Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sehr schlechte Internetgeschwindigkeit trotz gutem Internet (https://www.trojaner-board.de/152711-sehr-schlechte-internetgeschwindigkeit-trotz-gutem-internet.html)

joni_k 18.04.2014 15:33
Sehr schlechte Internetgeschwindigkeit trotz gutem Internet
 
Ich bin durch Zufall auf diese Seite gekommen und hoffe sehr, dass mir jemand helfen kann.
Mein Problem ist sehr eigenartig und mir noch nie vorher begegnet: Mein Laptop ist nicht sehr weit von unserem Router (Fritz Box) entfernt und mein Internet war an dieser Stelle stets schnell und zuverlässig. Doch vom einen Tag auf den anderen war meine Internetgeschwindigkeit sowohl bei meinem Laptop, als auch bei meinem Tablet (IPad) katastrophal. Das skurile jedoch ist auch, dass das Internet aller anderen internetfähigen Geräte von uns, einige sogar weiter vom Router entfernt, weiterhin hervorragend funktionieren. Selbst wenn ich mit meinem IPad an eine andere Stelle des Hauses gehe, z.B zu meinem Bruder, der mit seinem Handy ohne jegliche Internetprobleme surft, hab ich immernoch eine schlecht Verbindung.
Zusdammenfassend nochmal: Meine beiden Internetfähige Geräte( IPaad, Laptop) haben trotz voller Internetempfangsstärke (alle Balken des Empfanges sind voll) eine katastrophale Internetgeschwindigkeit, während alle anderen Geräte das alt gewohnte gute und schnelle Internet haben, das ich auch immer hatte. Vermutlich auch noch relevant: Ich habe eine gutes Antivirusprogramm, das nichts eigenartiges anzeigt. Ich bitte und danke schon im vorraus für eine gute Hilfe

schrauber 18.04.2014 15:41
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


joni_k 18.04.2014 18:40
Zunächst einmal: Danke für die schnelle Hilfe
Zunächst die FRST.txt:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Krauss (administrator) on LAPTOP on 18-04-2014 19:34:10
Running from C:\Users\Krauss\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-07] (AVAST Software)
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3863069283-2814587192-1313183951-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=176be48d-41c1-b9fd-1173-ec2b57abe443&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Delta Homes
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Search-Gol
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390230080&from=tugs&uid=ST500LM011XHM501II_S24QJ9CC622539&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Delta Homes
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Homes
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390230080&from=tugs&uid=ST500LM011XHM501II_S24QJ9CC622539&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390230080&from=tugs&uid=ST500LM011XHM501II_S24QJ9CC622539&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390230080&from=tugs&uid=ST500LM011XHM501II_S24QJ9CC622539&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=176be48d-41c1-b9fd-1173-ec2b57abe443&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/01/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=176be48d-41c1-b9fd-1173-ec2b57abe443&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/01/2014&type=hp1000
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - 2C961B03273F4F40A0704105FE85F26C URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST500LM011XHM501II_S24QJ9CC622539&ts=1393429177&type=default&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=176be48d-41c1-b9fd-1173-ec2b57abe443&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/01/2014&type=hp1000
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default\Extensions\quick_start@gmail.com [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\cradq9c9.default\extensions\quick_start@gmail.com [2014-04-12]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-19]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-07] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-03-04] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-03-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-12] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-07] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-02-04] (LogMeIn Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-12] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-12] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-03-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 19:34 - 2014-04-18 19:34 - 00017983 _____ () C:\Users\Krauss\Downloads\FRST.txt
2014-04-18 19:33 - 2014-04-18 19:34 - 00000000 ____D () C:\FRST
2014-04-18 19:30 - 2014-04-18 19:32 - 02158592 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64.exe
2014-04-18 19:29 - 2014-04-18 19:29 - 01146880 _____ (Farbar) C:\Users\Krauss\Downloads\FRST.exe
2014-03-19 21:37 - 2014-03-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-18 19:34 - 2014-04-18 19:34 - 00017983 _____ () C:\Users\Krauss\Downloads\FRST.txt
2014-04-18 19:34 - 2014-04-18 19:33 - 00000000 ____D () C:\FRST
2014-04-18 19:32 - 2014-04-18 19:30 - 02158592 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64.exe
2014-04-18 19:31 - 2012-12-25 16:41 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Skype
2014-04-18 19:30 - 2014-03-12 01:02 - 01989479 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-18 19:29 - 2014-04-18 19:29 - 01146880 _____ (Farbar) C:\Users\Krauss\Downloads\FRST.exe
2014-04-18 19:25 - 2012-12-25 13:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3863069283-2814587192-1313183951-1001
2014-04-18 19:22 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-18 19:22 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-18 19:22 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-18 19:22 - 2012-12-25 13:03 - 00000000 ____D () C:\Users\Krauss\Documents\Youcam
2014-04-18 19:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-18 17:12 - 2012-12-26 11:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-18 17:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-18 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-16 15:01 - 2013-02-27 18:52 - 00089320 _____ () C:\Users\Krauss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-14 12:21 - 2014-03-12 00:44 - 00000000 ____D () C:\Users\Krauss
2014-04-14 11:29 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-06 12:03 - 2014-02-26 17:39 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-04-05 13:09 - 2013-08-22 16:46 - 00290328 _____ () C:\WINDOWS\setupact.log
2014-03-19 22:28 - 2012-12-25 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 21:37 - 2014-03-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 16:29 - 2013-08-20 20:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 16:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-19 16:25 - 2013-01-04 18:28 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 16:02

==================== End Of Log ============================
--- --- ---

Nun das Addition.txt:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Krauss at 2014-04-18 19:34:53
Running from C:\Users\Krauss\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.1930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E671D411-5F2E-45D6-957C-EB78641192AB}) (Version: 15.05.4000.1515 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
Rappelz (HKLM-x32\...\{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1) (Version: Rappelz - gPotato.eu)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.12 - Synaptics Incorporated)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.29 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Restore Points  =========================

14-03-2014 10:23:54 Windows Update
07-04-2014 14:34:35 Geplanter Prüfpunkt
16-04-2014 11:09:05 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1A174F5C-1A79-4F27-A8A7-2E663B3AD6BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-07] (AVAST Software)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {71E05470-F6DD-44E7-94DE-41E46A20F903} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-05] (Synaptics Incorporated)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D514B317-2E13-423F-817B-FB6A0CEAB484} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC05D41C-858F-446A-A3C0-ECB7C22231EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-19] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 17:01 - 2014-03-04 18:19 - 00070848 _____ () C:\Program Files (x86)\Mobogenie\MgAssist.exe
2012-09-22 05:28 - 2010-08-19 11:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-13 22:05 - 2014-04-13 09:01 - 02210304 _____ () C:\Program Files\AVAST Software\Avast\defs\14041300\algo.dll
2014-04-17 00:10 - 2014-04-16 18:12 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll
2014-02-26 17:39 - 2014-02-26 17:39 - 00612496 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2014-03-16 13:03 - 2014-03-16 13:03 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8bb41c02a60ce86db6647822d966a691\PSIClient.ni.dll
2012-09-24 05:26 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 21:37 - 2014-03-19 21:37 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-12 19:19 - 2012-11-20 17:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-01-12 19:19 - 2013-11-12 10:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2012-09-22 05:26 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-13 18:48 - 2013-12-13 18:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 03:49:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop)
Description: Das Paket „Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe+Microsoft.Reader“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (04/18/2014 03:49:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: glcnd.exe, Version: 6.3.9600.17044, Zeitstempel: 0x531f2957
Name des fehlerhaften Moduls: glcnd.exe, Version: 6.3.9600.17044, Zeitstempel: 0x531f2957
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0000000000314c2d
ID des fehlerhaften Prozesses: 0x1468
Startzeit der fehlerhaften Anwendung: 0xglcnd.exe0
Pfad der fehlerhaften Anwendung: glcnd.exe1
Pfad des fehlerhaften Moduls: glcnd.exe2
Berichtskennung: glcnd.exe3
Vollständiger Name des fehlerhaften Pakets: glcnd.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: glcnd.exe5

Error: (04/16/2014 09:43:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.14.0.104, Zeitstempel: 0x52f90e3e
Name des fehlerhaften Moduls: Skype.exe, Version: 6.14.0.104, Zeitstempel: 0x52f90e3e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00490392
ID des fehlerhaften Prozesses: 0xb98
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
Vollständiger Name des fehlerhaften Pakets: Skype.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Skype.exe5

Error: (04/16/2014 11:24:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x6e0
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5

Error: (04/14/2014 11:45:40 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 278

Startzeit: 01cf57c4a5d89c15

Endzeit: 50

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 8749953c-c3b9-11e3-bec4-84a6c835e9a8

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/13/2014 00:16:19 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x348
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (04/08/2014 07:51:51 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (04/02/2014 08:13:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (03/25/2014 06:43:59 PM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (03/25/2014 06:41:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6690.5000, Zeitstempel: 0x52881869
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16502, Zeitstempel: 0x52c35a76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001e12c
ID des fehlerhaften Prozesses: 0x12e8
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5


System errors:
=============
Error: (04/18/2014 05:25:21 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x9000000000009. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/18/2014 05:25:19 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x9000000000009. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/18/2014 05:09:34 PM) (Source: DCOM) (User: Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/18/2014 05:09:04 PM) (Source: DCOM) (User: Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/18/2014 04:03:22 PM) (Source: DCOM) (User: Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/18/2014 04:02:52 PM) (Source: DCOM) (User: Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/18/2014 03:50:48 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/16/2014 11:38:54 PM) (Source: DCOM) (User: Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/16/2014 11:38:24 PM) (Source: DCOM) (User: Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/16/2014 01:13:04 PM) (Source: DCOM) (User: Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (03/25/2014 06:41:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3972.65 MB
Available physical RAM: 1974.59 MB
Total Pagefile: 4676.65 MB
Available Pagefile: 2465.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:403.61 GB) (Free:351.68 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3A192899)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---
Nochmalsdanke undich hoffe du kannst etwas damit anfangen
Viel Glück
joni_k

schrauber 19.04.2014 12:11
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

joni_k 21.04.2014 17:42
Sorry, dass es was lange gedauert hat aber ich hab jetzt alles. Zuerst noch danke für die Hilfe!
Ich weiß, dass auch sie sehr beschäftigt sind und schätze es deshalb umso mehr mir wegen meines Problemes zuhelfen. Bringen wir die Sache zu Ende:

Malware Antivirus Bericht:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 21.04.2014 15:36:27, SYSTEM, LAPTOP, Protection, Malware Protection, Starting,
Protection, 21.04.2014 15:36:27, SYSTEM, LAPTOP, Protection, Malware Protection, Started,
Protection, 21.04.2014 15:36:27, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Starting,
Protection, 21.04.2014 15:36:28, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Started,
Update, 21.04.2014 15:37:30, SYSTEM, LAPTOP, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 21.04.2014 15:40:26, SYSTEM, LAPTOP, Manual, Malware Database, 2014.3.4.9, 2014.4.21.4,
Protection, 21.04.2014 15:40:29, SYSTEM, LAPTOP, Protection, Refresh, Starting,
Protection, 21.04.2014 15:40:29, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopping,
Protection, 21.04.2014 15:40:29, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopped,
Protection, 21.04.2014 15:40:34, SYSTEM, LAPTOP, Protection, Refresh, Success,
Protection, 21.04.2014 15:40:34, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Starting,
Protection, 21.04.2014 15:40:34, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Started,
Protection, 21.04.2014 16:05:28, SYSTEM, LAPTOP, Protection, Malware Protection, Starting,
Protection, 21.04.2014 16:05:28, SYSTEM, LAPTOP, Protection, Malware Protection, Started,
Protection, 21.04.2014 16:05:28, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Starting,
Protection, 21.04.2014 16:05:28, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Started,

(end)

Nun der adw-Cleaner Bericht:AdwCleaner Logfile:
Code:
# AdwCleaner v3.102 - Bericht erstellt am 21/04/2014 um 18:05:22
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Krauss - LAPTOP

Jetzt der JRT-Bericht:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Krauss on 21.04.2014 at 18:14:02,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2014 at 18:22:48,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Gestartet von : C:\Users\Krauss\Downloads\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\WINDOWS\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\Administrator\Documents\Youcam
Ordner Gelöscht : C:\Users\Krauss\.android
Ordner Gelöscht : C:\Users\Krauss\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Krauss\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Krauss\Documents\Youcam
Datei Gelöscht : C:\Users\Krauss\daemonprocess.txt

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\kx8o5kwo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1142 octets] - [21/04/2014 17:51:24]
AdwCleaner[S0].txt - [1075 octets] - [21/04/2014 18:05:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1135 octets] ##########
--- --- ---

Und zu guter letzt noch der gewünschte frische FRST-Log
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Krauss (administrator) on LAPTOP on 21-04-2014 18:34:55
Running from C:\Users\Krauss\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Krauss\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2014-04-20] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKCU - {9A75080D-DABD-46BD-B1EA-4D8E6FE61A1D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Krauss\AppData\Roaming\Mozilla\Firefox\Profiles\kx8o5kwo.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-22]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-22]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-22]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-09-22]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-09-22]

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-04-20] (Kaspersky Lab ZAO)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-21] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2014-04-21] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-04-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-21] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-04-21] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-04-21] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2014-04-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2014-04-21] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4293672 2012-09-13] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 18:28 - 2014-04-21 18:31 - 02163712 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64(1).exe
2014-04-21 18:22 - 2014-04-21 18:22 - 00000613 _____ () C:\Users\Krauss\Desktop\JRT.txt
2014-04-21 18:13 - 2014-04-21 18:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-21 18:11 - 2014-04-21 18:13 - 01016261 _____ (Thisisu) C:\Users\Krauss\Downloads\JRT.exe
2014-04-21 18:09 - 2014-04-21 18:09 - 00000000 ____D () C:\Users\Krauss\Documents\Youcam
2014-04-21 18:08 - 2014-04-21 18:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-153937.txt
2014-04-21 18:05 - 2014-04-21 18:05 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7274593.txt
2014-04-21 17:50 - 2014-04-21 18:05 - 00000000 ____D () C:\AdwCleaner
2014-04-21 17:48 - 2014-04-21 17:49 - 01322687 _____ () C:\Users\Krauss\Downloads\AdwCleaner.exe
2014-04-21 17:48 - 2014-04-21 17:48 - 00001610 _____ () C:\Users\Krauss\Desktop\mbam.txt
2014-04-21 15:36 - 2014-04-21 18:08 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 15:36 - 2014-04-21 15:36 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 15:36 - 2014-04-21 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 15:36 - 2014-04-21 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-21 15:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-21 15:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-21 15:36 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-21 15:31 - 2014-04-21 15:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Krauss\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 15:26 - 2014-04-21 15:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-21 15:25 - 2014-04-21 15:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Krauss\Downloads\revosetup95.exe
2014-04-21 15:12 - 2014-04-21 15:12 - 00001348 _____ () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk
2014-04-21 15:12 - 2014-04-21 15:12 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\LolClient
2014-04-21 14:30 - 2014-04-21 14:30 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-21 14:30 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-04-21 14:30 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-04-21 14:30 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-04-21 14:30 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-04-21 14:30 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-04-21 13:52 - 2014-04-21 13:52 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-21 13:51 - 2014-04-21 14:30 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Riot Games
2014-04-21 13:48 - 2014-04-21 13:51 - 34888568 _____ (Riot Games) C:\Users\Krauss\Downloads\LeagueofLegends_EUW_Installer_06_12_13(2).exe
2014-04-21 12:44 - 2014-04-21 12:44 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Macromedia
2014-04-21 12:03 - 2014-04-21 18:33 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 12:03 - 2014-04-21 12:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-21 12:03 - 2014-04-21 12:03 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-21 12:01 - 2014-04-21 12:04 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Adobe
2014-04-21 11:54 - 2014-04-21 11:54 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Mozilla
2014-04-21 11:54 - 2014-04-21 11:54 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Mozilla
2014-04-21 11:53 - 2014-04-21 11:53 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 11:50 - 2014-04-21 11:50 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Macromedia
2014-04-21 01:01 - 2014-04-21 01:01 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6611421.txt
2014-04-21 01:01 - 2014-04-21 01:01 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6611296.txt
2014-04-21 00:25 - 2014-04-21 15:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3863069283-2814587192-1313183951-1001
2014-04-21 00:20 - 2014-04-21 00:20 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Power2Go8
2014-04-21 00:20 - 2014-04-21 00:20 - 00000000 ____D () C:\Users\Krauss\AppData\Local\CyberLink
2014-04-21 00:19 - 2014-04-21 00:19 - 00001446 _____ () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Adobe
2014-04-21 00:19 - 2012-08-11 06:24 - 00001217 _____ () C:\Users\Default\Desktop\ALDI Foto.lnk
2014-04-21 00:19 - 2012-08-11 06:22 - 00001275 _____ () C:\Users\Default\Desktop\Medion Services.lnk
2014-04-21 00:19 - 2012-08-05 14:12 - 00001809 _____ () C:\Users\Default\Desktop\ALDI Talk.lnk
2014-04-21 00:19 - 2012-08-05 14:11 - 00001153 _____ () C:\Users\Default\Desktop\ALDI Süd Reisen.lnk
2014-04-21 00:19 - 2012-08-05 14:11 - 00001025 _____ () C:\Users\Default\Desktop\ALDI Süd Startseite.lnk
2014-04-21 00:19 - 2012-08-05 14:10 - 00001895 _____ () C:\Users\Default\Desktop\ALDI Süd Blumen Service.lnk
2014-04-21 00:18 - 2014-04-21 00:19 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Packages
2014-04-21 00:18 - 2014-04-21 00:18 - 00000020 ___SH () C:\Users\Krauss\ntuser.ini
2014-04-21 00:18 - 2014-04-21 00:18 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Intel
2014-04-21 00:18 - 2014-04-21 00:18 - 00000000 ____D () C:\Users\Krauss\AppData\Local\VirtualStore
2014-04-21 00:17 - 2014-04-21 18:23 - 01157095 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 00:17 - 2014-04-21 00:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4001468.txt
2014-04-21 00:17 - 2014-04-21 00:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4000906.txt
2014-04-21 00:15 - 2014-04-21 00:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3903609.txt
2014-04-21 00:15 - 2014-04-21 00:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3903390.txt
2014-04-21 00:04 - 2014-04-21 00:35 - 00000000 ____D () C:\Windows.old
2014-04-21 00:03 - 2014-04-21 00:03 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-04-20 23:45 - 2014-04-20 23:45 - 00000000 ____D () C:\$WINDOWS.~BT
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-218984.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-218906.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-217812.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-211984.txt
2014-04-20 23:12 - 2014-04-21 18:05 - 00000000 ____D () C:\Users\Krauss
2014-04-20 23:12 - 2014-04-20 23:14 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-04-20 23:12 - 2014-04-20 23:14 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Vorlagen
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Startmenü
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Netzwerkumgebung
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Lokale Einstellungen
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Eigene Dateien
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Druckumgebung
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Documents\Eigene Musik
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Documents\Eigene Bilder
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Local\Verlauf
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Local\Anwendungsdaten
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Anwendungsdaten
2014-04-20 23:12 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-20 23:12 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-20 23:12 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-20 23:12 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-20 23:06 - 2014-04-20 23:06 - 00002306 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3863069283-2814587192-1313183951-500
2014-04-20 23:06 - 2014-04-20 23:06 - 00001139 _____ () C:\WINDOWS\system32\netcfg-107234.txt
2014-04-20 23:06 - 2014-04-20 23:06 - 00000109 _____ () C:\WINDOWS\system32\netcfg-80843.txt
2014-04-20 17:19 - 2014-04-21 00:29 - 00000000 ___HD () C:\$SysReset
2014-04-18 19:34 - 2014-04-21 18:34 - 00013884 _____ () C:\Users\Krauss\Downloads\FRST.txt
2014-04-18 19:34 - 2014-04-18 19:35 - 00026955 _____ () C:\Users\Krauss\Downloads\Addition.txt
2014-04-18 19:33 - 2014-04-21 18:34 - 00000000 ____D () C:\FRST
2014-04-18 19:30 - 2014-04-18 19:32 - 02158592 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64.exe
2014-04-18 19:29 - 2014-04-18 19:29 - 01146880 _____ (Farbar) C:\Users\Krauss\Downloads\FRST.exe

==================== One Month Modified Files and Folders =======

2014-04-21 18:35 - 2014-04-18 19:34 - 00013884 _____ () C:\Users\Krauss\Downloads\FRST.txt
2014-04-21 18:34 - 2014-04-18 19:33 - 00000000 ____D () C:\FRST
2014-04-21 18:33 - 2014-04-21 12:03 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 18:33 - 2014-04-21 00:17 - 01157095 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 18:31 - 2014-04-21 18:28 - 02163712 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64(1).exe
2014-04-21 18:22 - 2014-04-21 18:22 - 00000613 _____ () C:\Users\Krauss\Desktop\JRT.txt
2014-04-21 18:13 - 2014-04-21 18:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-21 18:13 - 2014-04-21 18:11 - 01016261 _____ (Thisisu) C:\Users\Krauss\Downloads\JRT.exe
2014-04-21 18:13 - 2012-09-21 16:58 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-21 18:13 - 2012-09-21 16:58 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-21 18:13 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-21 18:10 - 2012-09-22 06:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-21 18:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-04-21 18:09 - 2014-04-21 18:09 - 00000000 ____D () C:\Users\Krauss\Documents\Youcam
2014-04-21 18:08 - 2014-04-21 18:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-153937.txt
2014-04-21 18:08 - 2014-04-21 15:36 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 18:06 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-21 18:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-21 18:05 - 2014-04-21 18:05 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7274593.txt
2014-04-21 18:05 - 2014-04-21 17:50 - 00000000 ____D () C:\AdwCleaner
2014-04-21 18:05 - 2014-04-20 23:12 - 00000000 ____D () C:\Users\Krauss
2014-04-21 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-21 17:49 - 2014-04-21 17:48 - 01322687 _____ () C:\Users\Krauss\Downloads\AdwCleaner.exe
2014-04-21 17:48 - 2014-04-21 17:48 - 00001610 _____ () C:\Users\Krauss\Desktop\mbam.txt
2014-04-21 16:48 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-21 16:46 - 2012-07-26 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-21 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-04-21 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-04-21 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-21 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-04-21 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-21 16:46 - 2012-07-26 07:37 - 00000000 ____D () C:\WINDOWS\servicing
2014-04-21 16:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-04-21 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-04-21 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-04-21 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-04-21 16:45 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-04-21 16:45 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-04-21 16:45 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-04-21 16:45 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-04-21 16:45 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-04-21 16:43 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-04-21 16:43 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2014-04-21 16:40 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\en-GB
2014-04-21 16:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-04-21 16:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-04-21 16:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-04-21 16:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-04-21 16:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-21 16:38 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-04-21 16:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-04-21 16:37 - 2012-07-26 11:43 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2014-04-21 16:33 - 2012-09-21 16:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-04-21 16:20 - 2012-09-21 18:30 - 00000000 ___DC () C:\WINDOWS\Panther
2014-04-21 16:04 - 2012-09-21 17:30 - 00002046 _____ () C:\WINDOWS\PFRO.log
2014-04-21 16:03 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\addins
2014-04-21 15:59 - 2014-04-21 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3863069283-2814587192-1313183951-1001
2014-04-21 15:36 - 2014-04-21 15:36 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 15:36 - 2014-04-21 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 15:36 - 2014-04-21 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-21 15:34 - 2014-04-21 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Krauss\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 15:26 - 2014-04-21 15:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-21 15:26 - 2014-04-21 15:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Krauss\Downloads\revosetup95.exe
2014-04-21 15:12 - 2014-04-21 15:12 - 00001348 _____ () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk
2014-04-21 15:12 - 2014-04-21 15:12 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\LolClient
2014-04-21 14:30 - 2014-04-21 14:30 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-21 14:30 - 2014-04-21 13:51 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Riot Games
2014-04-21 13:52 - 2014-04-21 13:52 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-21 13:51 - 2014-04-21 13:48 - 34888568 _____ (Riot Games) C:\Users\Krauss\Downloads\LeagueofLegends_EUW_Installer_06_12_13(2).exe
2014-04-21 12:44 - 2014-04-21 12:44 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Macromedia
2014-04-21 12:06 - 2012-09-22 05:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-21 12:05 - 2012-09-22 05:24 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-04-21 12:04 - 2014-04-21 12:01 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Adobe
2014-04-21 12:03 - 2014-04-21 12:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-21 12:03 - 2014-04-21 12:03 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-21 12:03 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-04-21 11:54 - 2014-04-21 11:54 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Mozilla
2014-04-21 11:54 - 2014-04-21 11:54 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Mozilla
2014-04-21 11:53 - 2014-04-21 11:53 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 11:53 - 2014-04-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 11:50 - 2014-04-21 11:50 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Macromedia
2014-04-21 01:01 - 2014-04-21 01:01 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6611421.txt
2014-04-21 01:01 - 2014-04-21 01:01 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6611296.txt
2014-04-21 00:35 - 2014-04-21 00:04 - 00000000 ____D () C:\Windows.old
2014-04-21 00:29 - 2014-04-20 17:19 - 00000000 ___HD () C:\$SysReset
2014-04-21 00:27 - 2012-09-22 06:41 - 00625760 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-04-21 00:27 - 2012-09-22 06:41 - 00090208 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-04-21 00:27 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2014-04-21 00:27 - 2012-08-03 15:55 - 00050448 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2014-04-21 00:27 - 2012-08-02 15:09 - 00030304 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klim6.sys
2014-04-21 00:27 - 2012-07-25 14:53 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2014-04-21 00:27 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2014-04-21 00:27 - 2012-05-25 19:38 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2014-04-21 00:20 - 2014-04-21 00:20 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Power2Go8
2014-04-21 00:20 - 2014-04-21 00:20 - 00000000 ____D () C:\Users\Krauss\AppData\Local\CyberLink
2014-04-21 00:19 - 2014-04-21 00:19 - 00001446 _____ () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ___RD () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-04-21 00:19 - 2014-04-21 00:19 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Adobe
2014-04-21 00:19 - 2014-04-21 00:18 - 00000000 ____D () C:\Users\Krauss\AppData\Local\Packages
2014-04-21 00:19 - 2012-07-26 09:20 - 00000000 ____D () C:\WINDOWS\Setup
2014-04-21 00:18 - 2014-04-21 00:18 - 00000020 ___SH () C:\Users\Krauss\ntuser.ini
2014-04-21 00:18 - 2014-04-21 00:18 - 00000000 ____D () C:\Users\Krauss\AppData\Roaming\Intel
2014-04-21 00:18 - 2014-04-21 00:18 - 00000000 ____D () C:\Users\Krauss\AppData\Local\VirtualStore
2014-04-21 00:17 - 2014-04-21 00:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4001468.txt
2014-04-21 00:17 - 2014-04-21 00:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4000906.txt
2014-04-21 00:16 - 2014-04-21 00:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3903609.txt
2014-04-21 00:15 - 2014-04-21 00:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3903390.txt
2014-04-21 00:04 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-04-21 00:03 - 2014-04-21 00:03 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-04-20 23:45 - 2014-04-20 23:45 - 00000000 ____D () C:\$WINDOWS.~BT
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-20 23:15 - 2014-04-20 23:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-20 23:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-20 23:15 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-218984.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-218906.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-217812.txt
2014-04-20 23:14 - 2014-04-20 23:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-211984.txt
2014-04-20 23:14 - 2014-04-20 23:12 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-04-20 23:14 - 2014-04-20 23:12 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-04-20 23:14 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-20 23:14 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-04-20 23:14 - 2012-07-26 09:21 - 00021704 _____ () C:\WINDOWS\setupact.log
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Vorlagen
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Startmenü
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Netzwerkumgebung
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Lokale Einstellungen
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Eigene Dateien
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Druckumgebung
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Documents\Eigene Musik
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Documents\Eigene Bilder
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Local\Verlauf
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\AppData\Local\Anwendungsdaten
2014-04-20 23:12 - 2014-04-20 23:12 - 00000000 _SHDL () C:\Users\Krauss\Anwendungsdaten
2014-04-20 23:11 - 2012-09-22 05:49 - 00303464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-20 23:10 - 2012-07-26 10:13 - 00003608 _____ () C:\WINDOWS\DtcInstall.log
2014-04-20 23:06 - 2014-04-20 23:06 - 00002306 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3863069283-2814587192-1313183951-500
2014-04-20 23:06 - 2014-04-20 23:06 - 00001139 _____ () C:\WINDOWS\system32\netcfg-107234.txt
2014-04-20 23:06 - 2014-04-20 23:06 - 00000109 _____ () C:\WINDOWS\system32\netcfg-80843.txt
2014-04-18 19:35 - 2014-04-18 19:34 - 00026955 _____ () C:\Users\Krauss\Downloads\Addition.txt
2014-04-18 19:32 - 2014-04-18 19:30 - 02158592 _____ (Farbar) C:\Users\Krauss\Downloads\FRST64.exe
2014-04-18 19:29 - 2014-04-18 19:29 - 01146880 _____ (Farbar) C:\Users\Krauss\Downloads\FRST.exe
2014-04-03 09:51 - 2014-04-21 15:36 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 15:36 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 15:36 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Krauss\AppData\Local\Temp\Quarantine.exe
C:\Users\Krauss\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-09-21 17:30

==================== End Of Log ============================
--- --- ---

--- --- ---

Danke freue mich schon auf eine baldige Antwort
Gruß joni_k

Wundert mich jetzt aber der JRT-Bericht und der ADW-Cleaner Bericht wurden im selben Textfeld notiert

schrauber 22.04.2014 13:34

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19