Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundesamt für Sicherheit und Informationstechnik. (https://www.trojaner-board.de/142672-bundesamt-sicherheit-informationstechnik.html)

Camo 07.10.2013 18:09
Bundesamt für Sicherheit und Informationstechnik.
 
Hallo,

ich habe mir das Problemchen eingefangen, stieß bei der Suche hier auf die Seite und bin der Anleitung (Booten von CD, Reparatur, FRST Scan) soweit gefolgt.

Ich hoffe die angehängte Datei ist dienlich, da ich weder beim Thema #-Button im Editor, noch auf Vorschau klicken weiterwusste.
Sollten die von mir eingetippten Befehle amüsanter Unfug sein, bitte ich untertänigst um Vergebung und Chance zur Nachbesserung und bin gerne bereit, als Strafe einen Kirchen-Almanach eurer Wahl auf einer Gänsefeder abzuschreiben.

Vielen Dank im Voraus

M-K-D-B 07.10.2013 18:15
Servus,




Zuerst müssen wir auf einem sauberen Rechner den Fix erstellen. Das geht so:
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
HKU\Basti\...\Winlogon: [Shell] explorer.exe,C:\Users\Basti\AppData\Roaming\data.dat [143360 2013-08-02] () <==== ATTENTION
C:\Users\Basti\AppData\Roaming\data.dat
C:\Users\Basti\AppData\Roaming\settings.ini
C:\Users\Basti\gpopdfwgcwsnsvxahdm.bfg
C:\Users\Basti\AppData\Roaming\i.ini
end
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.





Starte anschließend deinen Rechner wieder im normalen Modus und berichte mir, ob das klappt.
Dann kanns nämlich weitergehen. ;)

Camo 08.10.2013 08:17
Danke für die Antwort. Ich habe besagtes getan, den Fixlog angehängt und habe wieder Zugrif:applaus::applaus:

M-K-D-B 08.10.2013 11:07
Servus,


Zitat:
Zitat von Camo (Beitrag 1170881)
Danke für die Antwort. Ich habe besagtes getan, den Fixlog angehängt und habe wieder Zugrif:applaus::applaus:
gut gemacht. :party:

Ich möchte sichergehen, dass dein Rechner auch wirklich sauber ist.

Daher bitte ich dich, FRST neu auf den Desktop herunterzuladen und von dort wie folgt auszuführen:



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Camo 08.10.2013 11:48

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Basti (administrator) on BASTI-PC on 08-10-2013 12:35:49
Running from C:\Users\Basti\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (666)] - C:\Program Files (x86)\F-Secure\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-09-30] (Avira Operations GmbH & Co. KG)
AppInit_DLLs:    [0 ] ()
Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A850B4473A8CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=38DA944452A9C675&affID=120524&tt=290813_dir&tsp=4989
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={1A31F824-27BA-4B3D-837F-A134C63EEF1D}&mid=7b4e6b58184f47d19a13d16c648c7d90-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2011-12-14 10:22:52&v=8.0.0.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -  No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (SaltarSmart) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0
CHR Extension: (Google Search) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-09-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-28] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [1967936 2010-09-30] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-09-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-09-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-08-19] (TuneUp Software)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 12:35 - 2013-10-08 12:35 - 01954124 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2013-10-08 12:31 - 2013-10-08 12:31 - 00000056 _____ C:\Windows\setupact.log
2013-10-08 12:31 - 2013-10-08 12:31 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 12:30 - 2013-10-08 12:30 - 00001064 _____ C:\Windows\PFRO.log
2013-10-08 11:01 - 2013-10-08 11:01 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-08 10:59 - 2013-10-08 11:02 - 131918888 _____ C:\Users\Basti\Downloads\avast_free_antivirus_setup.exe
2013-10-08 10:59 - 2013-10-08 10:59 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-08 10:38 - 2013-10-08 10:38 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Avira
2013-10-08 10:33 - 2013-10-08 10:33 - 00002080 _____ C:\Users\Basti\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-10-08 10:33 - 2013-10-08 10:33 - 00002009 _____ C:\Users\Basti\Desktop\Avira DE-Cleaner.lnk
2013-10-08 10:32 - 2013-10-08 10:32 - 00002085 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-08 10:31 - 2013-10-08 10:31 - 00000000 ____D C:\ProgramData\Avira
2013-10-08 10:31 - 2013-10-08 10:31 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-08 10:31 - 2013-09-30 11:01 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-08 10:31 - 2013-09-30 11:01 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-08 10:31 - 2013-09-30 11:01 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-08 10:31 - 2013-09-30 11:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-08 10:20 - 2013-10-08 10:22 - 122946048 _____ C:\Users\Basti\Downloads\avira14_free_antivirus_de.exe
2013-10-07 19:40 - 2013-10-07 19:40 - 00000000 ____D C:\FRST
2013-10-03 16:45 - 2013-10-03 16:45 - 00142226 _____ C:\Users\Basti\Downloads\Notizen.Gadget
2013-10-03 16:43 - 2013-10-03 16:43 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D9912FF-6E23-43E9-9FC6-3C7E886B3A3D}
2013-10-02 16:17 - 2013-10-02 19:29 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-10-02 16:17 - 2013-10-02 16:17 - 00001159 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-10-02 16:14 - 2013-10-02 16:15 - 40048208 _____ (Blizzard Entertainment) C:\Users\Basti\Downloads\Diablo-III-Setup-enUS.exe
2013-09-24 09:46 - 2013-09-24 09:46 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (17).torrent
2013-09-24 09:45 - 2013-09-24 09:45 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (16).torrent
2013-09-24 09:45 - 2013-09-24 09:45 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (15).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (9).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (14).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (13).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (12).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (11).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (10).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (8).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (7).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (6).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (5).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (4).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html.torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (3).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (2).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (1).torrent
2013-09-16 09:19 - 2013-09-16 09:22 - 00000000 ____D C:\Users\Basti\Desktop\Play Alongs
2013-09-15 19:22 - 2013-09-15 19:22 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e06.www.videovill.com.mp4__3516_i73474478_il7633064.exe
2013-09-15 10:34 - 2013-09-15 10:34 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e03.www.videovill.com.avi.mp4__3515_i73226066_il7526887.exe
2013-09-15 10:33 - 2013-09-15 10:33 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e03.www.videovill.com.avi.mp4__3038_i73225888_il7526887.exe
2013-09-12 14:49 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 14:49 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 14:49 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 14:49 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 14:49 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 14:49 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 14:49 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 14:49 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 14:49 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 14:49 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 14:49 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 14:49 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 14:49 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 14:49 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 13:40 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 13:40 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 13:40 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 13:40 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 13:40 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 13:40 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 13:40 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 13:40 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 13:40 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 13:40 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 13:40 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 13:40 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 13:40 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 13:40 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 13:40 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 13:40 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 13:40 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 13:40 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 13:40 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 13:40 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 13:40 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 13:40 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 13:40 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 13:40 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 13:40 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 13:40 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 13:40 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 17:22 - 2013-10-08 11:03 - 00000000 ____D C:\Windows\MiniDump
2013-09-09 19:31 - 2013-09-09 19:31 - 00000202 _____ C:\Users\Basti\Desktop\Total War ROME II.url
2013-09-09 19:26 - 2013-09-09 19:26 - 01038704 _____ (Amazon Services LLC) C:\Users\Basti\Downloads\Total_War_Rome_II_Downloader.exe

==================== One Month Modified Files and Folders =======

2013-10-08 12:35 - 2013-10-08 12:35 - 01954124 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2013-10-08 12:35 - 2011-11-21 19:12 - 01358679 _____ C:\Windows\WindowsUpdate.log
2013-10-08 12:33 - 2011-11-28 14:55 - 00000000 ___RD C:\Users\Basti\Dropbox
2013-10-08 12:33 - 2011-11-28 14:53 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Dropbox
2013-10-08 12:32 - 2012-04-01 12:35 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 12:32 - 2011-11-21 19:16 - 00000000 ____D C:\Users\Basti
2013-10-08 12:31 - 2013-10-08 12:31 - 00000056 _____ C:\Windows\setupact.log
2013-10-08 12:31 - 2013-10-08 12:31 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 12:31 - 2011-11-21 19:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 12:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 12:30 - 2013-10-08 12:30 - 00001064 _____ C:\Windows\PFRO.log
2013-10-08 12:30 - 2012-01-23 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-08 12:28 - 2013-01-27 11:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 12:13 - 2012-04-01 12:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 11:03 - 2013-09-11 17:22 - 00000000 ____D C:\Windows\MiniDump
2013-10-08 11:03 - 2011-11-21 23:44 - 00000000 ____D C:\Users\Basti\AppData\Roaming\TS3Client
2013-10-08 11:03 - 2011-11-21 19:08 - 00000000 ____D C:\Windows\Panther
2013-10-08 11:02 - 2013-10-08 10:59 - 131918888 _____ C:\Users\Basti\Downloads\avast_free_antivirus_setup.exe
2013-10-08 11:01 - 2013-10-08 11:01 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-08 11:01 - 2012-01-23 11:51 - 00000000 ____D C:\Program Files\CCleaner
2013-10-08 10:59 - 2013-10-08 10:59 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-08 10:59 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 10:59 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 10:38 - 2013-10-08 10:38 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Avira
2013-10-08 10:33 - 2013-10-08 10:33 - 00002080 _____ C:\Users\Basti\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-10-08 10:33 - 2013-10-08 10:33 - 00002009 _____ C:\Users\Basti\Desktop\Avira DE-Cleaner.lnk
2013-10-08 10:32 - 2013-10-08 10:32 - 00002085 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-08 10:31 - 2013-10-08 10:31 - 00000000 ____D C:\ProgramData\Avira
2013-10-08 10:31 - 2013-10-08 10:31 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-08 10:22 - 2013-10-08 10:20 - 122946048 _____ C:\Users\Basti\Downloads\avira14_free_antivirus_de.exe
2013-10-08 09:36 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-10-08 09:36 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-10-08 09:36 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 19:40 - 2013-10-07 19:40 - 00000000 ____D C:\FRST
2013-10-03 19:09 - 2011-11-23 23:07 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Skype
2013-10-03 16:45 - 2013-10-03 16:45 - 00142226 _____ C:\Users\Basti\Downloads\Notizen.Gadget
2013-10-03 16:43 - 2013-10-03 16:43 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D9912FF-6E23-43E9-9FC6-3C7E886B3A3D}
2013-10-02 19:29 - 2013-10-02 16:17 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-10-02 16:17 - 2013-10-02 16:17 - 00001159 _____ C:\Users\Public\Desktop\Diablo III.lnk
2013-10-02 16:15 - 2013-10-02 16:14 - 40048208 _____ (Blizzard Entertainment) C:\Users\Basti\Downloads\Diablo-III-Setup-enUS.exe
2013-09-30 11:01 - 2013-10-08 10:31 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-30 11:01 - 2013-10-08 10:31 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-30 11:01 - 2013-10-08 10:31 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-30 11:01 - 2013-10-08 10:31 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-27 10:54 - 2013-06-15 15:18 - 00000000 ____D C:\Program Files (x86)\Diablo II
2013-09-25 13:42 - 2011-11-22 11:38 - 00000000 ____D C:\Fotos
2013-09-24 09:46 - 2013-09-24 09:46 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (17).torrent
2013-09-24 09:45 - 2013-09-24 09:45 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (16).torrent
2013-09-24 09:45 - 2013-09-24 09:45 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (15).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (9).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (14).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (13).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (12).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (11).torrent
2013-09-24 09:44 - 2013-09-24 09:44 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (10).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (8).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (7).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (6).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (5).torrent
2013-09-24 09:43 - 2013-09-24 09:43 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (4).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html.torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (3).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (2).torrent
2013-09-24 09:42 - 2013-09-24 09:42 - 00000301 _____ C:\Users\Basti\Downloads\widgets-tweet_button.html (1).torrent
2013-09-23 17:09 - 2013-02-20 12:10 - 00000000 ____D C:\Program Files (x86)\War Thunder
2013-09-21 13:28 - 2013-01-27 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 13:28 - 2013-01-27 11:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 13:28 - 2011-11-21 20:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 10:21 - 2013-01-23 21:47 - 00000000 ____D C:\Program Files (x86)\F-Secure
2013-09-16 09:22 - 2013-09-16 09:19 - 00000000 ____D C:\Users\Basti\Desktop\Play Alongs
2013-09-15 19:22 - 2013-09-15 19:22 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e06.www.videovill.com.mp4__3516_i73474478_il7633064.exe
2013-09-15 10:34 - 2013-09-15 10:34 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e03.www.videovill.com.avi.mp4__3515_i73226066_il7526887.exe
2013-09-15 10:33 - 2013-09-15 10:33 - 00155680 _____ C:\Users\Basti\Downloads\the.killing.s01e03.www.videovill.com.avi.mp4__3038_i73225888_il7526887.exe
2013-09-13 15:55 - 2011-11-23 11:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 11:53 - 2011-11-21 19:39 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-12 19:26 - 2011-11-21 19:17 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 19:26 - 2011-11-21 19:17 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 19:25 - 2009-07-14 06:45 - 00422568 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 14:49 - 2013-08-15 15:05 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 14:47 - 2012-03-31 13:45 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 17:28 - 2013-06-11 15:49 - 00000000 ____D C:\Users\Basti\AppData\Local\TSVNCache
2013-09-11 17:26 - 2011-11-21 20:00 - 00000000 ____D C:\Users\Basti\Desktop\Verschiedenes
2013-09-11 17:13 - 2012-11-22 18:23 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-09-11 17:10 - 2011-11-21 19:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-11 17:02 - 2012-01-23 11:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-11 16:03 - 2012-02-19 12:47 - 00000000 ____D C:\Ubisoft
2013-09-09 19:31 - 2013-09-09 19:31 - 00000202 _____ C:\Users\Basti\Desktop\Total War ROME II.url
2013-09-09 19:26 - 2013-09-09 19:26 - 01038704 _____ (Amazon Services LLC) C:\Users\Basti\Downloads\Total_War_Rome_II_Downloader.exe

Some content of TEMP:
====================
C:\Users\Basti\AppData\Local\Temp\avgnt.exe
C:\Users\Basti\AppData\Local\Temp\ojudttkjpbadovdf.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-07-28 09:01

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Basti at 2013-10-08 12:37:48
Running from C:\Users\Basti\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acoustica Standard Edition 5.0 (x32 Version: 5.0)
AdblockIE (x32 Version: 1.2)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Download Assistant (x32 Version: 1.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.1) - Deutsch (x32 Version: 10.1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin's Creed(R) III v1.05 (x32 Version: 1.05)
Avira Free Antivirus (x32 Version: 14.0.0.383)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3)
Bonjour (Version: 3.0.0.10)
Canon MP Navigator EX 2.0 (x32)
Canon Utilities Solution Menu (x32)
CanoScan 5600F Scanner Driver
CanoScan Toolbox Ver4.9 (x32)
CCleaner (Version: 3.14)
Company of Heroes 2 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Diablo II (x32)
Diablo III (x32 Version: 1.0.8.16603)
Dropbox (HKCU Version: 2.0.22)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Studio version 2013 (x32 Version: 6.1.4.628)
F-Secure (x32 Version: 1.71.340.0)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
iTunes (Version: 11.0.3.42)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller-Treiber 296.10 (Version: 296.10)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (x32 Version: 9.1.3.2637)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PunkBuster Services (x32 Version: 0.991)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.4)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Skype™ 6.0 (x32 Version: 6.0.126)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
Total War: ROME II (x32)
TuneUp Utilities 2011 (x32 Version: 10.0.1000.47)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.1000.47)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
War Thunder Launcher 1.0.1.149 (x32)
Wartung Samsung ML-1660 Series (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
WinSysClean X3 Trial (Version: 13.00)
WinSysClean X3 Trial (x32 Version: 13.00)
WinZip 17.5 (Version: 17.5.10480)

==================== Restore Points  =========================

13-09-2013 13:53:21 Windows Update
17-09-2013 12:53:47 Windows Update
24-09-2013 07:40:57 Windows Update
02-10-2013 13:55:08 Windows Update
08-10-2013 07:18:10 Windows Update
08-10-2013 08:55:59 avast! Free Antivirus Setup

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04456091-3834-4F47-8C7B-14C0796CB6E1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {329B016D-5A0F-47C6-8221-7D41520AEFE6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {5C64385F-56DC-4264-ABC6-1BB5693A1A6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {6015242A-E5B7-426C-99FC-C523535F49A0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2010-09-30] (TuneUp Software)
Task: {65AB7CE7-A08B-4783-A372-FB6A3E285178} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {797E7EE4-7EC9-4BC1-BAB8-BA426389CB8D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {89BF6DD1-CCB0-4308-8A4B-037D5043F0B1} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2012-05-23] (RealNetworks, Inc.)
Task: {C238930A-0AE4-41EA-ACFB-0DCDFEF85AA0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4148431207-2329221951-120899382-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {F3E24CCC-6310-4340-A534-85D41257A0D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {F85B26E5-284D-434E-9B1B-0778FD9D2C4C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4148431207-2329221951-120899382-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 10:31 - 2013-09-30 11:01 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Basti\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-23 21:47 - 2013-01-23 21:47 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2013-09-18 22:16 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-18 22:16 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-18 22:16 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-18 22:16 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-18 22:16 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 00:32:50 PM) (Source: ESENT) (User: )
Description: DllHost (3484) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Basti\AppData\Local\Microsoft\Windows\WebCache\V01000C0.log.

Error: (10/08/2013 10:29:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/11/2013 05:24:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.1000.47, Zeitstempel: 0x4ca4a8d4
Name des fehlerhaften Moduls: rtl120.bpl, Version: 12.0.3420.21218, Zeitstempel: 0x4a0b8b7f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00008839
ID des fehlerhaften Prozesses: 0x8b8
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (09/11/2013 05:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/09/2013 10:45:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rome2.exe, Version: 1.0.0.1, Zeitstempel: 0x522a2d8b
Name des fehlerhaften Moduls: Rome2.dll, Version: 1.0.0.1, Zeitstempel: 0x522a2c8c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0103b134
ID des fehlerhaften Prozesses: 0x974
Startzeit der fehlerhaften Anwendung: 0xrome2.exe0
Pfad der fehlerhaften Anwendung: rome2.exe1
Pfad des fehlerhaften Moduls: rome2.exe2
Berichtskennung: rome2.exe3

Error: (09/09/2013 10:45:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rome2.exe, Version: 1.0.0.1, Zeitstempel: 0x522a2d8b
Name des fehlerhaften Moduls: Rome2.dll, Version: 1.0.0.1, Zeitstempel: 0x522a2c8c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0103b134
ID des fehlerhaften Prozesses: 0x974
Startzeit der fehlerhaften Anwendung: 0xrome2.exe0
Pfad der fehlerhaften Anwendung: rome2.exe1
Pfad des fehlerhaften Moduls: rome2.exe2
Berichtskennung: rome2.exe3

Error: (08/29/2013 05:51:38 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (08/12/2013 01:48:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: launcher.exe_War Thunder, Version: 1.0.1.185, Zeitstempel: 0x51eeee5c
Name des fehlerhaften Moduls: launcher.exe, Version: 1.0.1.185, Zeitstempel: 0x51eeee5c
Ausnahmecode: 0x80000003
Fehleroffset: 0x00097894
ID des fehlerhaften Prozesses: 0xe40
Startzeit der fehlerhaften Anwendung: 0xlauncher.exe_War Thunder0
Pfad der fehlerhaften Anwendung: launcher.exe_War Thunder1
Pfad des fehlerhaften Moduls: launcher.exe_War Thunder2
Berichtskennung: launcher.exe_War Thunder3

Error: (07/29/2013 07:39:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/29/2013 07:12:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (10/08/2013 00:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (10/08/2013 00:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/08/2013 00:31:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/08/2013 00:31:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/08/2013 10:53:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (10/08/2013 10:53:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/08/2013 10:51:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/08/2013 10:51:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/08/2013 10:27:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (10/08/2013 10:27:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8191.18 MB
Available physical RAM: 5548.68 MB
Total Pagefile: 20189.36 MB
Available Pagefile: 17333.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Lokaler Datenträger) (Fixed) (Total:465.66 GB) (Free:191.49 GB) NTFS
Drive d: (SSD) (Fixed) (Total:119.24 GB) (Free:40.87 GB) NTFS
Drive f: (GRMCHPXFREO_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive g: (INTENSO) (Removable) (Total:29.65 GB) (Free:21.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 33586E85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 119 GB) (Disk ID: 5A54C3C0)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

M-K-D-B 08.10.2013 18:18
Servus,


ok, es gibt noch was zu tun. :)


So geht es weiter:




Servus,




Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es eine Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT.

Camo 09.10.2013 09:42
Danke für die weitere Hilfe !

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Basti on 09.10.2013 at 10:34:38,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2625848
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Basti\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Basti\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Basti\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Basti\appdata\locallow\datamngr"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Basti\appdata\local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2013 at 10:39:12,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v3.006 - Bericht erstellt am 09/10/2013 um 10:20:05
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Basti - BASTI-PC
# Gestartet von : C:\Users\Basti\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\Basti\AppData\Local\Conduit
Ordner Gefunden C:\Users\Basti\AppData\Local\PackageAware
Ordner Gefunden C:\Users\Basti\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Basti\AppData\Roaming\AVG Secure Search
Ordner Gefunden C:\Users\Basti\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v30.0.1599.69

[ Datei : C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5059 octets] - [09/10/2013 10:20:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5119 octets] ##########
Code:
ComboFix 13-10-08.01 - Basti 09.10.2013  10:26:29.1.3 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6164 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Basti\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Basti\AppData\Roaming\csrsss.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-09 bis 2013-10-09  ))))))))))))))))))))))))))))))
.
.
2013-10-09 08:31 . 2013-10-09 08:31        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-10-09 08:31 . 2013-10-09 08:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-09 08:20 . 2013-10-09 08:20        --------        d-----w-        c:\windows\ERUNT
2013-10-09 08:19 . 2013-10-09 08:20        --------        d-----w-        C:\AdwCleaner
2013-10-08 08:58 . 2013-10-08 08:58        --------        d-s---w-        c:\windows\SysWow64\Microsoft
2013-10-08 08:38 . 2013-10-08 08:38        --------        d-----w-        c:\users\Basti\AppData\Roaming\Avira
2013-10-08 08:31 . 2013-09-30 09:01        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-10-08 08:31 . 2013-09-30 09:01        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-10-08 08:31 . 2013-09-30 09:01        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-10-08 08:31 . 2013-09-30 09:01        105856        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-10-08 08:31 . 2013-10-08 08:31        --------        d-----w-        c:\programdata\Avira
2013-10-08 08:31 . 2013-10-08 08:31        --------        d-----w-        c:\program files (x86)\Avira
2013-10-08 07:19 . 2013-09-05 05:32        9694160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C12A1B2B-46CA-4B58-90E2-6DE16AC13B1D}\mpengine.dll
2013-10-07 17:40 . 2013-10-07 17:40        --------        d-----w-        C:\FRST
2013-10-02 14:17 . 2013-10-02 17:29        --------        d-----w-        c:\program files (x86)\Diablo III
2013-09-12 11:40 . 2013-08-05 02:25        155584        ----a-w-        c:\windows\system32\drivers\ataport.sys
2013-09-09 20:28 . 2013-09-09 20:28        --------        d-----w-        c:\users\Basti\AppData\Roaming\The Creative Assembly
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 11:28 . 2013-01-27 09:30        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-21 11:28 . 2011-11-21 18:27        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 12:47 . 2012-03-31 11:45        79143768        ----a-w-        c:\windows\system32\MRT.exe
2013-08-30 07:47 . 2012-01-23 09:56        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-08-12 12:20 . 2011-11-22 20:05        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-08-12 12:20 . 2011-11-22 09:15        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-08-12 12:20 . 2011-11-22 09:15        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-08-07 02:22 . 2011-11-21 17:48        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 11:40        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 07:10        1888768        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 07:10        1620992        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 07:10        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 07:10        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"F-Secure Hoster (666)"="c:\program files (x86)\F-Secure\fshoster32.exe" [2012-11-26 183864]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-30 681032]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe;c:\program files (x86)\F-Secure\fshoster32.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 13:15        1185744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-27 11:28]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 10:35]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 10:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="909f3b03-1421-4495-88f0-50019c9ce52e"
"AuthorizationCode"=""
"666_AgentIdentifier"="909f3b03-1421-4495-88f0-50019c9ce52e"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-09  10:33:30
ComboFix-quarantined-files.txt  2013-10-09 08:33
.
Vor Suchlauf: 20 Verzeichnis(se), 205.398.188.032 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 205.483.040.768 Bytes frei
.
- - End Of File - - 3067BE5458E0839731506FEF327CBDD6
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 09.10.2013 14:44
Servus,


AdwCleaner nochmal ausführen, du hast vergessen, nach dem Suchlauf auf "Löschen zu klicken". ;)


Danach nochmal FRST:


Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.




Wie läuft dein Rechner momentan?

M-K-D-B 13.10.2013 12:02
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19