download protect 2.2.4 mich hat es auch erwischt

flieger-baby · 24.07.2014, 19:57

Hallo,

ich bin neu hier im Forum weil ich seit vorhin ein kleines Problem habe.

Als ich Heute nach 4 Tagen Auszeit das erste Mal meinen Rechner nutzte, hatte ich eine Mail vom Google zum Thema Rechnung offen usw....

Normalerweise hätte ich die Mail sofort gelöscht. Da ich aber mit ebay tatsächlich vor kurzem "Ärger" hatte, habe ich die Mail geöffnet.
Im Anhang war ne ZIP Datei. "Was soll da schon passieren?" habe ich mir gedacht.

Wie vermutet war es Müll.

Kurz darauf kam vom System die Meldung, dass mein PC nicht sicher sei, da AVIRA PRO nicht auf dem neuesten Stand ist. Das Update startet zwar und läd Dateien herunter, hängt sich aber bei deren Installaton auf.

Nach kurzem Googlen bin ich zu Euch gestoßen.

Leider bin ich mit PCs nur durchschnittlich vertraut, weshalb ich auf Eure Hilfe hoffe.

Ich würde mich sehr über eine Rückmeldung7Hilfestellung freuen !

Gruß... Carsten

M-K-D-B · 24.07.2014, 19:59

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

flieger-baby · 24.07.2014, 20:05

Wow, das ging ja super schnell !

hier die Logs:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Zimmermann (administrator) on ZIMMERMANN-PC on 24-07-2014 21:03:09
Running from C:\Users\Zimmermann\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd 
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [avgnt] => D:\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3063669594-3369862131-3253833859-1000\...\Run: [Adobe Reader Synchronizer] => D:\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Zimmermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Zimmermann\AppData\Roaming\Windows Net Data\net.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}\{AEDDA576-C054-4DAD-9082-B04E4580FDD7}.bin (Download Protect)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}\{658264BA-7966-4B8A-8312-E8BD358F6F39}.bin (Download Protect)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Zimmermann\AppData\Roaming\Mozilla\Firefox\Profiles\0zk5vjhu.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader - D:\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Zimmermann\AppData\Roaming\Mozilla\Firefox\Profiles\0zk5vjhu.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}] - C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}\{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}\{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}.xpi [2014-07-24]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Zimmermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-05-31]
CHR Extension: (No Name) - C:\Users\Zimmermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirMailService; D:\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 21:03 - 2014-07-24 21:03 - 00011870 _____ () C:\Users\Zimmermann\Desktop\FRST.txt
2014-07-24 21:02 - 2014-07-24 21:03 - 00000000 ____D () C:\FRST
2014-07-24 21:02 - 2014-07-24 21:02 - 02093568 _____ (Farbar) C:\Users\Zimmermann\Desktop\FRST64.exe
2014-07-24 20:28 - 2014-07-24 20:28 - 00000304 _____ () C:\Windows\PFRO.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000056 _____ () C:\Windows\setupact.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 19:46 - 2014-07-24 19:46 - 00000000 ____D () C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}
2014-07-24 19:46 - 2014-07-24 19:46 - 00000000 ____D () C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}
2014-07-09 20:27 - 2014-07-09 20:27 - 00267264 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xls
2014-07-09 20:27 - 2014-07-09 20:27 - 00256977 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xlsx
2014-07-09 19:00 - 2014-07-24 20:32 - 00868312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 19:00 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 19:00 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 19:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 19:00 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 19:00 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 19:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 19:00 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 19:00 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 19:00 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 19:00 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 19:00 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 19:00 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 19:00 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 19:00 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 19:00 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 19:00 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 19:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 19:00 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 19:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 19:00 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 19:00 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 19:00 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 19:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 19:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 19:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 19:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 19:00 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 19:00 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 19:00 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:00 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 19:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 19:00 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 19:00 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 19:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 19:00 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 19:00 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 19:00 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 19:00 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 19:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 19:00 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:00 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 19:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 19:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 19:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 19:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 19:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 19:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 19:00 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 19:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 19:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 19:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 19:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 19:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 19:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 19:00 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 19:00 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 19:00 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 19:00 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 19:00 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 19:00 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 18:59 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:59 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:59 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-29 13:37 - 2014-06-29 13:37 - 00121781 _____ () C:\Users\Zimmermann\Downloads\bom21412b_inifiles.zip
2014-06-25 20:45 - 2014-07-13 17:33 - 00000000 ____D () C:\Users\Zimmermann\AppData\Local\Adobe
2014-06-25 19:15 - 2014-06-25 19:15 - 00000030 _____ () C:\AVScanner.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 21:03 - 2014-07-24 21:03 - 00011870 _____ () C:\Users\Zimmermann\Desktop\FRST.txt
2014-07-24 21:03 - 2014-07-24 21:02 - 00000000 ____D () C:\FRST
2014-07-24 21:02 - 2014-07-24 21:02 - 02093568 _____ (Farbar) C:\Users\Zimmermann\Desktop\FRST64.exe
2014-07-24 20:35 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 20:35 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 20:32 - 2014-07-09 19:00 - 00868312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 20:32 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 20:32 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 20:31 - 2014-01-29 22:23 - 01213608 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000304 _____ () C:\Windows\PFRO.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000056 _____ () C:\Windows\setupact.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 20:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 19:46 - 2014-07-24 19:46 - 00000000 ____D () C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}
2014-07-24 19:46 - 2014-07-24 19:46 - 00000000 ____D () C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}
2014-07-24 19:46 - 2014-06-03 19:20 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-13 17:33 - 2014-06-25 20:45 - 00000000 ____D () C:\Users\Zimmermann\AppData\Local\Adobe
2014-07-12 17:57 - 2014-04-19 21:07 - 00000000 ____D () C:\Users\Zimmermann\AppData\Roaming\BOM
2014-07-12 08:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 07:48 - 2009-07-14 06:45 - 00351568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 07:47 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 07:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 07:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 20:34 - 2013-11-20 22:29 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 20:34 - 2013-11-20 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 20:27 - 2014-07-09 20:27 - 00267264 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xls
2014-07-09 20:27 - 2014-07-09 20:27 - 00256977 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xlsx
2014-07-03 15:50 - 2013-11-20 20:45 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-29 13:37 - 2014-06-29 13:37 - 00121781 _____ () C:\Users\Zimmermann\Downloads\bom21412b_inifiles.zip
2014-06-29 13:25 - 2013-12-18 20:53 - 00000000 ____D () C:\Users\Zimmermann\Desktop\Forum
2014-06-25 19:15 - 2014-06-25 19:15 - 00000030 _____ () C:\AVScanner.ini
2014-06-25 19:15 - 2013-11-20 21:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-25 19:15 - 2013-11-20 21:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 19:12 - 2013-11-20 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Zimmermann\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-20 17:12

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Zimmermann at 2014-07-24 21:03:28
Running from C:\Users\Zimmermann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version:  - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis WARHEAD(R) Patch (HKLM-x32\...\Crysis WARHEAD(R) Patch) (Version:  - Electronic Arts)
Crysis WARHEAD(R) Patch (x32 Version: 1.0 - Crytek) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
eDrawings 2014 (HKLM-x32\...\{FD107DCF-1580-490B-B21B-7987346BCD9D}) (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-05-2014 16:44:01 Geplanter Prüfpunkt
31-05-2014 18:37:06 Windows-Sicherung
10-06-2014 17:28:31 Geplanter Prüfpunkt
11-06-2014 18:12:20 Windows Update
28-06-2014 11:29:38 Geplanter Prüfpunkt
09-07-2014 18:33:23 Windows Update
20-07-2014 15:19:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A4B88C4-1CB4-4073-82FD-B2CE16540691} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {EBC16E11-6D23-4B78-96D6-9479A2D5C1C8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

==================== Loaded Modules (whitelisted) =============

2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-21 22:59 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-11-21 22:59 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-08-30 20:47 - 2013-08-30 20:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-06 20:14 - 2011-04-19 15:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2014-06-21 19:53 - 2014-06-21 19:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-25 19:15 - 2014-06-25 19:15 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 08:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:18:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updrgui.exe, Version: 14.0.5.396, Zeitstempel: 0x537f4325
Name des fehlerhaften Moduls: updgui.dll, Version: 14.0.5.396, Zeitstempel: 0x537f42fe
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000112d7
ID des fehlerhaften Prozesses: 0xfb4
Startzeit der fehlerhaften Anwendung: 0xupdrgui.exe0
Pfad der fehlerhaften Anwendung: updrgui.exe1
Pfad des fehlerhaften Moduls: updrgui.exe2
Berichtskennung: updrgui.exe3

Error: (07/24/2014 07:51:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 07:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 07:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm updrgui.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 534

Startzeit: 01cfa7657403ddcb

Endzeit: 5

Anwendungspfad: C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe

Berichts-ID:

Error: (07/24/2014 06:23:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 04:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 04:44:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 10:58:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/24/2014 07:43:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎07.‎2014 um 19:41:39 unerwartet heruntergefahren.

Error: (07/24/2014 07:38:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/24/2014 07:38:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2014 07:41:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎07.‎2014 um 19:09:54 unerwartet heruntergefahren.

Error: (07/10/2014 06:34:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎07.‎2014 um 07:53:13 unerwartet heruntergefahren.

Error: (07/05/2014 10:22:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (07/05/2014 02:07:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎07.‎2014 um 13:52:39 unerwartet heruntergefahren.

Error: (07/02/2014 06:10:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎07.‎2014 um 16:03:55 unerwartet heruntergefahren.

Error: (06/30/2014 07:06:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (06/30/2014 07:06:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-21 21:08:59.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.682
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.541
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 8189.24 MB
Available physical RAM: 6573.03 MB
Total Pagefile: 16376.66 MB
Available Pagefile: 14541.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:69.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:149.05 GB) (Free:145.81 GB) NTFS
Drive g: (Volume) (Fixed) (Total:931.51 GB) (Free:717.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 47723FBA)
Partition 1: (Active) - (Size=932 GB) - (Type=42)
Partition 2: (Not Active) - (Size=697 KB) - (Type=42)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 5C9684DC)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 13CD12E7)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MfG... Carsten

M-K-D-B · 25.07.2014, 06:13

Servus,

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}\{AEDDA576-C054-4DAD-9082-B04E4580FDD7}.bin (Download Protect)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}\{658264BA-7966-4B8A-8312-E8BD358F6F39}.bin (Download Protect)
C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}
C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}
FF HKLM-x32\...\Firefox\Extensions: [{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}] - C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}\{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}.xpi
C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Starte FRST erneut.
Setze einen Haken bei Addition.txt.
FRST erstellt 2 Logdateien, poste mir beide.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

flieger-baby · 25.07.2014, 17:04

Hallo, die Arbeit hat mich leider davon abgehalten deinen anweisungen eher zu folgen.

Anbei die gewünschten Logs.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by Zimmermann at 2014-07-25 17:39:54 Run:1
Running from C:\Users\Zimmermann\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}\{AEDDA576-C054-4DAD-9082-B04E4580FDD7}.bin (Download Protect)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}\{658264BA-7966-4B8A-8312-E8BD358F6F39}.bin (Download Protect)
C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4}
C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A}
FF HKLM-x32\...\Firefox\Extensions: [{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}] - C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}\{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E}.xpi
C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33}
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}" => Key deleted successfully.
"HKCR\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}" => Key deleted successfully.
C:\Program Files\{F2791830-2B33-4AD4-A6B5-6189F2414EA4} => Moved successfully.
C:\Program Files (x86)\{B6D8E8BD-0418-4ACD-BF42-BC35AC5F699A} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DB61B4A6-BE01-47CB-8392-DADDEB4E3A8E} => value deleted successfully.
C:\Windows\Installer\{3D7BE60A-61A4-4F59-87BD-54A89DBBFF33} => Moved successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service stopped successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter

# AdwCleaner v3.216 - Bericht erstellt am 25/07/2014 um 17:47:52
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Zimmermann - ZIMMERMANN-PC
# Gestartet von : C:\Users\Zimmermann\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Users\Zimmermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\Zimmermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Zimmermann\AppData\Roaming\Mozilla\Firefox\Profiles\0zk5vjhu.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DPBHO.DownloadProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DPBHO.DownloadProtect.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\raving reyven
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\raving reyven
Schlüssel Gelöscht : HKLM\Software\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Zimmermann\AppData\Roaming\Mozilla\Firefox\Profiles\0zk5vjhu.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3196 octets] - [25/07/2014 17:43:07]
AdwCleaner[R1].txt - [3256 octets] - [25/07/2014 17:47:10]
AdwCleaner[S0].txt - [3012 octets] - [25/07/2014 17:47:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3072 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.07.2014
Suchlauf-Zeit: 17:53:06
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.25.05
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Zimmermann

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286608
Verstrichene Zeit: 5 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Zimmermann (administrator) on ZIMMERMANN-PC on 25-07-2014 17:59:56
Running from C:\Users\Zimmermann\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd 
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [avgnt] => D:\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3063669594-3369862131-3253833859-1000\...\Run: [Adobe Reader Synchronizer] => D:\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3063669594-3369862131-3253833859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Reader Synchronizer] => D:\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Zimmermann\AppData\Roaming\Mozilla\Firefox\Profiles\0zk5vjhu.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: Adobe Reader - D:\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Zimmermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-05-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirMailService; D:\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:59 - 2014-07-25 17:59 - 00001160 _____ () C:\Users\Zimmermann\Desktop\mbam.txt
2014-07-25 17:52 - 2014-07-25 17:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 17:51 - 2014-07-25 17:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zimmermann\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-25 17:51 - 2014-07-25 17:51 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 17:51 - 2014-07-25 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 17:51 - 2014-07-25 17:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 17:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-25 17:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 17:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-25 17:50 - 2014-07-25 17:50 - 00003160 _____ () C:\Users\Zimmermann\Desktop\AdwCleaner[S0].txt
2014-07-25 17:43 - 2014-07-25 17:47 - 00000000 ____D () C:\AdwCleaner
2014-07-25 17:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 17:42 - 2014-07-25 17:42 - 01354223 _____ () C:\Users\Zimmermann\Desktop\adwcleaner_3.216.exe
2014-07-24 21:03 - 2014-07-25 18:00 - 00011034 _____ () C:\Users\Zimmermann\Desktop\FRST.txt
2014-07-24 21:03 - 2014-07-24 21:03 - 00026666 _____ () C:\Users\Zimmermann\Desktop\Addition.txt
2014-07-24 21:02 - 2014-07-25 17:59 - 00000000 ____D () C:\FRST
2014-07-24 21:02 - 2014-07-24 21:02 - 02093568 _____ (Farbar) C:\Users\Zimmermann\Desktop\FRST64.exe
2014-07-24 20:28 - 2014-07-25 17:48 - 00000618 _____ () C:\Windows\PFRO.log
2014-07-24 20:28 - 2014-07-25 17:48 - 00000224 _____ () C:\Windows\setupact.log
2014-07-24 20:28 - 2014-07-24 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 20:27 - 2014-07-09 20:27 - 00267264 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xls
2014-07-09 20:27 - 2014-07-09 20:27 - 00256977 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xlsx
2014-07-09 19:00 - 2014-07-25 17:53 - 00868312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 19:00 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 19:00 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 19:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 19:00 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 19:00 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 19:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 19:00 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 19:00 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 19:00 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 19:00 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 19:00 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 19:00 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 19:00 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 19:00 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 19:00 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 19:00 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 19:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 19:00 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 19:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 19:00 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 19:00 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 19:00 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 19:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 19:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 19:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 19:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 19:00 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 19:00 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 19:00 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:00 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 19:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 19:00 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 19:00 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 19:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 19:00 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 19:00 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 19:00 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 19:00 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 19:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 19:00 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:00 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 19:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 19:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 19:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 19:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 19:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 19:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 19:00 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 19:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 19:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 19:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 19:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 19:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 19:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 19:00 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 19:00 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 19:00 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 19:00 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 19:00 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 19:00 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 19:00 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 19:00 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 18:59 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:59 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:59 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-29 13:37 - 2014-06-29 13:37 - 00121781 _____ () C:\Users\Zimmermann\Downloads\bom21412b_inifiles.zip
2014-06-25 20:45 - 2014-07-13 17:33 - 00000000 ____D () C:\Users\Zimmermann\AppData\Local\Adobe
2014-06-25 19:15 - 2014-06-25 19:15 - 00000030 _____ () C:\AVScanner.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 18:00 - 2014-07-24 21:03 - 00011034 _____ () C:\Users\Zimmermann\Desktop\FRST.txt
2014-07-25 17:59 - 2014-07-25 17:59 - 00001160 _____ () C:\Users\Zimmermann\Desktop\mbam.txt
2014-07-25 17:59 - 2014-07-24 21:02 - 00000000 ____D () C:\FRST
2014-07-25 17:56 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:56 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:53 - 2014-07-25 17:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 17:53 - 2014-07-09 19:00 - 00868312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 17:53 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-07-25 17:53 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-07-25 17:52 - 2014-01-29 22:23 - 01244130 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 17:51 - 2014-07-25 17:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zimmermann\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-25 17:51 - 2014-07-25 17:51 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 17:51 - 2014-07-25 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 17:51 - 2014-07-25 17:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 17:50 - 2014-07-25 17:50 - 00003160 _____ () C:\Users\Zimmermann\Desktop\AdwCleaner[S0].txt
2014-07-25 17:48 - 2014-07-24 20:28 - 00000618 _____ () C:\Windows\PFRO.log
2014-07-25 17:48 - 2014-07-24 20:28 - 00000224 _____ () C:\Windows\setupact.log
2014-07-25 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 17:47 - 2014-07-25 17:43 - 00000000 ____D () C:\AdwCleaner
2014-07-25 17:42 - 2014-07-25 17:42 - 01354223 _____ () C:\Users\Zimmermann\Desktop\adwcleaner_3.216.exe
2014-07-25 17:41 - 2014-06-03 19:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-25 17:39 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-24 21:03 - 2014-07-24 21:03 - 00026666 _____ () C:\Users\Zimmermann\Desktop\Addition.txt
2014-07-24 21:02 - 2014-07-24 21:02 - 02093568 _____ (Farbar) C:\Users\Zimmermann\Desktop\FRST64.exe
2014-07-24 20:28 - 2014-07-24 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 17:33 - 2014-06-25 20:45 - 00000000 ____D () C:\Users\Zimmermann\AppData\Local\Adobe
2014-07-12 17:57 - 2014-04-19 21:07 - 00000000 ____D () C:\Users\Zimmermann\AppData\Roaming\BOM
2014-07-12 08:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 07:48 - 2009-07-14 06:45 - 00351568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 07:47 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 07:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 07:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 20:34 - 2013-11-20 22:29 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 20:34 - 2013-11-20 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 20:27 - 2014-07-09 20:27 - 00267264 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xls
2014-07-09 20:27 - 2014-07-09 20:27 - 00256977 _____ () C:\Users\Zimmermann\Desktop\Entwurf Trikot.xlsx
2014-07-03 15:50 - 2013-11-20 20:45 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-29 13:37 - 2014-06-29 13:37 - 00121781 _____ () C:\Users\Zimmermann\Downloads\bom21412b_inifiles.zip
2014-06-29 13:25 - 2013-12-18 20:53 - 00000000 ____D () C:\Users\Zimmermann\Desktop\Forum
2014-06-25 19:15 - 2014-06-25 19:15 - 00000030 _____ () C:\AVScanner.ini
2014-06-25 19:15 - 2013-11-20 21:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-25 19:15 - 2013-11-20 21:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 19:12 - 2013-11-20 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Zimmermann\AppData\Local\Temp\avgnt.exe
C:\Users\Zimmermann\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-20 17:12

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Zimmermann at 2014-07-25 18:00:11
Running from C:\Users\Zimmermann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version:  - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis WARHEAD(R) Patch (HKLM-x32\...\Crysis WARHEAD(R) Patch) (Version:  - Electronic Arts)
Crysis WARHEAD(R) Patch (x32 Version: 1.0 - Crytek) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
eDrawings 2014 (HKLM-x32\...\{FD107DCF-1580-490B-B21B-7987346BCD9D}) (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-05-2014 16:44:01 Geplanter Prüfpunkt
31-05-2014 18:37:06 Windows-Sicherung
10-06-2014 17:28:31 Geplanter Prüfpunkt
11-06-2014 18:12:20 Windows Update
28-06-2014 11:29:38 Geplanter Prüfpunkt
09-07-2014 18:33:23 Windows Update
20-07-2014 15:19:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A4B88C4-1CB4-4073-82FD-B2CE16540691} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {EBC16E11-6D23-4B78-96D6-9479A2D5C1C8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

==================== Loaded Modules (whitelisted) =============

2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-21 22:59 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-11-21 22:59 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-08-30 20:47 - 2013-08-30 20:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-06 20:14 - 2011-04-19 15:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2014-06-21 19:53 - 2014-06-21 19:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-25 19:15 - 2014-06-25 19:15 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2014 05:50:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 05:43:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 05:39:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:18:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updrgui.exe, Version: 14.0.5.396, Zeitstempel: 0x537f4325
Name des fehlerhaften Moduls: updgui.dll, Version: 14.0.5.396, Zeitstempel: 0x537f42fe
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000112d7
ID des fehlerhaften Prozesses: 0xfb4
Startzeit der fehlerhaften Anwendung: 0xupdrgui.exe0
Pfad der fehlerhaften Anwendung: updrgui.exe1
Pfad des fehlerhaften Moduls: updrgui.exe2
Berichtskennung: updrgui.exe3

Error: (07/24/2014 07:51:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 07:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 07:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm updrgui.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 534

Startzeit: 01cfa7657403ddcb

Endzeit: 5

Anwendungspfad: C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe

Berichts-ID:

Error: (07/24/2014 06:23:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/24/2014 07:43:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎07.‎2014 um 19:41:39 unerwartet heruntergefahren.

Error: (07/24/2014 07:38:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/24/2014 07:38:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2014 07:41:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎07.‎2014 um 19:09:54 unerwartet heruntergefahren.

Error: (07/10/2014 06:34:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎07.‎2014 um 07:53:13 unerwartet heruntergefahren.

Error: (07/05/2014 10:22:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (07/05/2014 02:07:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎07.‎2014 um 13:52:39 unerwartet heruntergefahren.

Error: (07/02/2014 06:10:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎07.‎2014 um 16:03:55 unerwartet heruntergefahren.

Error: (06/30/2014 07:06:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (06/30/2014 07:06:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-21 21:08:59.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.682
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-21 21:08:59.541
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\alt\recup_dir.43\f147550106.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 8189.24 MB
Available physical RAM: 6416.67 MB
Total Pagefile: 16376.66 MB
Available Pagefile: 14226.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:69.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:149.05 GB) (Free:145.81 GB) NTFS
Drive g: (Volume) (Fixed) (Total:931.51 GB) (Free:717.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 47723FBA)
Partition 1: (Active) - (Size=932 GB) - (Type=42)
Partition 2: (Not Active) - (Size=697 KB) - (Type=42)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 5C9684DC)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 13CD12E7)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MfG... Carsten

M-K-D-B · 26.07.2014, 09:40

Servus,

Schritt 1

Deaktiviere dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Lade die Quarantine.zip im Upload-Channel hoch.
Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
Klicke abschließend auf Hochladen.
Vielen Dank für deine Hilfe.
Aktiviere dein Anti-Viren-Programm wieder.

Wir kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

eine Rückmeldung bezüglich des Uploads,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

flieger-baby · 27.07.2014, 06:59

Guten Morgen Matthias,

nach über 5h Laufzeit war ESET geschafft.

Der Upload hat geklappt.

Hier die Logdateien:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7d77325e0728c642895de9db9db02046
# engine=19364
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-26 11:15:36
# local_time=2014-07-27 01:15:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 21437148 158046386 0 0
# scanned=212988
# found=15
# cleaned=0
# scan_time=11895
sh=BBB50840F4239B4004514FE6EE28047504D94C98 ft=1 fh=7a6bb56f146f81bc vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Zimmermann\Downloads\ccleaner.exe"
sh=063D501ECEFBBFAFA0CDC2AF524DCD23634DFAB2 ft=1 fh=398a74cd7ea866a4 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="G:\Eigene Dateien\Downloads\Software\FreeYouTubeToMp3Converter326.exe"
sh=25B2021164AE795A728CA75FE121F34DFF7502AD ft=1 fh=2fb144a93199622f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="G:\Eigene Dateien\Downloads\Software\SoftonicDownloader65459.exe"
sh=0BE1B6FF9F0916C2CD21B3747AF180C389FE3AF2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-3063669594-3369862131-3253833859-1000\$RO28P8H\Backup Set 2013-11-24 183501\Backup Files 2013-11-24 183501\Backup files 6.zip"
sh=063D501ECEFBBFAFA0CDC2AF524DCD23634DFAB2 ft=1 fh=398a74cd7ea866a4 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 16.03.14\Eigene Dateien\Downloads\Software\FreeYouTubeToMp3Converter326.exe"
sh=25B2021164AE795A728CA75FE121F34DFF7502AD ft=1 fh=2fb144a93199622f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 16.03.14\Eigene Dateien\Downloads\Software\SoftonicDownloader65459.exe"
sh=063D501ECEFBBFAFA0CDC2AF524DCD23634DFAB2 ft=1 fh=398a74cd7ea866a4 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 29.06.14\Eigene Dateien\Downloads\Software\FreeYouTubeToMp3Converter326.exe"
sh=25B2021164AE795A728CA75FE121F34DFF7502AD ft=1 fh=2fb144a93199622f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 29.06.14\Eigene Dateien\Downloads\Software\SoftonicDownloader65459.exe"
sh=063D501ECEFBBFAFA0CDC2AF524DCD23634DFAB2 ft=1 fh=398a74cd7ea866a4 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 31.05.14\Eigene Dateien\Downloads\Software\FreeYouTubeToMp3Converter326.exe"
sh=25B2021164AE795A728CA75FE121F34DFF7502AD ft=1 fh=2fb144a93199622f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="K:\Kopie Laufwerk G 31.05.14\Eigene Dateien\Downloads\Software\SoftonicDownloader65459.exe"
sh=CB687DBF27B99252BBB74A5D892E445F6E3DF6BC ft=0 fh=0000000000000000 vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung 23.02.14\ZIMMERMANN-PC\Backup Set 2014-02-23 182544\Backup Files 2014-02-23 182544\Backup files 7.zip"
sh=933AF83427E1D7BAEDD5BBB4400A4811D477CB00 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung 23.02.14\ZIMMERMANN-PC\Backup Set 2014-02-23 182544\Backup Files 2014-02-23 182544\Backup files 9.zip"
sh=A9EBCE6B94B6F1A9A07FE0560680110883308C94 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung 31.05.14\ZIMMERMANN-PC\Backup Set 2014-05-31 203659\Backup Files 2014-05-31 203659\Backup files 10.zip"
sh=BE5B598925B15B25DC8B2FFAEB4B8344CDDFE790 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.AH evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung 31.05.14\ZIMMERMANN-PC\Backup Set 2014-05-31 203659\Backup Files 2014-05-31 203659\Backup files 3.zip"
sh=12DDA9978FEF747D004BB9D59BDFC2A036FE128D ft=0 fh=0000000000000000 vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung 31.05.14\ZIMMERMANN-PC\Backup Set 2014-05-31 203659\Backup Files 2014-05-31 203659\Backup files 8.zip"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

MfG... Carsten

Ach ja: Laufwerk C ist eine Samsung SSD , die defragmentiere ich nie.

M-K-D-B · 27.07.2014, 09:33

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

flieger-baby · 27.07.2014, 09:46

Hallo,

wie es ausschaut funktioniert alles wieder. Zumindest konnte ich jetzt das Avira-Update durchführen.

Vielen Dank für deine Hilfe !
Eine Spende fürs Forum geht noch heute raus !

Hier der Log:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by Zimmermann at 2014-07-27 10:41:28 Run:2
Running from C:\Users\Zimmermann\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
end
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

PS: Der Laptop meiner Frau macht zwar nicht wirklich Probleme, ich würde ihn aber trotzdem gerne mal "checken" lassen.

Wärst du bereit auch da mal ein Auge drauf zu werfen ?

Gruß ... und einen schönen Sonntag noch !
Carsten

M-K-D-B · 27.07.2014, 10:21

Zitat:

Zitat von flieger-baby

PS: Der Laptop meiner Frau macht zwar nicht wirklich Probleme, ich würde ihn aber trotzdem gerne mal "checken" lassen.

Ja klar, können wir gleich hier in diesem Thema machen.

FRST auf den Desktop deiner Frau downloaden und ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

flieger-baby · 27.07.2014, 13:30

Das ist aber echt klasse von Dir, vielen Dank !

Hier die Logs:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Sabrina (administrator) on SABRINA-PC on 27-07-2014 14:25:35
Running from C:\Users\Sabrina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/?a=6OxVSTVrIQ
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=6OxVSTVrIQ
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: JS Deminifier - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\jsdeminifier@murphy.ben.name.xpi [2012-01-15]
FF Extension: NoScript - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-25]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Edge - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-11] () [File not signed]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 14:25 - 2014-07-27 14:26 - 00009542 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-07-27 14:25 - 2014-07-27 14:25 - 00000000 ____D () C:\FRST
2014-07-27 14:24 - 2014-07-27 14:24 - 02093568 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2014-07-25 19:59 - 2014-07-25 19:59 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-07-09 07:38 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:38 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:38 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 07:38 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:37 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 07:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 07:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 07:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 07:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 07:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 07:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 07:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:37 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 07:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 07:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 07:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 07:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 07:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 07:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 07:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 07:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 07:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 07:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 07:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 07:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 07:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 07:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 07:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 07:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-30 17:39 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-30 17:39 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-29 21:34 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-29 21:34 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-29 21:34 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-29 21:34 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-29 21:34 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-29 21:34 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-29 21:34 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-29 21:34 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-29 21:34 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-29 21:34 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-29 21:34 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-29 21:34 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-29 21:34 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-29 21:34 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-29 21:34 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-29 21:34 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-29 21:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-29 21:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-29 21:14 - 2014-06-29 21:15 - 32942634 _____ () C:\Users\Sabrina\Downloads\Firmware_Acer_1.00.04_A_For Europe.zip
2014-06-29 21:13 - 2014-06-29 21:14 - 02247424 _____ (Acer Inc.) C:\Users\Sabrina\Downloads\HWVendorDetection.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 14:26 - 2014-07-27 14:25 - 00009542 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-07-27 14:25 - 2014-07-27 14:25 - 00000000 ____D () C:\FRST
2014-07-27 14:25 - 2013-04-12 05:52 - 01776440 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 14:24 - 2014-07-27 14:24 - 02093568 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2014-07-27 14:22 - 2014-02-02 02:00 - 00015064 _____ () C:\Windows\setupact.log
2014-07-27 14:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 11:09 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 11:09 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 00:35 - 2013-06-30 18:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 07:38 - 2014-02-11 08:03 - 00001812 _____ () C:\Windows\PFRO.log
2014-07-25 19:59 - 2014-07-25 19:59 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-07-10 11:35 - 2013-06-30 18:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 11:35 - 2013-04-12 20:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 11:35 - 2011-12-28 14:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 11:25 - 2013-08-06 05:20 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 08:49 - 2009-07-14 06:45 - 02342912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 08:48 - 2014-05-07 08:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 08:48 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 07:59 - 2013-08-14 05:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:57 - 2011-12-28 14:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-04 05:21 - 2013-08-06 05:18 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 04:09 - 2014-07-09 07:38 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-30 00:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-29 21:20 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-29 21:20 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-29 21:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:15 - 2014-06-29 21:14 - 32942634 _____ () C:\Users\Sabrina\Downloads\Firmware_Acer_1.00.04_A_For Europe.zip
2014-06-29 21:14 - 2014-06-29 21:13 - 02247424 _____ (Acer Inc.) C:\Users\Sabrina\Downloads\HWVendorDetection.exe

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-25 19:30

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Sabrina at 2014-07-27 14:27:19
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM-x32\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
IncrediMail (x32 Version: 6.2.9.5163 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.2.9.5163 - IncrediMail Ltd.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MS-Buchhalter Start 3.0 (HKLM-x32\...\MS-Buchhalter Start) (Version: 3.0 - Michael Schroeder)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Sweet Home 3D version 3.5 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-07-2014 03:20:04 Windows Update
06-07-2014 19:06:35 Windows Update
09-07-2014 05:55:36 Windows Update
16-07-2014 03:30:52 Windows Update
20-07-2014 15:43:00 Windows Update
24-07-2014 03:31:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2112660A-544F-475E-822F-25E801AAB22A} - System32\Tasks\{2AED43AA-152B-4013-AB9D-2B350F5874DB} => C:\Program Files (x86)\MS-Buchhalter\EZBook.exe [2011-09-02] ()
Task: {21D9611A-B848-44B7-85C6-8CFFD429D693} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C3F2A728-0CFB-44E4-8BE1-150852F7C8EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-12 12:03 - 2014-06-26 09:46 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IncrediMail => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2014 02:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 11:04:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 10:38:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 07:49:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2014 09:42:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2014 07:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 05:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:30:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 05:28:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2014 09:49:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/27/2014 02:23:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 11:04:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 10:38:07 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 07:49:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/26/2014 09:41:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/26/2014 07:39:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/25/2014 05:38:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2014 08:30:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/24/2014 05:27:31 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/22/2014 09:49:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3956.5 MB
Available physical RAM: 2228.29 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6179.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:48.61 GB) NTFS
Drive e: (Volume) (Fixed) (Total:200.43 GB) (Free:123.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 71757175)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruß... Carsten

M-K-D-B · 28.07.2014, 13:03

Servus Carsten,

ein bisschen Adware sehe ich auf dem Rechner, aber nichts Schlimmes an sich.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

flieger-baby · 28.07.2014, 17:55

Hallo Matthias,

hier sind die aktuellen Logs.

Code:

ATTFilter

# AdwCleaner v3.300 - Bericht erstellt am 28/07/2014 um 18:30:54
# Aktualisiert 27/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sabrina - SABRINA-PC
# Gestartet von : C:\Users\Sabrina\Desktop\adwcleaner_3.300.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

***** [ Tâches planifiées ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\ImInstaller

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2481 octets] - [28/07/2014 18:25:10]
AdwCleaner[S0].txt - [2104 octets] - [28/07/2014 18:30:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2164 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.07.2014
Suchlauf-Zeit: 18:36:28
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.28.04
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sabrina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 289373
Verstrichene Zeit: 11 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Sabrina (administrator) on SABRINA-PC on 28-07-2014 18:51:02
Running from C:\Users\Sabrina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: JS Deminifier - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\jsdeminifier@murphy.ben.name.xpi [2012-01-15]
FF Extension: NoScript - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-25]
FF Extension: Adblock Edge - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\mym5y3vs.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-11] () [File not signed]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 18:50 - 2014-07-28 18:50 - 00001159 _____ () C:\Users\Sabrina\Desktop\mbam.txt
2014-07-28 18:35 - 2014-07-28 18:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 18:35 - 2014-07-28 18:35 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-28 18:35 - 2014-07-28 18:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-28 18:35 - 2014-07-28 18:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-28 18:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 18:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-28 18:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-28 18:34 - 2014-07-28 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-28 18:33 - 2014-07-28 18:33 - 00002244 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S0].txt
2014-07-28 18:25 - 2014-07-28 18:30 - 00000000 ____D () C:\AdwCleaner
2014-07-28 18:24 - 2014-07-28 18:24 - 01367289 _____ () C:\Users\Sabrina\Desktop\adwcleaner_3.300.exe
2014-07-27 14:27 - 2014-07-27 14:28 - 00023024 _____ () C:\Users\Sabrina\Desktop\Addition.txt
2014-07-27 14:25 - 2014-07-28 18:51 - 00010283 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-07-27 14:25 - 2014-07-28 18:51 - 00000000 ____D () C:\FRST
2014-07-27 14:24 - 2014-07-27 14:24 - 02093568 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2014-07-25 19:59 - 2014-07-25 19:59 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-07-09 07:38 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:38 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:38 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:38 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 07:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 07:38 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:37 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 07:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 07:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 07:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 07:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 07:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 07:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 07:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:37 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 07:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 07:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 07:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 07:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 07:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 07:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 07:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 07:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 07:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 07:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 07:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 07:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 07:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 07:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 07:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 07:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-30 17:39 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-30 17:39 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-29 21:34 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-29 21:34 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-29 21:34 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-29 21:34 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-29 21:34 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-29 21:34 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-29 21:34 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-29 21:34 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-29 21:34 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-29 21:34 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-29 21:34 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-29 21:34 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-29 21:34 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-29 21:34 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-29 21:34 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-29 21:34 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-29 21:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-29 21:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-29 21:14 - 2014-06-29 21:15 - 32942634 _____ () C:\Users\Sabrina\Downloads\Firmware_Acer_1.00.04_A_For Europe.zip
2014-06-29 21:13 - 2014-06-29 21:14 - 02247424 _____ (Acer Inc.) C:\Users\Sabrina\Downloads\HWVendorDetection.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 18:51 - 2014-07-27 14:25 - 00010283 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-07-28 18:51 - 2014-07-27 14:25 - 00000000 ____D () C:\FRST
2014-07-28 18:50 - 2014-07-28 18:50 - 00001159 _____ () C:\Users\Sabrina\Desktop\mbam.txt
2014-07-28 18:39 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 18:39 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 18:36 - 2014-07-28 18:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 18:36 - 2013-04-12 05:52 - 01819865 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 18:35 - 2014-07-28 18:35 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-28 18:35 - 2014-07-28 18:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-28 18:35 - 2014-07-28 18:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-28 18:35 - 2013-06-30 18:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 18:34 - 2014-07-28 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-28 18:33 - 2014-07-28 18:33 - 00002244 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S0].txt
2014-07-28 18:31 - 2014-02-11 08:03 - 00002126 _____ () C:\Windows\PFRO.log
2014-07-28 18:31 - 2014-02-02 02:00 - 00015288 _____ () C:\Windows\setupact.log
2014-07-28 18:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 18:30 - 2014-07-28 18:25 - 00000000 ____D () C:\AdwCleaner
2014-07-28 18:24 - 2014-07-28 18:24 - 01367289 _____ () C:\Users\Sabrina\Desktop\adwcleaner_3.300.exe
2014-07-27 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-27 14:28 - 2014-07-27 14:27 - 00023024 _____ () C:\Users\Sabrina\Desktop\Addition.txt
2014-07-27 14:24 - 2014-07-27 14:24 - 02093568 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2014-07-25 19:59 - 2014-07-25 19:59 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-07-10 11:35 - 2013-06-30 18:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 11:35 - 2013-04-12 20:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 11:35 - 2011-12-28 14:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 11:25 - 2013-08-06 05:20 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 08:49 - 2009-07-14 06:45 - 02342912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 08:48 - 2014-05-07 08:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 08:48 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 07:59 - 2013-08-14 05:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:57 - 2011-12-28 14:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-04 05:21 - 2013-08-06 05:18 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 04:09 - 2014-07-09 07:38 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 21:20 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-29 21:20 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-29 21:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:15 - 2014-06-29 21:14 - 32942634 _____ () C:\Users\Sabrina\Downloads\Firmware_Acer_1.00.04_A_For Europe.zip
2014-06-29 21:14 - 2014-06-29 21:13 - 02247424 _____ (Acer Inc.) C:\Users\Sabrina\Downloads\HWVendorDetection.exe

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-25 19:30

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Sabrina at 2014-07-28 18:51:47
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM-x32\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
IncrediMail (x32 Version: 6.2.9.5163 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.2.9.5163 - IncrediMail Ltd.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MS-Buchhalter Start 3.0 (HKLM-x32\...\MS-Buchhalter Start) (Version: 3.0 - Michael Schroeder)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Sweet Home 3D version 3.5 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-07-2014 19:06:35 Windows Update
09-07-2014 05:55:36 Windows Update
16-07-2014 03:30:52 Windows Update
20-07-2014 15:43:00 Windows Update
24-07-2014 03:31:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2112660A-544F-475E-822F-25E801AAB22A} - System32\Tasks\{2AED43AA-152B-4013-AB9D-2B350F5874DB} => C:\Program Files (x86)\MS-Buchhalter\EZBook.exe [2011-09-02] ()
Task: {21D9611A-B848-44B7-85C6-8CFFD429D693} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C3F2A728-0CFB-44E4-8BE1-150852F7C8EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-12 12:03 - 2014-06-26 09:46 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IncrediMail => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 06:33:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 06:21:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 03:30:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 05:01:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 02:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 11:04:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 10:38:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2014 07:49:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2014 09:42:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2014 07:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/28/2014 06:33:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/28/2014 06:21:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/28/2014 03:30:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 05:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 02:42:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/27/2014 02:23:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 11:04:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 10:38:07 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/27/2014 07:49:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/26/2014 09:41:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3956.5 MB
Available physical RAM: 2465.38 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6058.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:48.04 GB) NTFS
Drive e: (Volume) (Fixed) (Total:200.43 GB) (Free:123.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 71757175)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruß... Carsten

M-K-D-B · 28.07.2014, 19:28

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

flieger-baby · 28.07.2014, 20:53

Hallo. Erledigt. Hier die Logs:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Sabrina at 2014-07-28 20:42:55 Run:1
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Reboot:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d2e4f53b1194144387ec591cca0581aa
# engine=19388
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-28 07:42:05
# local_time=2014-07-28 09:42:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 89327 158206375 0 0
# scanned=161105
# found=4
# cleaned=0
# scan_time=2946
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\alte Downloads\FreeYouTubetoMP3Converter.exe"
sh=FD5D1274D9E28F6AF00C6D0719FEFD0754798D6B ft=1 fh=e237b576c92c3fb8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\wichtige Downloads\FreeYouTubeToMP3Converter_3.11.29.825.exe"
sh=240771D1DD3BEE551A4BB75B288F7227905E4E68 ft=1 fh=69d28fe5704945b6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\wichtige Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````