Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   win 7 32bit, erst wurde antivir durch Gruppenrichtlinie blockiert, nun kein internetexplorer mehr, u.a. (https://www.trojaner-board.de/153926-win-7-32bit-erst-wurde-antivir-gruppenrichtlinie-blockiert-kein-internetexplorer-mehr-u-a.html)

saschapc 15.05.2014 21:50
win 7 32bit, erst wurde antivir durch Gruppenrichtlinie blockiert, nun kein internetexplorer mehr, u.a.
 
Hallo zusammen,
habe viel bei euch gestöbert und gegalubt alleine klar zu kommen. :wtf:
War wohl falsch!

Zunächst wollte mein Rechner nicht starten. Beim 2. Anlauf ging es dann doch. Dann fiel mir auf, dass mein avira antivirus - Schirmchen nicht mehr da ist, weder geschlossen noch geöffnet.
Der Versuch zu starten scheiterte mit dem Hinweis:
"Dieses Programm wurde durch eine Gruppenrichtlinie blockiert."

Nach meiner Recherche hier habe ich diverse Test´s durchlaufen lassen und bereits malware entfernen lassen.

Hier frst v. 14.05.14:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014
Ran by Administrator (administrator) on SASCHAPC on 14-05-2014 18:10:33
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files\StarMoney Business 5.0 S-Edition\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files\StarMoney Business 6.0 S-Edition\app\oflagent.exe [48272 2014-04-07] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKU\S-1-5-21-369773493-1676948059-1759234898-500\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-369773493-1676948059-1759234898-500\...\Run: [pldhlwl] => regsvr32.exe "
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x808E0927D23ACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26678455-1FAA-4120-B194-B52D2C51C858}: [NameServer]192.168.178.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Autodesk; C:\Program Files\Autodesk Network License Manager\lmgrd.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-11] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2010-01-17] (AVM Berlin)
R1 crlscsi; C:\Windows\system32\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-05-10] (Hewlett Packard)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-01-19] (RapidSolution Software AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-14 18:10 - 2014-05-14 18:11 - 00015502 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-05-14 18:10 - 2014-05-14 18:10 - 00000000 ____D () C:\FRST
2014-05-14 18:09 - 2014-05-14 18:09 - 01056256 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-05-14 18:07 - 2014-05-14 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-14 17:47 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:47 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 16:17 - 2014-05-14 16:31 - 00000000 ____D () C:\AdwCleaner
2014-05-14 16:17 - 2014-05-14 16:17 - 01325827 _____ () C:\Users\Administrator\Desktop\adwcleaner08.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-08 19:26 - 2014-05-08 19:28 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:20 - 2014-05-08 19:26 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-04-28 10:44 - 2014-05-14 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-16 14:22 - 2014-04-16 14:22 - 00144264 _____ () C:\Windows\Minidump\041614-22510-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-14 18:11 - 2014-05-14 18:10 - 00015502 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-05-14 18:10 - 2014-05-14 18:10 - 00000000 ____D () C:\FRST
2014-05-14 18:10 - 2010-01-16 00:09 - 01136528 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 18:09 - 2014-05-14 18:09 - 01056256 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-05-14 18:08 - 2012-01-11 20:09 - 00000326 _____ () C:\Windows\Tasks\STRATO Sync - Administrator.job
2014-05-14 18:07 - 2014-05-14 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-14 18:07 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 18:07 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 18:06 - 2011-11-11 13:34 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2014-05-14 18:06 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-05-14 18:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 18:03 - 2010-01-23 13:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 18:03 - 2010-01-16 15:59 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-05-14 18:01 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 18:00 - 2011-08-29 09:45 - 00064869 _____ () C:\Windows\setupact.log
2014-05-14 17:58 - 2014-04-28 10:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 17:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 17:54 - 2013-07-23 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:52 - 2010-01-16 00:25 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 17:40 - 2010-01-23 13:44 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 16:32 - 2011-09-15 10:34 - 00129914 _____ () C:\Windows\PFRO.log
2014-05-14 16:31 - 2014-05-14 16:17 - 00000000 ____D () C:\AdwCleaner
2014-05-14 16:17 - 2014-05-14 16:17 - 01325827 _____ () C:\Users\Administrator\Desktop\adwcleaner08.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-14 15:39 - 2011-11-11 13:34 - 00001045 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2014-05-14 15:39 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-13 14:04 - 2010-03-19 16:56 - 00523776 _____ () C:\Users\Administrator\Desktop\Kassenbuch.XLS
2014-05-12 18:13 - 2012-03-23 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-05-12 10:56 - 2010-01-17 21:13 - 00000000 ____D () C:\Users\Administrator\Documents\Geschäftlich
2014-05-11 19:59 - 2013-11-07 09:44 - 00000000 ____D () C:\Program Files\StarMoney Business 6.0 S-Edition
2014-05-09 11:04 - 2012-04-03 08:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-09 11:04 - 2011-05-16 12:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 09:06 - 2014-05-14 17:47 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:38 - 2010-01-16 00:44 - 00000400 _____ () C:\Windows\ODBC.INI
2014-05-08 19:37 - 2010-02-10 13:15 - 00024740 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft Excel.ADR
2014-05-08 19:28 - 2014-05-08 19:26 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:26 - 2014-05-08 19:20 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-05-06 23:53 - 2010-02-10 13:52 - 00000000 ____D () C:\GreenGaLaXL
2014-05-01 20:34 - 2012-01-31 21:36 - 00000000 ____D () C:\Users\Administrator\Desktop\Lauraaaaaaaaa
2014-05-01 20:34 - 2010-06-16 16:18 - 00000000 ____D () C:\Users\Administrator\Documents\laura
2014-04-27 17:21 - 2011-06-14 09:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Congstar
2014-04-23 14:39 - 2010-01-18 11:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-16 14:22 - 2014-04-16 14:22 - 00144264 _____ () C:\Windows\Minidump\041614-22510-01.dmp
2014-04-16 14:22 - 2013-09-24 15:37 - 351400234 _____ () C:\Windows\MEMORY.DMP
2014-04-16 14:22 - 2010-01-16 21:48 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 18:27 - 2010-01-19 12:02 - 00000546 _____ () C:\Windows\WT61DE.UWL
2014-04-15 16:59 - 2010-01-16 00:24 - 01635338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 16:52 - 2011-12-15 10:33 - 00045194 _____ () C:\Windows\IE9_main.log

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\temp\dis.dll
C:\Users\Administrator\AppData\Local\temp\DownloadManager.exe
C:\Users\Administrator\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwoczgn.dll
C:\Users\Administrator\AppData\Local\temp\HitmanPro.exe
C:\Users\Administrator\AppData\Local\temp\Mobogenie_Setup_INT.exe
C:\Users\Administrator\AppData\Local\temp\qlky4pwn.dll
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\temp\RegClean10.exe
C:\Users\Administrator\AppData\Local\temp\Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 17:47] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 13:23

==================== End Of Log ============================
--- --- ---
und mbam v. 14.05.14:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.05.2014
Suchlauf-Zeit: 18:40:18
Logdatei: mbam suchlauf v. 14.05.14.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.14.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256014
Verstrichene Zeit: 22 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 6
PUP.Optional.Smart, C:\$RECYCLE.BIN\S-1-5-21-369773493-1676948059-1759234898-500\$RFLI5ZU.zip, In Quarantäne, [aaa5ff522a51f93d5d5f54b327da17e9],
PUP.Optional.RegCleanerPro, C:\Users\Administrator\AppData\Local\temp\RegClean10.exe, In Quarantäne, [99b672dfa4d710264ee274969968e41c],
Trojan.Ransom.ED, C:\Users\Administrator\AppData\Local\temp\dis.dll, In Quarantäne, [d976213024576ec8c52b2a50c63bad53],
PUP.Optional.Smart, C:\Users\Administrator\AppData\Local\temp\DownloadManager.exe, In Quarantäne, [75dab69baad132047b4174936e930ff1],
PUP.Optional.NextLive.A, C:\Users\Administrator\AppData\Local\temp\Mobogenie_Setup_INT.exe, In Quarantäne, [92bd77dadba07cba9c3473e0c8399e62],
PUP.Optional.Smart, C:\Users\Administrator\AppData\Local\temp\Temp1_Evasion_setup.zip\Evasion7_setup.exe, In Quarantäne, [d778a3aea4d7d363ead2d037e31ecd33],

Physische Sektoren: 0
(No malicious items detected)


(end)

Über Nacht lief eset (ca. 14 Stunden):
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PPB5BV3\pricepeep_190001_0102[1].exe Variante von Win32/AdWare.PricePeep.A Anwendung
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7Q3X3RL\8nk0ej9ken[1].htm JS/Exploit.Agent.NGQ Trojaner
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\357456aa-2cc55623 Mehrere Bedrohungen
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\14e34dad-63e91ea3 Mehrere Bedrohungen
J:\SASCHAPC\Backup Set 2014-04-13 190001\Backup Files 2014-04-13 190001\Backup files 78.zip Mehrere Bedrohungen

Danach nochmals mbam v. 15.05.14:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.05.2014
Suchlauf-Zeit: 13:48:08
Logdatei: mbam suchlauf v. 15.05.14.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.15.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 252950
Verstrichene Zeit: 11 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Anschließend hatte ich keinen Internet-Explorer mehr.
"Das Element "iexplore.exe", auf das sich eine Verknüpfung bezieht, wurde verändert oder verschoben."

Eine Neu-Installation scheiterte.
Ich bitte um Hilfe!

Sascha

schrauber 16.05.2014 14:04
hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

saschapc 16.05.2014 16:46
Hallo Schrauber,

herzlichen Dank, dass Du Dich meinem Problem annimmst.
Eines vorweg:
Internet-Explorer habe ich wieder installieren können, nach dem ich "alte Reste" aus den Windows-Updates gelöscht habe. Dieses Probl. ist somit erledigt!

Avira Antivirus Premium ist leider noch immer nicht zu erkennen und / oder zu starten. Wird immer noch durch "Gruppenrichtlinie" blockiert.

Außerdem nach dem Hochfahren des PC´s (ich vergaß es beim ersten Post mitzuteilen) bekomme ich ein Popup von RegSvr32. "Fehler beim Laden des Moduls "". "
Was auch immer Modul "" ist!?

Hier nun also die Reporte (ich hoffe das ist mit den codetags so richtig):

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Administrator at 2014-05-16 16:33:35 Run:1
Running from C:\Users\Administrator\Desktop\virenprogramme
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
und

Code:
ComboFix 14-05-16.01 - Administrator 16.05.2014  16:41:12.2.1 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3071.2106 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-16 bis 2014-05-16  ))))))))))))))))))))))))))))))
.
.
2014-05-16 14:55 . 2014-05-16 14:56        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2014-05-16 14:55 . 2014-05-16 14:55        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-05-16 14:55 . 2014-05-16 14:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-16 14:11 . 2014-05-16 14:11        --------        d-sh--w-        c:\users\Administrator\AppData\Local\EmieUserList
2014-05-16 14:11 . 2014-05-16 14:11        --------        d-sh--w-        c:\users\Administrator\AppData\Local\EmieSiteList
2014-05-16 11:32 . 2014-05-16 11:32        --------        d-----w-        c:\windows\system32\wbem\en-US
2014-05-15 18:34 . 2014-05-15 18:34        --------        d-----w-        c:\program files\DLLSuite
2014-05-15 18:26 . 2014-05-15 18:26        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Solvusoft
2014-05-15 18:26 . 2014-05-15 18:26        --------        d-----w-        c:\program files\WinThruster
2014-05-15 17:58 . 2014-05-15 17:58        --------        d-----w-        c:\users\Administrator\AppData\Roaming\ParetoLogic
2014-05-15 17:58 . 2014-05-15 17:58        --------        d-----w-        c:\users\Administrator\AppData\Roaming\DriverCure
2014-05-15 17:58 . 2014-05-15 17:58        --------        d-----w-        c:\program files\Common Files\ParetoLogic
2014-05-15 17:58 . 2014-05-15 17:58        --------        d-----w-        c:\programdata\ParetoLogic
2014-05-15 17:58 . 2014-05-15 17:58        --------        d-----w-        c:\program files\ParetoLogic
2014-05-14 19:28 . 2014-05-14 19:28        --------        d-----w-        c:\program files\ESET
2014-05-14 16:17 . 2014-05-16 14:23        107736        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 16:16 . 2014-05-14 16:16        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2014-05-14 16:16 . 2014-04-03 07:51        51416        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-05-14 16:16 . 2014-04-03 07:51        73432        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-05-14 16:16 . 2014-04-03 07:50        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-14 16:10 . 2014-05-16 14:33        --------        d-----w-        C:\FRST
2014-05-14 14:18 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\system32\sqlite3.dll
2014-05-14 14:17 . 2014-05-15 10:11        --------        d-----w-        C:\AdwCleaner
2014-05-14 13:39 . 2014-05-14 13:39        --------        d-----w-        c:\users\Administrator\AppData\Roaming\DropboxMaster
2014-05-13 15:45 . 2014-04-17 03:32        8050496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CB54442-A3A2-4708-997C-3AE32C667F71}\mpengine.dll
2014-04-28 08:44 . 2014-05-14 15:58        --------        d-s---w-        c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 09:04 . 2012-04-03 06:33        692400        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-05-09 09:04 . 2011-05-16 10:11        70832        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2010-01-15 22:23        231584        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SMB50StarMoneyRunEntry"="c:\program files\StarMoney Business 5.0 S-Edition\app\oflagent.exe" [2014-02-21 56976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SMB60StarMoneyRunEntry"="c:\program files\StarMoney Business 6.0 S-Edition\app\oflagent.exe" [2014-04-07 48272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-09-28 15:06        642728        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2014-03-04 896592]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-20 1017424]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
R2 Autodesk;Autodesk;c:\program files\Autodesk Network License Manager\lmgrd.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-05-10 20504]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-16 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S1 crlscsi;crlscsi; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 291840]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-20 440400]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-27 145920]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]
S2 StarMoney Business 6.0 OnlineUpdate;StarMoney Business 6.0 OnlineUpdate;c:\program files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2014-01-27 663184]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-11-11 101248]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-01-17 101248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 11:44]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 11:44]
.
2014-05-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]
.
2014-05-15 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2014-05-15 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{26678455-1FAA-4120-B194-B52D2C51C858}: NameServer = 192.168.178.1
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-pldhlwl - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
  ef,6a,98,42,07,aa,33,c9,b5,2f,92,16,16
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
  08,9d,bc,ef,0b,b0,9e,a5,0b,8a,6a,fe,d6
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,24,
  80,32,18,d3,03,9b,c4,0e,38,70,4c,20,d3
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:c0,d0,ad,18,14,00,cf,01
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,dc,c9,f7,ab,24,00,41,8d,26,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,dc,c9,f7,ab,24,00,41,8d,26,cc,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,25,29,53,bb,f1,8f,4a,91,60,92,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,6d,d7,73,32,71,a3,4c,a2,d9,b5,\
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.A1wish\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.A1wish"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aplg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.aplg"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aplp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.aplp"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dbf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="dbf_auto_file"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.ico.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.pls"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.png.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RTstn\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.RTstn"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RTwsh\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RapidSolution.Audials.RTwsh"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sch\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SchedulePlus.Application.7"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.tif.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.wdp.14.0"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-369773493-1676948059-1759234898-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-16  17:04:51
ComboFix-quarantined-files.txt  2014-05-16 15:04
.
Vor Suchlauf: 24 Verzeichnis(se), 317.398.089.728 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 317.739.700.224 Bytes frei
.
- - End Of File - - 0A82E66853F07BECE0874A8614E07F9C
A36C5E4F47E84449FF07ED3517B43A31
Vielen Dank für Deine Bemühungen.

Sascha

!!! NACHTRAG !!!

Hallo Schrauber,

Also nach dem Neustart gab es kein Gemecker.
Die vorhin beschriebene Meldung von RegSvr32 bezüglich Modul "" kam auch nicht mehr!
Und...
mein Avira-Schirm ist auch wieder in der Taskleiste, jedoch geschlossen.
Wenn ich mit dem Mauszeiger drüberfahre sagt es
- Echtzeit-Scanner: aktiv
- Email-Schutz: gestoppt
- Browser-Schutz: aktiv
- Letztes Update: 16.05.2014

Möglicherweise ist der Email-Schutz ja nur wegen eines Konfliktes mit Malwarebytes gestoppt?!

DANKE. Sieht jedenfalls schon mal deutlich besser aus!

Sascha

schrauber 17.05.2014 14:35
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

saschapc 18.05.2014 21:29
Hallo Schrauber,

vielen Dank.
Beim Junkware Removal Tool bin ich unsicher. Dein Link führte zum Download des WinZip Malware Protectors. Dieser fand 83 "Bedrohungen"! Zum Bereinigen hätte man die Vollversion kaufen müssen. Eine jrt wurde nicht automatisch erzeugt und geöffnet. Ich habe das entstandene Protokoll trotzdem jrt.txt genannt.
Ist das so richtig gewesen, oder war es nun das falsche Programm?

Hier nun die Auswertungen in der von Dir angeforderten und durchgeführten Reihenfolge:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.05.2014
Suchlauf-Zeit: 19:48:31
Logdatei: mbam suchlauf v. 18.05.14.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.18.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 254359
Verstrichene Zeit: 12 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:
# AdwCleaner v3.209 - Bericht erstellt am 18/05/2014 um 20:35:27
# Aktualisiert 18/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Administrator - SASCHAPC
# Gestartet von : C:\Users\Administrator\Desktop\adwcleaner_3.209.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Datei Gelöscht : C:\Windows\Tasks\paretologic update version3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor Defrag.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor Defrag
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC610A56-D426-41FC-8048-5D65BCDF97C2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC610A56-D426-41FC-8048-5D65BCDF97C2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3639F43A-D845-4A7B-AA1F-46491E74FF8E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3639F43A-D845-4A7B-AA1F-46491E74FF8E}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38A31410-9935-487E-9A29-669EA947B3A7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38A31410-9935-487E-9A29-669EA947B3A7}
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Solvusoft
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\Solvusoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3196 octets] - [14/05/2014 16:17:39]
AdwCleaner[R1].txt - [939 octets] - [15/05/2014 12:10:15]
AdwCleaner[R2].txt - [3263 octets] - [18/05/2014 19:53:36]
AdwCleaner[S0].txt - [3257 octets] - [14/05/2014 16:30:55]
AdwCleaner[S1].txt - [999 octets] - [15/05/2014 12:11:06]
AdwCleaner[S2].txt - [3072 octets] - [18/05/2014 20:35:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3132 octets] ##########

Hier nun das besagte Protokoll von WinZip Malware Protector:
Code:
Nico Mak Computing
WinZip Malware Protector
 
Datum der Überprüfung Sonntag, 18. Mai 2014
Datenbankversion 1800
Gefundene Elemente insgesamt 83
Überprüfte Objekte: 354458
Abgelaufene Zeit: 00:39:46
Name Gefundene Elemente

Name der Infektion trojan-backdoor.bifrose
Kategorie Backdoor
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\wget
 
 
 

Name der Infektion roguesecurityprogram.winantivirus-pro-2006
Kategorie Rogue Antispyware Program
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 6
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 *\shellex\contextmenuhandlers\shellextension
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 directory\shellex\contextmenuhandlers\shellextension
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 drive\shellex\contextmenuhandlers\shellextension
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\*\shellex\contextmenuhandlers\shellextension
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\directory\shellex\contextmenuhandlers\shellextension
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\drive\shellex\contextmenuhandlers\shellextension
 
 
 

Name der Infektion roguesecurityprogram.pro-antispyware-2009
Kategorie Rogue Antispyware Program
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\windows\currentversion\drivers\video
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\windows\currentversion\drivers\video\options
 
 
 

Name der Infektion roguesecurityprogram.ms-antispyware-2009
Kategorie Rogue Antispyware Program
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\windows\currentversion\drivers
 
 
 

Name der Infektion trojan-spy.banker
Kategorie Trojan Spy
Bedrohungsstufe Elevated
Durchgeführte Aktion NoActionTaken
Elemente gefunden 10
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 type
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 errorcontrol
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 start
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 imagepath
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 group
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 0
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 count
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 nextinstance
 
 

Name der Infektion malware.gen
Kategorie Generic Malware 
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\administrator\appdata\local\adobe\acrobat\10.0\cache\rdlang_search.deu
MD5 0
Signatur 17654218230491659401
Md5hash:  3a7a56f8f8588a3e70d2dc0e972ce074
 
 

Name der Infektion trojan.agent
Kategorie Trojan
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\administrator\desktop\virenprogramme\frst.exe
MD5 0
Signatur 8584407906768142050
Md5hash:  7a37458541aee4f97e1cffe77842876c
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\administrator\desktop\virenprogramme\frst-olderversion\frst.exe
MD5 0
Signatur 8584407906768142050
Md5hash:  135bc31f27bbbfd378f685748930934e
 
 

Name der Infektion malware.generic
Kategorie Generic Malware 
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich FileSystem
Details
Dateiname c:\windows\system32\drivers\crlscsi.sys
MD5 0
Signatur 8337524264802903750
Md5hash:  e08ac114b931dacafbdd9d5e0b93815c
 
 

Name der Infektion worm-email.generic
Kategorie Email-Worm 
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\.csb
 
 
 

Name der Infektion adware.xmlmimefilter
Kategorie Adware
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 5
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 xmlmimefilter.xmlmimefilterpp.1\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 xmlmimefilter.xmlmimefilterpp.1
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 xmlmimefilter.xmlmimefilterpp\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 xmlmimefilter.xmlmimefilterpp\curver
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 xmlmimefilter.xmlmimefilterpp
 
 
 

Name der Infektion monitoring.employees-pc-monitor
Kategorie Monitoring Tool
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_users
 s-1-5-18\software\microsoft\windows\currentversion\policies\system
 
 
 

Name der Infektion cookie.tracking-cookie
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 25
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@ad.yieldmanager[1].txt
MD5 06b12a56245def20736ce93cc92ec898
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@ad.yieldmanager[2].txt
MD5 410716af3bac782f739d21a7089dd900
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@ad.yieldmanager[3].txt
MD5 7b830a21c8f1ec12c1bc8e3eb7acce01
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@ad.yieldmanager[4].txt
MD5 a0c007411828eedacffd426729f00376
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@ad.yieldmanager[6].txt
MD5 27c801cf698eb325f3dbd967b92dde1c
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[1].txt
MD5 d362d1f95a4f0f5a971f7d7e98566e52
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[2].txt
MD5 e6f065552315a04bfaf1995a1357abe1
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[3].txt
MD5 e47fc3513b1ff7a8cb747d98a5b3910e
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[4].txt
MD5 6b790080b8a0f890fe2dbab74603eed3
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[5].txt
MD5 a44a1ce191d5f4cb4e68f7a5c4b26040
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[6].txt
MD5 1112f1f632e46a855e2eaa8ee5bb50a8
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@apmebf[7].txt
MD5 6ab12b009de82ea6d903a6b4bdf2760c
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@atwola[1].txt
MD5 b893a7e7496f9553b0b04284d3a25bfe
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@revsci[1].txt
MD5 1535d234c03c6f9aabb98340b1358eee
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@revsci[2].txt
MD5 d95885e9e72b271e3022f4657da1d028
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@serving-sys[1].txt
MD5 28d930e0aef024876833bc22a81a988d
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@serving-sys[2].txt
MD5 b5992eceedbe12f247b2ec389fc1ca9d
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[1].txt
MD5 6c34962a120f006411f3791a772a07ad
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[2].txt
MD5 441b3c4d30bac6d4069d3b1f134f0e55
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[3].txt
MD5 0d75e2aa8360d94b7a06f4ab2ab1b347
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[4].txt
MD5 673abb087b969575c4092693139e33f1
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[5].txt
MD5 7de2635f4767295bbc711d38b01435af
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[6].txt
MD5 f0249b95de025068cf1299468bc072fb
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tradedoubler[7].txt
MD5 182562d780475ea6fc3b6843123bb694
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@zedo[1].txt
MD5 ef34a3c6bb96b83db8d524901146c597
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.adviva
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@adviva[1].txt
MD5 1d1df2f459e69df00fde98b1068b7a08
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@adviva[2].txt
MD5 8d4c7db87bbe85ec7d7e97ddb09a0a43
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.bs.serving-sys
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 3
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@bs.serving-sys[1].txt
MD5 9ab3303c4acc20b97101d4af2e7068b6
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@bs.serving-sys[2].txt
MD5 4b966a1ddc092cf29516ca468cb5d08b
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@bs.serving-sys[3].txt
MD5 44df334d01fcff7f41235cfa691dac86
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.doubleclick
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 11
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[10].txt
MD5 891ecb0ff7bf712e692a8a9ebc1a788e
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[11].txt
MD5 18ab73ed7d4657d10965733303e652c1
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[1].txt
MD5 0f352b560632f5bb2f0be58fb3236ab5
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[2].txt
MD5 cc71030bdbf49f7905e021a70147b1bc
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[3].txt
MD5 f727922314a07a80a66addea463d1408
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[4].txt
MD5 a142dbe947e01ec4d6c192a1ab37bbea
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[5].txt
MD5 7e053897532703e8306a48333ed2171d
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[6].txt
MD5 88e45ac1865db414c17895e02490009c
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[7].txt
MD5 bbb295304e61f78c02cfad69a7d5d395
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[8].txt
MD5 5042e153cbf16ca77ef098921f5baad9
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@doubleclick[9].txt
MD5 6cfff942fe5b882ee2ce36aff154b9d6
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.fastclick.com
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@fastclick[1].txt
MD5 64ea4e0cb23422b15a3cc30572bf65bb
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@fastclick[2].txt
MD5 6e0db65b600fdbf57d20884a99676ed1
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.mediaplex.com
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 6
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[1].txt
MD5 1d443ad2b3c606de3636a04a71c7e941
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[2].txt
MD5 a35e14c7f12728fbc9f926ac44ba21ff
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[3].txt
MD5 52a33d547fa1fe90ce92978ff134ddeb
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[4].txt
MD5 719ca6bafb4a8740bdb7f37e58998479
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[5].txt
MD5 c6b8d2042dde73a78a2fd3f4da99d46c
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@mediaplex[7].txt
MD5 3524224c61b811c7dbc91b3d1b591891
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.statcounter
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@statcounter[1].txt
MD5 90a744cca54f49fc40a9f208434c4db3
Signatur 
Md5hash: 
 

Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@statcounter[2].txt
MD5 33f02d37fd81facb0d4d5cf91c87ea20
Signatur 
Md5hash: 
 
 

Name der Infektion cookie.tribalfusion.com
Kategorie Tracking Cookies
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Cookies
Details
Dateiname c:\users\administrator\appdata\roaming\microsoft\windows\cookies\administrator@tribalfusion[1].txt
MD5 a17e56063f32527c884c939af3e99148
Signatur 
Md5hash: 
 
 
© 2013 WinZip International LLC. All rights reserved.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Administrator (administrator) on SASCHAPC on 18-05-2014 22:11:01
Running from C:\Users\Administrator\Desktop\virenprogramme
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files\StarMoney Business 5.0 S-Edition\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files\StarMoney Business 6.0 S-Edition\app\oflagent.exe [48272 2014-04-07] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x808E0927D23ACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26678455-1FAA-4120-B194-B52D2C51C858}: [NameServer]192.168.178.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Autodesk; C:\Program Files\Autodesk Network License Manager\lmgrd.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-11] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2010-01-17] (AVM Berlin)
R1 crlscsi; C:\Windows\system32\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-05-10] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-01-19] (RapidSolution Software AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 21:14 - 2014-05-18 21:14 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-05-18 21:14 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-05-18 19:53 - 2014-05-18 19:53 - 01328723 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.209.exe
2014-05-18 19:33 - 2014-05-18 19:33 - 04892480 _____ (WinZip International LLC ) C:\Users\Administrator\Desktop\wzmp_8.exe
2014-05-17 13:59 - 2014-05-17 13:59 - 01657256 _____ () C:\Users\Administrator\Desktop\avira_support_collector_de.exe
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:38 - 2014-05-16 17:05 - 00000000 ____D () C:\Qoobox
2014-05-16 16:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 16:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 16:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 16:34 - 2014-05-16 16:34 - 05200990 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:24 - 2014-05-16 13:24 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:31 - 2014-05-15 20:33 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-15 19:56 - 2014-05-15 19:57 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-15 14:22 - 2014-05-15 14:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\IE11-Windows6.1.exe
2014-05-14 21:28 - 2014-05-14 21:28 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 18:17 - 2014-05-18 21:12 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 18:16 - 2014-05-14 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-05-14 18:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 18:16 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 18:16 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 18:15 - 2014-05-18 22:11 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-14 18:10 - 2014-05-18 22:11 - 00000000 ____D () C:\FRST
2014-05-14 17:47 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:47 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 16:17 - 2014-05-18 20:35 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-08 19:26 - 2014-05-08 19:28 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:20 - 2014-05-08 19:26 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-04-28 10:44 - 2014-05-14 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-18 22:11 - 2014-05-14 18:15 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-18 22:11 - 2014-05-14 18:10 - 00000000 ____D () C:\FRST
2014-05-18 21:40 - 2010-01-23 13:44 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 21:14 - 2014-05-18 21:14 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-05-18 21:12 - 2014-05-14 18:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 21:04 - 2011-11-11 13:34 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2014-05-18 21:04 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-05-18 21:04 - 2010-01-23 13:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 20:46 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 20:46 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 20:43 - 2010-01-16 00:09 - 01410812 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 20:37 - 2011-08-29 09:45 - 00001589 _____ () C:\Windows\setupact.log
2014-05-18 20:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 20:36 - 2011-09-15 10:34 - 00132824 _____ () C:\Windows\PFRO.log
2014-05-18 20:35 - 2014-05-14 16:17 - 00000000 ____D () C:\AdwCleaner
2014-05-18 19:53 - 2014-05-18 19:53 - 01328723 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.209.exe
2014-05-18 19:33 - 2014-05-18 19:33 - 04892480 _____ (WinZip International LLC ) C:\Users\Administrator\Desktop\wzmp_8.exe
2014-05-17 13:59 - 2014-05-17 13:59 - 01657256 _____ () C:\Users\Administrator\Desktop\avira_support_collector_de.exe
2014-05-16 17:05 - 2014-05-16 16:38 - 00000000 ____D () C:\Qoobox
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 16:37 - 2012-03-15 22:28 - 00000000 ____D () C:\Windows\ERDNT
2014-05-16 16:34 - 2014-05-16 16:34 - 05200990 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 14:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:32 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-05-16 13:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-16 13:31 - 2013-11-18 10:39 - 00030565 _____ () C:\Windows\IE11_main.log
2014-05-16 13:24 - 2014-05-16 13:24 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-16 09:07 - 2010-01-18 14:42 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-05-16 09:07 - 2010-01-18 14:42 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-16 09:04 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:53 - 2010-01-17 17:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 21:55 - 2010-01-17 23:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:33 - 2014-05-15 20:31 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-15 19:57 - 2014-05-15 19:56 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-15 14:22 - 2014-05-15 14:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\IE11-Windows6.1.exe
2014-05-15 13:20 - 2013-03-14 15:13 - 00117968 _____ () C:\Windows\IE10_main.log
2014-05-15 12:39 - 2011-06-17 09:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 12:18 - 2010-01-16 00:04 - 00000000 ____D () C:\Windows\Panther
2014-05-15 12:02 - 2010-01-16 21:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-14 21:28 - 2014-05-14 21:28 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 18:17 - 2014-05-14 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-05-14 18:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2012-03-15 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 18:03 - 2010-01-16 15:59 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-05-14 17:58 - 2014-04-28 10:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 17:54 - 2013-07-23 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:52 - 2010-01-16 00:25 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-14 15:39 - 2011-11-11 13:34 - 00001045 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2014-05-14 15:39 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-13 14:04 - 2010-03-19 16:56 - 00523776 _____ () C:\Users\Administrator\Desktop\Kassenbuch.XLS
2014-05-12 18:13 - 2012-03-23 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-05-12 10:56 - 2010-01-17 21:13 - 00000000 ____D () C:\Users\Administrator\Documents\Geschäftlich
2014-05-11 19:59 - 2013-11-07 09:44 - 00000000 ____D () C:\Program Files\StarMoney Business 6.0 S-Edition
2014-05-09 11:04 - 2012-04-03 08:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-09 11:04 - 2011-05-16 12:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 09:06 - 2014-05-14 17:47 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:38 - 2010-01-16 00:44 - 00000400 _____ () C:\Windows\ODBC.INI
2014-05-08 19:37 - 2010-02-10 13:15 - 00024740 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft Excel.ADR
2014-05-08 19:28 - 2014-05-08 19:26 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:26 - 2014-05-08 19:20 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-05-06 23:53 - 2010-02-10 13:52 - 00000000 ____D () C:\GreenGaLaXL
2014-05-01 20:34 - 2012-01-31 21:36 - 00000000 ____D () C:\Users\Administrator\Desktop\Lauraaaaaaaaa
2014-05-01 20:34 - 2010-06-16 16:18 - 00000000 ____D () C:\Users\Administrator\Documents\laura
2014-04-27 17:21 - 2011-06-14 09:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Congstar
2014-04-23 14:39 - 2010-01-18 11:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdwxgi4.dll
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 17:47] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 13:23

==================== End Of Log ============================
--- --- ---


Ich bin gespannt.
Nochmals DANKE.
Gruss

Sascha

schrauber 19.05.2014 18:15

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

saschapc 21.05.2014 13:43
Hallo Schrauber,

Zitat:
Noch Probleme?
Äähhm... ich denke ja.
Mir scheint alles unverändert.
Der PC rödelt wie doll beim Hochfahren, das Lüftergeräusch hört sich an als würde er gleich abheben wollen. Es dauert ungewöhnlich lange bis sämtliche Hintergrundprozesse geladen sind (welche auch immer?).

Und der Hauptgrund, mein Avira Antivir-Premium arbeitet noch immer nicht "normal".
D.h. das kleine Schirm-Symbol in der Taskleiste ist geschlossen.
Wenn ich mit der Maus drüberfahre sagt es
- Echtzeit-Scanner: aktiv
- Email-Schutz: gestoppt
- Browser-Schutz: gestoppt
- Letztes Update: 21.05.2014

OK, es wird nicht mehr durch irgendeine "Gruppenrichtlinie" blockiert. Ich kann es starten und dann den Schalter "Browser-Schutz" aktivieren. Das sollte aber doch eigentlich standartmäßig immer an sein?!
Den "Email-Schutz" kann ich nicht starten, reagiert nicht.

Ist das möglicherweise nur eine Kollision mit einem der zig anderen Viren-Programme welche ich in den vergangenen Tagen installiert habe? Ggf. mit Malwarebytes?

Aber grundsätzlich müsste ja schließlich auch noch etwas unerwünschtes auf dem Rechner sein, oder? Eset fand ja immerhin mehrere Bedrohungen welche wir nicht entfernten.

Alleine während ich hier tippe rödelt und heult mein PC.

Hier nun die log´s:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba2463a21c337c4d917d22ff8cbf7ab7
# engine=18264
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-15 09:27:08
# local_time=2014-05-15 11:27:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 62858 151777219 0 0
# scanned=327407
# found=5
# cleaned=0
# scan_time=50070
sh=3EEA881ECEC53D9E1EBC2BB6845EF21880613CE5 ft=1 fh=1c4abd2356c6fdc4 vn="Variante von Win32/AdWare.PricePeep.A Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PPB5BV3\pricepeep_190001_0102[1].exe"
sh=5AC1EECAEC2BB431E3546F555702059955E46FDA ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NGQ Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7Q3X3RL\8nk0ej9ken[1].htm"
sh=47A2020996F0EFB5AC004CB90836E6EC1E0F443E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\357456aa-2cc55623"
sh=47A2020996F0EFB5AC004CB90836E6EC1E0F443E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\14e34dad-63e91ea3"
sh=30E47E3480F4A4EE0245D453FE62DC19CD31EBFD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="J:\SASCHAPC\Backup Set 2014-04-13 190001\Backup Files 2014-04-13 190001\Backup files 78.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba2463a21c337c4d917d22ff8cbf7ab7
# engine=18345
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-21 10:20:53
# local_time=2014-05-21 12:20:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 181781 152298844 0 0
# scanned=319721
# found=12
# cleaned=0
# scan_time=40399
sh=EDBC0CB424493F3E897925E2075801FA7CB5D4BB ft=1 fh=654070895c8ba4d6 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\DaemonProcess.exe.vir"
sh=6604ADA3DC713685EE37809E61539AFB31D8D458 ft=1 fh=f6ab035aa658afbe vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\Mobogenie.exe.vir"
sh=0BDD61A5E01CC0838CD12466345F52BB718FB96F ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir"
sh=E48B5A66F65A96EB6FA72DAB190C51A9AB4D5BC5 ft=1 fh=49a971515b9afc61 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\UpdateMoboGenie.exe.vir"
sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=47A2020996F0EFB5AC004CB90836E6EC1E0F443E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\357456aa-2cc55623.vir"
sh=47A2020996F0EFB5AC004CB90836E6EC1E0F443E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\14e34dad-63e91ea3.vir"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Desktop\virenprogramme\wzmp_8.exe"
sh=30E47E3480F4A4EE0245D453FE62DC19CD31EBFD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="J:\SASCHAPC\Backup Set 2014-04-13 190001\Backup Files 2014-04-13 190001\Backup files 78.zip"
sh=580034054118F9D7939C1AE103EA2B57AFA6C7AA ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="J:\SASCHAPC\Backup Set 2014-04-13 190001\Backup Files 2014-05-18 190001\Backup files 1.zip"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 22.0.1229.95 
 Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 WinZip Malware Protector WinZipMalwareProtector.exe 
 windows defender MpCmdRun.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Administrator (administrator) on SASCHAPC on 21-05-2014 13:51:32
Running from C:\Users\Administrator\Desktop\virenprogramme\FRST-OlderVersion
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files\StarMoney Business 5.0 S-Edition\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files\StarMoney Business 6.0 S-Edition\app\oflagent.exe [48272 2014-04-07] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x808E0927D23ACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26678455-1FAA-4120-B194-B52D2C51C858}: [NameServer]192.168.178.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Autodesk; C:\Program Files\Autodesk Network License Manager\lmgrd.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-11] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2010-01-17] (AVM Berlin)
R1 crlscsi; C:\Windows\system32\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-05-10] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-01-19] (RapidSolution Software AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 13:44 - 2014-05-21 13:44 - 00854367 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-05-21 01:05 - 2014-05-21 01:05 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-05-21 00:19 - 2014-05-21 00:19 - 00000687 _____ () C:\Users\Public\Desktop\Ontrack EasyRecovery Home.lnk
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\licman
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\ERHome
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ontrack EasyRecovery Home
2014-05-20 15:25 - 2014-05-20 15:13 - 634355712 _____ () C:\Users\Administrator\Desktop\rescue-system.iso
2014-05-19 20:25 - 2014-05-19 20:25 - 01339947 _____ () C:\Users\Administrator\Desktop\AVSUPINF.ZIP
2014-05-19 20:16 - 2014-05-19 20:16 - 00535818 _____ () C:\Users\Administrator\Desktop\Support Collector - Alternativ.zip
2014-05-19 11:35 - 2014-05-19 11:35 - 00001666 _____ () C:\Users\Administrator\Desktop\Musterbrief_Rückforderung_Bearbeitungsentgelten_bei_Verbraucherdarlehen.txt
2014-05-19 09:49 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 09:49 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 09:49 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 09:48 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-18 21:14 - 2014-05-20 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-18 21:14 - 2014-05-18 21:14 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-05-18 21:14 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:38 - 2014-05-16 17:05 - 00000000 ____D () C:\Qoobox
2014-05-16 16:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 16:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 16:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 16:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 16:34 - 2014-05-16 16:34 - 05200990 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:31 - 2014-05-15 20:33 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-15 19:56 - 2014-05-15 19:57 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-15 14:22 - 2014-05-15 14:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\IE11-Windows6.1.exe
2014-05-14 21:28 - 2014-05-14 21:28 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 18:17 - 2014-05-21 12:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 18:16 - 2014-05-14 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-05-14 18:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 18:16 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 18:16 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 18:15 - 2014-05-21 13:46 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-14 18:10 - 2014-05-21 13:51 - 00000000 ____D () C:\FRST
2014-05-14 17:47 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:47 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 16:17 - 2014-05-18 20:35 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-08 19:26 - 2014-05-08 19:28 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:20 - 2014-05-08 19:26 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-04-28 10:44 - 2014-05-14 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-21 13:51 - 2014-05-14 18:10 - 00000000 ____D () C:\FRST
2014-05-21 13:46 - 2014-05-14 18:15 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-21 13:44 - 2014-05-21 13:44 - 00854367 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-05-21 13:40 - 2010-01-23 13:44 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 12:46 - 2014-05-14 18:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 11:39 - 2010-01-23 13:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 01:05 - 2014-05-21 01:05 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-05-21 00:48 - 2010-01-16 00:09 - 01510326 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 00:19 - 2014-05-21 00:19 - 00000687 _____ () C:\Users\Public\Desktop\Ontrack EasyRecovery Home.lnk
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\licman
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\ERHome
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ontrack EasyRecovery Home
2014-05-21 00:19 - 2010-01-16 15:59 - 00000000 ____D () C:\Users\Administrator
2014-05-21 00:02 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 00:02 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 23:56 - 2011-11-11 13:34 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2014-05-20 23:56 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-05-20 23:52 - 2011-08-29 09:45 - 00001757 _____ () C:\Windows\setupact.log
2014-05-20 23:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 23:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-20 23:50 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-20 23:50 - 2011-09-15 21:29 - 00000000 ____D () C:\Windows\pss
2014-05-20 23:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-20 23:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 23:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-20 15:13 - 2014-05-20 15:25 - 634355712 _____ () C:\Users\Administrator\Desktop\rescue-system.iso
2014-05-19 20:25 - 2014-05-19 20:25 - 01339947 _____ () C:\Users\Administrator\Desktop\AVSUPINF.ZIP
2014-05-19 20:16 - 2014-05-19 20:16 - 00535818 _____ () C:\Users\Administrator\Desktop\Support Collector - Alternativ.zip
2014-05-19 13:50 - 2010-03-19 16:56 - 00523776 _____ () C:\Users\Administrator\Desktop\Kassenbuch.XLS
2014-05-19 11:35 - 2014-05-19 11:35 - 00001666 _____ () C:\Users\Administrator\Desktop\Musterbrief_Rückforderung_Bearbeitungsentgelten_bei_Verbraucherdarlehen.txt
2014-05-18 21:14 - 2014-05-18 21:14 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-05-18 20:36 - 2011-09-15 10:34 - 00132824 _____ () C:\Windows\PFRO.log
2014-05-18 20:35 - 2014-05-14 16:17 - 00000000 ____D () C:\AdwCleaner
2014-05-16 17:05 - 2014-05-16 16:38 - 00000000 ____D () C:\Qoobox
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 16:37 - 2012-03-15 22:28 - 00000000 ____D () C:\Windows\ERDNT
2014-05-16 16:34 - 2014-05-16 16:34 - 05200990 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:32 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-05-16 13:31 - 2013-11-18 10:39 - 00030565 _____ () C:\Windows\IE11_main.log
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-16 09:07 - 2010-01-18 14:42 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-05-16 09:07 - 2010-01-18 14:42 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-16 09:04 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:53 - 2010-01-17 17:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 21:55 - 2010-01-17 23:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:33 - 2014-05-15 20:31 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-05-15 20:26 - 2014-05-15 20:26 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-15 19:57 - 2014-05-15 19:56 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-15 14:22 - 2014-05-15 14:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\IE11-Windows6.1.exe
2014-05-15 13:20 - 2013-03-14 15:13 - 00117968 _____ () C:\Windows\IE10_main.log
2014-05-15 12:39 - 2011-06-17 09:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 12:18 - 2010-01-16 00:04 - 00000000 ____D () C:\Windows\Panther
2014-05-15 12:02 - 2010-01-16 21:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-14 21:28 - 2014-05-14 21:28 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 18:17 - 2014-05-14 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2014-05-14 18:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 18:16 - 2012-03-15 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 18:03 - 2010-01-16 15:59 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-05-14 17:58 - 2014-04-28 10:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 17:54 - 2013-07-23 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:52 - 2010-01-16 00:25 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-14 15:39 - 2011-11-11 13:34 - 00001045 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2014-05-14 15:39 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 18:13 - 2012-03-23 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-05-12 10:56 - 2010-01-17 21:13 - 00000000 ____D () C:\Users\Administrator\Documents\Geschäftlich
2014-05-11 19:59 - 2013-11-07 09:44 - 00000000 ____D () C:\Program Files\StarMoney Business 6.0 S-Edition
2014-05-09 11:04 - 2012-04-03 08:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-09 11:04 - 2011-05-16 12:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 09:06 - 2014-05-14 17:47 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:38 - 2010-01-16 00:44 - 00000400 _____ () C:\Windows\ODBC.INI
2014-05-08 19:37 - 2010-02-10 13:15 - 00024740 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft Excel.ADR
2014-05-08 19:28 - 2014-05-08 19:26 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:26 - 2014-05-08 19:20 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-05-06 23:53 - 2010-02-10 13:52 - 00000000 ____D () C:\GreenGaLaXL
2014-05-06 05:25 - 2014-05-19 09:49 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-19 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-19 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 20:34 - 2012-01-31 21:36 - 00000000 ____D () C:\Users\Administrator\Desktop\Lauraaaaaaaaa
2014-05-01 20:34 - 2010-06-16 16:18 - 00000000 ____D () C:\Users\Administrator\Documents\laura
2014-04-27 17:21 - 2011-06-14 09:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Congstar
2014-04-23 14:39 - 2010-01-18 11:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptndzyj.dll
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 17:47] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 12:16

==================== End Of Log ============================
--- --- ---


Ich hoffe sehr Du wirst daraus schlau und kannst mir sagen was zutun ist.
Eine wichtige Frage:
Kann ich online-Banking machen?
Ich müsste nach über einer Woche mal dringend "zur Bank".
Ich verwende hierfür Starmoney-Business 6.0.

Danke

Sascha

schrauber 22.05.2014 09:07
Adobe updaten.
Avira deinstallieren und neu installieren.


Deinstalliere bitte Winzip malware Protector, poste dann ein frisches FRST log.

saschapc 22.05.2014 12:29
OK.
Alles läuft. Antivir ist selbstständig voll da. Kein Gemecker vom Windows-Wartungscenter.
Soweit schon mal seeeehhr gut!

Einzig, dass mein PC immernoch, anscheinend sehr aktiv ist. Er sumt und brummt und arbeitet fast unentwegt in Vollleistung.
Da das früher nicht so war, habe ich nur Bedenken, dass hier irgendetwas im Hintergrund läuft was nicht dahin gehört.

Aber wenn Du sagst, dass da nichts mehr ist?! OK!

Hier nun die frische frst:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Administrator (administrator) on SASCHAPC on 22-05-2014 13:19:46
Running from C:\Users\Administrator\Desktop\virenprogramme\FRST-OlderVersion
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files\StarMoney Business 5.0 S-Edition\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files\StarMoney Business 6.0 S-Edition\app\oflagent.exe [48272 2014-04-07] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x808E0927D23ACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3CC639A8-91A2-4A1A-BEE2-8B849085DAA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26678455-1FAA-4120-B194-B52D2C51C858}: [NameServer]192.168.178.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP)
S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Autodesk; C:\Program Files\Autodesk Network License Manager\lmgrd.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-11] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2010-01-17] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 crlscsi; C:\Windows\system32\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-05-10] (Hewlett Packard)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-21] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-01-19] (RapidSolution Software AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 12:54 - 2014-05-22 12:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2014-05-22 12:53 - 2014-05-22 12:53 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-22 12:53 - 2014-05-22 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-22 12:52 - 2014-05-22 12:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-22 12:52 - 2014-05-22 12:52 - 00000000 ____D () C:\Program Files\Avira
2014-05-22 12:52 - 2014-05-09 11:16 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 12:52 - 2014-05-09 11:16 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-22 12:52 - 2014-05-09 11:16 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-22 12:52 - 2014-05-09 11:16 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-22 10:58 - 2014-05-22 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Solvusoft
2014-05-21 13:44 - 2014-05-21 13:44 - 00854367 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\licman
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\ERHome
2014-05-19 11:35 - 2014-05-19 11:35 - 00001666 _____ () C:\Users\Administrator\Desktop\Musterbrief_Rückforderung_Bearbeitungsentgelten_bei_Verbraucherdarlehen.txt
2014-05-19 09:49 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 09:49 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 09:49 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 09:48 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:31 - 2014-05-15 20:33 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 19:56 - 2014-05-15 19:57 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-14 18:17 - 2014-05-21 15:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 18:15 - 2014-05-22 11:40 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-14 18:10 - 2014-05-22 13:19 - 00000000 ____D () C:\FRST
2014-05-14 17:47 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:47 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 16:17 - 2014-05-18 20:35 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-08 19:26 - 2014-05-08 19:28 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:20 - 2014-05-08 19:26 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-04-28 10:44 - 2014-05-14 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-22 13:19 - 2014-05-14 18:10 - 00000000 ____D () C:\FRST
2014-05-22 13:16 - 2011-11-11 13:34 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2014-05-22 13:16 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-05-22 13:16 - 2010-01-23 13:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 13:15 - 2011-08-29 09:45 - 00002373 _____ () C:\Windows\setupact.log
2014-05-22 13:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 13:14 - 2010-01-16 00:09 - 01659174 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 13:14 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:14 - 2009-07-14 06:34 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:06 - 2012-04-03 08:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-22 13:06 - 2011-05-16 12:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-22 13:06 - 2010-01-18 11:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-05-22 12:59 - 2011-09-15 10:34 - 00243048 _____ () C:\Windows\PFRO.log
2014-05-22 12:54 - 2014-05-22 12:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2014-05-22 12:53 - 2014-05-22 12:53 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-22 12:53 - 2014-05-22 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-22 12:52 - 2014-05-22 12:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-22 12:52 - 2014-05-22 12:52 - 00000000 ____D () C:\Program Files\Avira
2014-05-22 12:40 - 2010-01-23 13:44 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 12:38 - 2009-07-14 05:20 - 00000000 ___RD () C:\Program Files (x86)
2014-05-22 11:40 - 2014-05-14 18:15 - 00000000 ____D () C:\Users\Administrator\Desktop\virenprogramme
2014-05-22 11:06 - 2014-05-22 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Solvusoft
2014-05-21 15:39 - 2014-05-14 18:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 14:59 - 2010-02-10 13:52 - 00000000 ____D () C:\GreenGaLaXL
2014-05-21 13:44 - 2014-05-21 13:44 - 00854367 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\licman
2014-05-21 00:19 - 2014-05-21 00:19 - 00000000 ____D () C:\Users\Administrator\ERHome
2014-05-21 00:19 - 2010-01-16 15:59 - 00000000 ____D () C:\Users\Administrator
2014-05-20 23:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-20 23:50 - 2011-09-15 21:29 - 00000000 ____D () C:\Windows\pss
2014-05-20 23:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-20 23:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 23:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-19 13:50 - 2010-03-19 16:56 - 00523776 _____ () C:\Users\Administrator\Desktop\Kassenbuch.XLS
2014-05-19 11:35 - 2014-05-19 11:35 - 00001666 _____ () C:\Users\Administrator\Desktop\Musterbrief_Rückforderung_Bearbeitungsentgelten_bei_Verbraucherdarlehen.txt
2014-05-18 21:14 - 2014-05-18 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
2014-05-18 20:35 - 2014-05-14 16:17 - 00000000 ____D () C:\AdwCleaner
2014-05-16 17:04 - 2014-05-16 17:04 - 00036028 _____ () C:\ComboFix.txt
2014-05-16 16:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 16:37 - 2012-03-15 22:28 - 00000000 ____D () C:\Windows\ERDNT
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-05-16 16:11 - 2014-05-16 16:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-05-16 13:32 - 2014-05-16 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-05-16 13:32 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-05-16 13:31 - 2013-11-18 10:39 - 00030565 _____ () C:\Windows\IE11_main.log
2014-05-16 13:24 - 2014-05-16 13:24 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 13:24 - 2014-05-16 13:24 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 13:24 - 2014-05-16 13:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 13:24 - 2014-05-16 13:24 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 13:24 - 2014-05-16 13:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 13:24 - 2014-05-16 13:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-16 09:07 - 2010-01-18 14:42 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-05-16 09:07 - 2010-01-18 14:42 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-16 09:04 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:53 - 2010-01-17 17:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-05-15 21:59 - 2014-05-15 21:59 - 00006430 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-05-15 21:58 - 2014-05-15 21:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HiJackThis204.exe
2014-05-15 21:55 - 2010-01-17 23:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
2014-05-15 20:34 - 2014-05-15 20:34 - 00000000 ____D () C:\Program Files\DLLSuite
2014-05-15 20:33 - 2014-05-15 20:31 - 16578402 _____ ( ) C:\Users\Administrator\Downloads\DLLSuite_Setup.exe
2014-05-15 19:57 - 2014-05-15 19:56 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Administrator\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-15 13:20 - 2013-03-14 15:13 - 00117968 _____ () C:\Windows\IE10_main.log
2014-05-15 12:39 - 2011-06-17 09:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 12:18 - 2010-01-16 00:04 - 00000000 ____D () C:\Windows\Panther
2014-05-15 12:02 - 2010-01-16 21:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-14 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 18:03 - 2010-01-16 15:59 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-05-14 17:58 - 2014-04-28 10:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 17:54 - 2013-07-23 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 17:52 - 2010-01-16 00:25 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-05-14 15:39 - 2011-11-11 13:34 - 00001045 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2014-05-14 15:39 - 2011-11-11 13:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 18:13 - 2012-03-23 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-05-12 10:56 - 2010-01-17 21:13 - 00000000 ____D () C:\Users\Administrator\Documents\Geschäftlich
2014-05-11 19:59 - 2013-11-07 09:44 - 00000000 ____D () C:\Program Files\StarMoney Business 6.0 S-Edition
2014-05-09 11:16 - 2014-05-22 12:52 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-05-22 12:52 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-05-22 12:52 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-09 11:16 - 2014-05-22 12:52 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-09 11:16 - 2013-07-09 11:50 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-05-09 09:06 - 2014-05-14 17:47 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:38 - 2010-01-16 00:44 - 00000400 _____ () C:\Windows\ODBC.INI
2014-05-08 19:37 - 2010-02-10 13:15 - 00024740 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft Excel.ADR
2014-05-08 19:28 - 2014-05-08 19:26 - 00431616 _____ () C:\Users\Administrator\Desktop\kontakte14.xls
2014-05-08 19:26 - 2014-05-08 19:20 - 00206572 _____ () C:\Users\Administrator\Desktop\kontakte14.csv
2014-05-06 05:25 - 2014-05-19 09:49 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-19 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-19 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 20:34 - 2012-01-31 21:36 - 00000000 ____D () C:\Users\Administrator\Desktop\Lauraaaaaaaaa
2014-05-01 20:34 - 2010-06-16 16:18 - 00000000 ____D () C:\Users\Administrator\Documents\laura
2014-04-27 17:21 - 2011-06-14 09:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Congstar

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgunqvg.dll
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 17:47] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 12:16

==================== End Of Log ============================
--- --- ---


Bislang verwendete Programme habe ich - glaube ich - weitestgehend deistalliert.
Nur bei SecurityCheck bin ich unsicher, wie ich es loswerde.

DANKE
Sascha

schrauber 23.05.2014 11:00
Sieht gut aus. Räum deinen Autostart mal auf, viel unnötiges. Lass Ccleaner laufen um die Temps zu bereinigen und check mal die Festplatte auf Schäden, am Besten mit Seatools.

saschapc 25.05.2014 14:09
Hallo Schrauber,

ok, ich glaube wir sind jetzt hier fertig.
Vielen Dank für Deine Unterstützung.

Deine zuletzt genannten Empfehlungen habe ich beherzigt.
Autostart via msconfig ein wenig "aufgeräumt", ccleaner verwendet und seatools installiert.
Seatools erkennt meine Festplatte C nicht.

Bevor ich mich dem Spenden widme, bitte teile mir noch mit was ich alles deinstallieren kann. Und vor allem, Wie?
Welche Tools empfiehlst Du zu behalten und gelegentlich durchlaufen zu lassen?

Vielen Dank.

Sascha

schrauber 26.05.2014 11:57
das kommt jetzt:

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

saschapc 27.05.2014 09:48
Ok.
Alles erledigt, beherzigt und verinnerlichst.
DANKE.

Nur noch eine kleine, abschließende Irritation.
Es soll - verständlicherweise - nur ein Virenprogramm laufen.
Kann / darf der Windows Defender parallel laufen?
Und was ist mit Malwarebytes, den Du empfiehlst?

Laufen dann nicht zeitgleich drei Virenprogramme?!

Hier bitte ich abschließend noch eine Beantwortung.

Vielen Dank

Sascha

schrauber 28.05.2014 09:28
Defender wird automatisch vom instalierten AV Programm deaktiviert, wenn es stört. Wenn er weiter läuft, passt das auch. MBAM wird sich nach 30 Tagen in Freeware ändern, dann ist auch der Echtzeitschutz weg.

saschapc 28.05.2014 09:50
OK, DANKE.
Das war´s.
:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27