 - 2011-03-03 01:10 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 12:19 - 2013-06-08 02:29 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 12:17 - 2014-07-19 12:17 - 00854390 _____ () C:\Users\Sebastian\Downloads\SecurityCheck.exe
2014-07-19 12:17 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 12:17 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 12:13 - 2012-02-03 16:21 - 01812518 _____ () C:\windows\WindowsUpdate.log
2014-07-19 12:10 - 2011-03-03 01:10 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 12:09 - 2014-07-16 12:14 - 00000896 _____ () C:\windows\setupact.log
2014-07-19 12:09 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-19 04:56 - 2014-07-19 04:56 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe
2014-07-19 04:56 - 2014-07-19 04:56 - 00000000 ____D () C:\Program Files\ESET
2014-07-18 11:20 - 2014-07-18 11:20 - 00000761 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-07-18 11:12 - 2014-07-18 11:12 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 11:11 - 2014-07-18 11:10 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-07-18 11:08 - 2014-07-18 11:08 - 00002356 _____ () C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2014-07-18 11:06 - 2014-07-18 10:52 - 00001136 _____ () C:\windows\PFRO.log
2014-07-18 11:05 - 2014-04-19 00:50 - 00000000 ____D () C:\AdwCleaner
2014-07-18 10:58 - 2014-07-18 10:57 - 01354223 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.216.exe
2014-07-18 10:55 - 2014-07-18 10:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 10:46 - 2014-07-18 10:46 - 00002137 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-07-18 10:14 - 2014-07-18 10:14 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 10:14 - 2014-07-18 10:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-18 10:13 - 2014-07-18 10:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 02:32 - 2013-07-11 21:02 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 18:21 - 2014-07-17 18:19 - 00028689 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-17 18:17 - 2014-07-17 18:16 - 01077248 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-17 18:05 - 2011-12-28 01:24 - 00000000 ____D () C:\windows\pss
2014-07-17 18:05 - 2010-12-25 21:17 - 00000000 ____D () C:\Users\Sebastian\Documents\Youcam
2014-07-17 18:04 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-17 17:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-17 17:03 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-07-17 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-17 16:59 - 2014-07-17 16:59 - 00000000 ____D () C:\windows\system32\x64
2014-07-16 13:43 - 2014-07-16 13:43 - 00000341 _____ () C:\ProgramData\RUNDLL32.EXE-3216-F.txt
2014-07-16 13:42 - 2014-07-16 12:13 - 00000000 _____ () C:\windows\system32\ztUASvSloy
2014-07-16 13:37 - 2014-07-16 13:37 - 00000339 _____ () C:\ProgramData\RUNDLL32.EXE-2760-F.txt
2014-07-16 12:15 - 2014-07-16 12:15 - 00000340 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-16 12:14 - 2014-07-16 12:14 - 00000000 _____ () C:\windows\setuperr.log
2014-07-16 12:12 - 2014-07-16 12:09 - 00008111 _____ () C:\ProgramData\RUNDLL32.EXE-3280-F.txt
2014-07-16 03:21 - 2010-12-25 20:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\VirtualStore
2014-07-15 11:52 - 2013-05-11 16:27 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-11 20:07 - 2009-07-14 06:33 - 00438992 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 13:37 - 2013-08-15 03:16 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 13:30 - 2011-01-11 13:21 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map.php
2014-07-10 09:09 - 2014-07-10 09:09 - 00000909 _____ () C:\Users\Sebastian\Downloads\map (1).php
2014-07-09 13:19 - 2012-11-11 16:25 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:19 - 2011-05-28 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 17:51 - 2013-04-06 19:27 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-03 01:41 - 2014-04-06 18:06 - 00000000 ____D () C:\Program Files\Horland Scan2Pdf 3.0
2014-07-03 01:40 - 2014-07-03 01:40 - 00001077 _____ () C:\Users\Public\Desktop\Horland Scan2Pdf 3.lnk
2014-07-03 01:40 - 2014-04-06 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horland Scan2Pdf 3
2014-07-03 01:36 - 2009-07-25 09:50 - 01635912 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-02 17:13 - 2014-07-02 17:13 - 00066946 _____ () C:\Users\Sebastian\Downloads\20140831_Timesheet_Den-Brok.xlsx
2014-06-25 11:13 - 2011-08-12 19:25 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ___RD () C:\Program Files\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-25 10:56 - 2014-06-25 10:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-25 10:55 - 2011-08-12 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 21:39 - 2014-07-10 09:20 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 09:24 - 2012-04-27 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 22:42 - 2014-06-02 22:52 - 00016231 _____ () C:\Users\Sebastian\Desktop\Euro Stoxx Auditors.ods
2014-06-19 18:29 - 2013-12-08 18:59 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\banshee-1
2014-06-19 18:27 - 2012-10-23 20:48 - 00000000 ____D () C:\Users\Sebastian\Desktop\HS Rhein Waal
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 ____D () C:\Users\Sebastian\Documents\Bildungskredit
2014-06-19 12:47 - 2014-06-19 12:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 02:16 - 2014-07-10 09:20 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-10 09:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-10 09:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-10 09:20 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-10 09:20 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-10 09:20 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-10 09:20 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-10 09:20 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-10 09:20 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-10 09:20 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-10 09:20 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-10 09:20 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-10 09:20 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-10 09:20 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-10 09:20 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-10 09:20 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-10 09:20 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-10 09:20 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-10 09:20 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-10 09:20 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-10 09:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-10 09:20 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-10 09:20 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-10 09:20 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-10 09:20 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-10 09:20 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-10 09:20 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-02 18:29

==================== End Of Log ============================

--- --- ---

schrauber · 19.07.2014, 20:53

Alles schon in Quarantäne bzw wird dein Antivir angemeckert

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Interpol Virus auch in abgesichertem Modus + logfile

Log-Analyse und Auswertung: Interpol Virus auch in abgesichertem Modus + logfile