Trojaner-Board - Win 7: Word-Dateien können nicht mehr geöffnet werden

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Win 7: Word-Dateien können nicht mehr geöffnet werden (https://www.trojaner-board.de/154286-win-7-word-dateien-mehr-geoeffnet.html)

Win 7: Word-Dateien können nicht mehr geöffnet werden

Hallo,
ich kann seit 3 Tagen mein Word nicht mehr aufmachen, inzwischen geht der Drucker auch nicht mehr. Es kommt eine Fehlermeldung "C:\Program Files\Microsoft Office\Office\WINWORD.EXE ist keine zulässige Win32-Anwendung."
Der Virusscan mit Emsisoft ergab keine Funde.
Könnt Ihr mir helfen?
Danke im Voraus!
Tina

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:47 on 23/05/2014 (Tina)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-05-2014

Ran by Tina (administrator) on TINA-PC on 23-05-2014 23:49:36

Running from C:\Users\Tina\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(brother) C:\Program Files\Brownie\BrStsWnd.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

HKU\S-1-5-21-3602274359-194582226-3582035581-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF69E7890B81ECF01

SearchScopes: HKLM - DefaultScope value is missing.

BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-12]
 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]

CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]

CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]

CHR Extension: (Google-Suche) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]

CHR Extension: (AdBlock) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-31]

CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]

CHR Extension: (Google Mail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
 

========================== Services (Whitelisted) =================
 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)

R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-23 23:49 - 2014-05-23 23:49 - 00008224 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-23 23:49 - 2014-05-23 23:49 - 00000000 ____D () C:\FRST

2014-05-23 23:48 - 2014-05-23 23:48 - 01056768 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:38 - 2014-05-23 23:39 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:36 - 2014-05-23 23:39 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 08:48 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-15 08:48 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-15 08:48 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 18:34 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 18:34 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 18:33 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 18:33 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 18:33 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 18:33 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 18:33 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-14 18:33 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-06 22:27 - 2014-05-15 09:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav

2014-04-26 22:00 - 2014-04-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-04-26 21:59 - 2014-04-26 21:59 - 00884680 _____ (Google Inc.) C:\Users\Tina\Downloads\GoogleEarthSetup.exe

2014-04-26 21:14 - 2014-04-26 21:14 - 01484080 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\WorksConv.exe

2014-04-26 21:05 - 2014-04-26 21:05 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader (1).exe

2014-04-26 21:02 - 2014-04-26 21:02 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader.exe

2014-04-25 22:49 - 2014-04-25 22:50 - 04745216 _____ () C:\Users\Tina\Downloads\Works632_de-DE.msi
 

==================== One Month Modified Files and Folders =======
 

2014-05-23 23:49 - 2014-05-23 23:49 - 00008224 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-23 23:49 - 2014-05-23 23:49 - 00000000 ____D () C:\FRST

2014-05-23 23:49 - 2014-01-31 20:10 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-05-23 23:48 - 2014-05-23 23:48 - 01056768 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:47 - 2014-01-31 15:19 - 00000000 ____D () C:\Users\Tina

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:43 - 2014-01-31 21:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-23 23:39 - 2014-05-23 23:38 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:39 - 2014-05-23 23:36 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-23 23:22 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-23 23:22 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-23 23:18 - 2014-01-31 15:09 - 02084261 _____ () C:\Windows\WindowsUpdate.log

2014-05-23 23:17 - 2014-02-01 23:39 - 00000261 _____ () C:\Windows\Brownie.ini

2014-05-23 23:14 - 2014-01-31 21:18 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-23 23:13 - 2014-02-04 22:11 - 00009420 _____ () C:\Windows\setupact.log

2014-05-23 23:13 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-23 22:10 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-22 11:36 - 2014-02-01 12:39 - 00000000 ____D () C:\Program Files\Psyprax32

2014-05-21 21:15 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\schreibtisch

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-21 20:56 - 2014-02-10 22:20 - 268594350 _____ () C:\Windows\MEMORY.DMP

2014-05-21 20:56 - 2014-02-03 20:38 - 00000000 ____D () C:\Windows\Minidump

2014-05-19 07:13 - 2014-02-04 21:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 21:46 - 2014-02-01 23:34 - 00000000 ____D () C:\Users\Tina\Documents\Jung-Institut

2014-05-15 09:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-15 09:08 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-15 09:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-15 08:52 - 2014-02-03 20:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-15 08:51 - 2014-02-03 20:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-13 21:49 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\Post

2014-05-11 21:13 - 2014-02-01 22:14 - 00000000 ____D () C:\Users\Tina\Desktop\To do

2014-05-09 09:06 - 2014-05-14 18:34 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 09:04 - 2014-05-14 18:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav

2014-05-06 05:25 - 2014-05-15 08:48 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 05:07 - 2014-05-15 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 04:10 - 2014-05-15 08:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-03 12:16 - 2014-02-01 14:36 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\vlc

2014-04-26 22:00 - 2014-04-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-04-26 22:00 - 2014-01-31 21:18 - 00000000 ____D () C:\Users\Tina\AppData\Local\Google

2014-04-26 22:00 - 2014-01-31 21:18 - 00000000 ____D () C:\Program Files\Google

2014-04-26 21:59 - 2014-04-26 21:59 - 00884680 _____ (Google Inc.) C:\Users\Tina\Downloads\GoogleEarthSetup.exe

2014-04-26 21:14 - 2014-04-26 21:14 - 01484080 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\WorksConv.exe

2014-04-26 21:14 - 2014-02-01 22:39 - 00000000 ____D () C:\Program Files\MSECache

2014-04-26 21:05 - 2014-04-26 21:05 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader (1).exe

2014-04-26 21:02 - 2014-04-26 21:02 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader.exe

2014-04-25 22:50 - 2014-04-25 22:49 - 04745216 _____ () C:\Users\Tina\Downloads\Works632_de-DE.msi
 

Some content of TEMP:

====================

C:\Users\Tina\AppData\Local\Temp\avgnt.exe

C:\Users\Tina\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Tina\AppData\Local\Temp\Quarantine.exe

C:\Users\Tina\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe

[2014-05-14 18:33] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-19 07:33
 

==================== End Of Log ============================

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-05-2014

Ran by Tina at 2014-05-23 23:50:11

Running from C:\Users\Tina\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
 

==================== Installed Programs ======================
 

Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Bönninghausens Therapeutisches Taschenbuch 2.4.2 (HKLM\...\{8E0E2E5E-3977-44EE-AABB-56E5327797C4}) (Version: 2.4.2 - Bönninghausen Direkt)

Brother HL-2030 (HKLM\...\{E4892C06-AED7-455F-83B9-142FC76305A0}) (Version: 1.00 - Brother)

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MailStore Home 8.1.0.9075 (HKLM\...\MailStore Home_universal1) (Version: 8.1.0.9075 - MailStore Software GmbH)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office 2000 SR-1 Standard (HKLM\...\{00020407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden

PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)

Psyprax (HKLM\...\{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1) (Version:  - Psyprax GmbH)

Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)

VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

25-04-2014 19:30:09 Windows Update

25-04-2014 20:51:00 Microsoft Works 6-9 Converter wird installiert

26-04-2014 19:28:43 Microsoft Works 6-9 Converter wird installiert

26-04-2014 19:54:09 Microsoft Works 6-9 Converter wird entfernt

26-04-2014 19:54:37 Microsoft Works 6-9 Converter wird entfernt

29-04-2014 18:21:18 Windows Update

03-05-2014 20:04:31 Windows Update

06-05-2014 20:27:02 Windows Update

13-05-2014 16:00:49 Windows Update

15-05-2014 06:46:56 Windows Update

21-05-2014 08:40:45 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {27A7DF20-F138-40F7-89E0-9DAC0A2D53C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION

Task: {9CD78BED-1839-4850-BACD-03E029227FF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A136254A-8374-4EDB-BCEF-97BC767941B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)

Task: {BE1BBA38-6103-4B1F-8B55-6B44F67728A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-05-22 03:02 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-22 03:02 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-22 03:02 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-22 03:02 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-22 03:02 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/23/2014 11:15:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4813723
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4813723
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4812724
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4812724
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4811710
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4811710
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (05/23/2014 11:13:53 PM) (Source: SCardSvr) (EventID: 602) (User: )

Description: Das System kann den angegebenen Pfad nicht finden.
 

Error: (05/23/2014 11:13:53 PM) (Source: SCardSvr) (EventID: 602) (User: )

Description: Das System kann den angegebenen Pfad nicht finden.
 

Error: (05/23/2014 10:14:44 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 

Error: (05/23/2014 10:14:43 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 

Error: (05/23/2014 10:14:42 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 

Error: (05/23/2014 10:14:42 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 

Error: (05/23/2014 10:09:54 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (05/23/2014 10:09:54 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (05/23/2014 10:09:53 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (05/23/2014 10:09:52 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (05/23/2014 11:15:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4813723
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4813723
 

Error: (05/23/2014 10:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4812724
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4812724
 

Error: (05/23/2014 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4811710
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4811710
 

Error: (05/23/2014 10:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 2940 MB

Available physical RAM: 1768.46 MB

Total Pagefile: 5878.29 MB

Available Pagefile: 4138.58 MB

Total Virtual: 2047.88 MB

Available Virtual: 1919.27 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:297.99 GB) (Free:159.14 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 256ECCE7)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-05-24 00:19:32

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0040020C 298,09GB

Running: Gmer-19357.exe; Driver: C:\Users\Tina\AppData\Local\Temp\kxldipow.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                  82A8DA15 1 Byte  [06]

.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                    82AC7212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtCreateFile                                                  777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtCreateFile + 4                                              777E560C 2 Bytes  [86, 71]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtDeleteValueKey                                              777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtDeleteValueKey + 4                                          777E588C 2 Bytes  [8C, 71]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtOpenFile                                                    777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtOpenFile + 4                                                777E5D1C 2 Bytes  [83, 71]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtOpenProcess                                                 777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtOpenProcess + 4                                             777E5DCC 2 Bytes  [89, 71]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtSetContextThread                                            777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtSetContextThread + 4                                        777E65AC 2 Bytes  [80, 71]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtSetValueKey                                                 777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] ntdll.dll!NtSetValueKey + 4                                             777E684C 2 Bytes  [8F, 71]

.text  C:\Windows\system32\Dwm.exe[2156] kernel32.dll!CreateProcessInternalW                                     77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] kernel32.dll!CreateProcessInternalW + 4                                 77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!SendMessageA                                                 75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!PostMessageA                                                 75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!PostMessageW                                                 75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!SendMessageW                                                 75C75539 6 Bytes  JMP 719F000A 

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!mouse_event                                                  75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!SendInput                                                    75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!SendInput + 4                                                75C9701D 2 Bytes  [A4, 71]

.text  C:\Windows\system32\Dwm.exe[2156] USER32.dll!keybd_event                                                  75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Windows\system32\Dwm.exe[2156] ADVAPI32.dll!CreateServiceW                                             771870C4 6 Bytes  JMP 7193000A 

.text  C:\Windows\system32\Dwm.exe[2156] ADVAPI32.dll!CreateServiceA                                             771A3264 6 Bytes  JMP 7196000A 

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtCreateFile                                                      777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtCreateFile + 4                                                  777E560C 2 Bytes  [86, 71]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtDeleteValueKey                                                  777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtDeleteValueKey + 4                                              777E588C 2 Bytes  [8C, 71]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtOpenFile                                                        777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtOpenFile + 4                                                    777E5D1C 2 Bytes  [83, 71]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtOpenProcess                                                     777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtOpenProcess + 4                                                 777E5DCC 2 Bytes  [89, 71]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtSetContextThread                                                777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtSetContextThread + 4                                            777E65AC 2 Bytes  [80, 71]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtSetValueKey                                                     777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] ntdll.dll!NtSetValueKey + 4                                                 777E684C 2 Bytes  [8F, 71]

.text  C:\Windows\Explorer.EXE[2212] kernel32.dll!CreateProcessInternalW                                         77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] kernel32.dll!CreateProcessInternalW + 4                                     77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Windows\Explorer.EXE[2212] ADVAPI32.dll!CreateServiceW                                                 771870C4 6 Bytes  JMP 7193000A 

.text  C:\Windows\Explorer.EXE[2212] ADVAPI32.dll!CreateServiceA                                                 771A3264 6 Bytes  JMP 7196000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!SendMessageA                                                     75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!PostMessageA                                                     75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!PostMessageW                                                     75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!SendMessageW                                                     75C75539 6 Bytes  JMP 719F000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!mouse_event                                                      75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!SendInput                                                        75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!SendInput + 4                                                    75C9701D 2 Bytes  [A4, 71]

.text  C:\Windows\Explorer.EXE[2212] USER32.dll!keybd_event                                                      75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Windows\Explorer.EXE[2212] WS2_32.dll!WSALookupServiceBeginW                                           75B2575A 6 Bytes  JMP 7166000A 

.text  C:\Windows\Explorer.EXE[2212] WS2_32.dll!connect                                                          75B26BDD 6 Bytes  JMP 716C000A 

.text  C:\Windows\Explorer.EXE[2212] WS2_32.dll!listen                                                           75B2B001 6 Bytes  JMP 7169000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtCreateFile                                       777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtCreateFile + 4                                   777E560C 2 Bytes  [86, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtDeleteValueKey                                   777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtDeleteValueKey + 4                               777E588C 2 Bytes  [8C, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtOpenFile                                         777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtOpenFile + 4                                     777E5D1C 2 Bytes  [83, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtOpenProcess                                      777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtOpenProcess + 4                                  777E5DCC 2 Bytes  [89, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtSetContextThread                                 777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtSetContextThread + 4                             777E65AC 2 Bytes  [80, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtSetValueKey                                      777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ntdll.dll!NtSetValueKey + 4                                  777E684C 2 Bytes  [8F, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] kernel32.dll!CreateProcessInternalW                          77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] kernel32.dll!CreateProcessInternalW + 4                      77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!SendMessageA                                      75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!PostMessageA                                      75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!PostMessageW                                      75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!SendMessageW                                      75C75539 6 Bytes  JMP 719F000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!mouse_event                                       75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!SendInput                                         75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!SendInput + 4                                     75C9701D 2 Bytes  [A4, 71]

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] USER32.dll!keybd_event                                       75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ADVAPI32.dll!CreateServiceW                                  771870C4 6 Bytes  JMP 7193000A 

.text  C:\Users\Tina\Downloads\Gmer-19357.exe[2272] ADVAPI32.dll!CreateServiceA                                  771A3264 6 Bytes  JMP 7196000A 

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtCreateFile                                             777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtCreateFile + 4                                         777E560C 2 Bytes  [80, 71]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtDeleteValueKey                                         777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtDeleteValueKey + 4                                     777E588C 2 Bytes  [86, 71]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtOpenFile                                               777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtOpenFile + 4                                           777E5D1C 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtOpenProcess                                            777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtOpenProcess + 4                                        777E5DCC 2 Bytes  [83, 71]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtSetContextThread                                       777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtSetContextThread + 4                                   777E65AC 2 Bytes  [7A, 71] {JP 0x73}

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtSetValueKey                                            777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] ntdll.dll!NtSetValueKey + 4                                        777E684C 2 Bytes  [89, 71]

.text  C:\Windows\System32\rundll32.exe[2484] kernel32.dll!CreateProcessInternalW                                77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] kernel32.dll!CreateProcessInternalW + 4                            77710856 2 Bytes  [77, 71] {JA 0x73}

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!SendMessageA                                            75C6AD60 6 Bytes  JMP 719C000A 

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!PostMessageA                                            75C6B446 6 Bytes  JMP 7196000A 

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!PostMessageW                                            75C7447B 6 Bytes  JMP 7193000A 

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!SendMessageW                                            75C75539 6 Bytes  JMP 7199000A 

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!mouse_event                                             75C86209 6 Bytes  JMP 71A5000A 

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!SendInput                                               75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!SendInput + 4                                           75C9701D 2 Bytes  [9E, 71]

.text  C:\Windows\System32\rundll32.exe[2484] USER32.dll!keybd_event                                             75CBEC3B 6 Bytes  JMP 71A2000A 

.text  C:\Windows\System32\rundll32.exe[2484] ADVAPI32.dll!CreateServiceW                                        771870C4 6 Bytes  JMP 718D000A 

.text  C:\Windows\System32\rundll32.exe[2484] ADVAPI32.dll!CreateServiceA                                        771A3264 6 Bytes  JMP 7190000A 

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtCreateFile                                             777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtCreateFile + 4                                         777E560C 2 Bytes  [86, 71]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtDeleteValueKey                                         777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtDeleteValueKey + 4                                     777E588C 2 Bytes  [8C, 71]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtOpenFile                                               777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtOpenFile + 4                                           777E5D1C 2 Bytes  [83, 71]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtOpenProcess                                            777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtOpenProcess + 4                                        777E5DCC 2 Bytes  [89, 71]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtSetContextThread                                       777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtSetContextThread + 4                                   777E65AC 2 Bytes  [80, 71]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtSetValueKey                                            777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] ntdll.dll!NtSetValueKey + 4                                        777E684C 2 Bytes  [8F, 71]

.text  C:\Windows\system32\taskhost.exe[2564] kernel32.dll!CreateProcessInternalW                                77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] kernel32.dll!CreateProcessInternalW + 4                            77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!SendMessageA                                            75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!PostMessageA                                            75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!PostMessageW                                            75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!SendMessageW                                            75C75539 6 Bytes  JMP 719F000A 

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!mouse_event                                             75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!SendInput                                               75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!SendInput + 4                                           75C9701D 2 Bytes  [A4, 71]

.text  C:\Windows\system32\taskhost.exe[2564] USER32.dll!keybd_event                                             75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Windows\system32\taskhost.exe[2564] ADVAPI32.dll!CreateServiceW                                        771870C4 6 Bytes  JMP 7193000A 

.text  C:\Windows\system32\taskhost.exe[2564] ADVAPI32.dll!CreateServiceA                                        771A3264 6 Bytes  JMP 7196000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtCreateFile                   777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtCreateFile + 4               777E560C 2 Bytes  [86, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtDeleteValueKey               777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtDeleteValueKey + 4           777E588C 2 Bytes  [8C, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtOpenFile                     777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtOpenFile + 4                 777E5D1C 2 Bytes  [83, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtOpenProcess                  777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtOpenProcess + 4              777E5DCC 2 Bytes  [89, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtSetContextThread             777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtSetContextThread + 4         777E65AC 2 Bytes  [80, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtSetValueKey                  777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ntdll.dll!NtSetValueKey + 4              777E684C 2 Bytes  [8F, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] kernel32.dll!CreateProcessInternalW      77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] kernel32.dll!CreateProcessInternalW + 4  77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ADVAPI32.dll!CreateServiceW              771870C4 6 Bytes  JMP 7193000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] ADVAPI32.dll!CreateServiceA              771A3264 6 Bytes  JMP 7196000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!SendMessageA                  75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!PostMessageA                  75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!PostMessageW                  75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!SendMessageW                  75C75539 6 Bytes  JMP 719F000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!mouse_event                   75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!SendInput                     75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!SendInput + 4                 75C9701D 2 Bytes  [A4, 71]

.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2724] USER32.dll!keybd_event                   75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtCreateFile                                     777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtCreateFile + 4                                 777E560C 2 Bytes  [86, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtDeleteValueKey                                 777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtDeleteValueKey + 4                             777E588C 2 Bytes  [8C, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtOpenFile                                       777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtOpenFile + 4                                   777E5D1C 2 Bytes  [83, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtOpenProcess                                    777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtOpenProcess + 4                                777E5DCC 2 Bytes  [89, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtSetContextThread                               777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtSetContextThread + 4                           777E65AC 2 Bytes  [80, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtSetValueKey                                    777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ntdll.dll!NtSetValueKey + 4                                777E684C 2 Bytes  [8F, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] kernel32.dll!CreateProcessInternalW                        77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] kernel32.dll!CreateProcessInternalW + 4                    77710856 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ADVAPI32.dll!CreateServiceW                                771870C4 6 Bytes  JMP 7193000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] ADVAPI32.dll!CreateServiceA                                771A3264 6 Bytes  JMP 7196000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!SendMessageA                                    75C6AD60 6 Bytes  JMP 71A2000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!PostMessageA                                    75C6B446 6 Bytes  JMP 719C000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!PostMessageW                                    75C7447B 6 Bytes  JMP 7199000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!SendMessageW                                    75C75539 6 Bytes  JMP 719F000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!mouse_event                                     75C86209 6 Bytes  JMP 71AB000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!SendInput                                       75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!SendInput + 4                                   75C9701D 2 Bytes  [A4, 71]

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] USER32.dll!keybd_event                                     75CBEC3B 6 Bytes  JMP 71A8000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] WS2_32.dll!WSALookupServiceBeginW                          75B2575A 6 Bytes  JMP 7175000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] WS2_32.dll!connect                                         75B26BDD 6 Bytes  JMP 717B000A 

.text  C:\Program Files\iTunes\iTunesHelper.exe[2744] WS2_32.dll!listen                                          75B2B001 6 Bytes  JMP 7178000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtCreateFile                                        777E5608 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtCreateFile + 4                                    777E560C 2 Bytes  [80, 71]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtDeleteValueKey                                    777E5888 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtDeleteValueKey + 4                                777E588C 2 Bytes  [86, 71]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtOpenFile                                          777E5D18 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtOpenFile + 4                                      777E5D1C 2 Bytes  [7D, 71] {JGE 0x73}

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtOpenProcess                                       777E5DC8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtOpenProcess + 4                                   777E5DCC 2 Bytes  [83, 71]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtSetContextThread                                  777E65A8 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtSetContextThread + 4                              777E65AC 2 Bytes  [7A, 71] {JP 0x73}

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtSetValueKey                                       777E6848 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ntdll.dll!NtSetValueKey + 4                                   777E684C 2 Bytes  [89, 71]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] kernel32.dll!CreateProcessInternalW                           77710852 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] kernel32.dll!CreateProcessInternalW + 4                       77710856 2 Bytes  [77, 71] {JA 0x73}

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ADVAPI32.dll!CreateServiceW                                   771870C4 6 Bytes  JMP 718D000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] ADVAPI32.dll!CreateServiceA                                   771A3264 6 Bytes  JMP 7190000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!SendMessageA                                       75C6AD60 6 Bytes  JMP 719C000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!PostMessageA                                       75C6B446 6 Bytes  JMP 7196000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!PostMessageW                                       75C7447B 6 Bytes  JMP 7193000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!SendMessageW                                       75C75539 6 Bytes  JMP 7199000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!mouse_event                                        75C86209 6 Bytes  JMP 71A5000A 

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!SendInput                                          75C97019 3 Bytes  [FF, 25, 1E]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!SendInput + 4                                      75C9701D 2 Bytes  [9E, 71]

.text  C:\Program Files\Brownie\brstswnd.exe[2860] USER32.dll!keybd_event                                        75CBEC3B 6 Bytes  JMP 71A2000A 
 

---- EOF - GMER 2.1 ----

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
anbei der log-File von combofix. Hoffe, es war erfolgreich (ich glaube, der Energiesparmodus ging wenige Sekunden nach Ende des combofix-scans an). Kann man sehen, ob es "ungestört" durchgelaufen ist? Oder soll ich es nochmal durchlaufen lassen?
LG, Tina

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 14-05-19.01 - Tina 24.05.2014  21:01:24.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2940.2039 [GMT 2:00]

ausgeführt von:: c:\users\Tina\Desktop\ComboFix.exe

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-04-24 bis 2014-05-24  ))))))))))))))))))))))))))))))

.

.

2014-05-24 19:10 . 2014-05-24 19:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-05-24 19:03 . 2014-05-24 19:03        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{45160380-67FD-48E6-B133-C86E5E4491E4}\offreg.dll

2014-05-23 21:49 . 2014-05-23 21:50        --------        d-----w-        C:\FRST

2014-05-23 18:01 . 2014-04-30 23:37        8073384        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{45160380-67FD-48E6-B133-C86E5E4491E4}\mpengine.dll

2014-05-15 06:48 . 2014-05-06 03:07        2724864        ----a-w-        c:\windows\system32\mshtml.tlb

2014-05-14 16:34 . 2014-05-09 07:06        369664        ----a-w-        c:\windows\system32\aepdu.dll

2014-05-14 16:34 . 2014-05-09 07:04        302592        ----a-w-        c:\windows\system32\aeinv.dll

2014-05-06 20:27 . 2014-05-15 07:08        --------        d-s---w-        c:\windows\system32\CompatTel

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-14 18:13 . 2014-04-22 08:08        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2014-03-31 07:35 . 2014-01-31 17:34        231584        ------w-        c:\windows\system32\MpSigStub.exe

2014-03-06 08:31 . 2014-04-14 20:45        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll

2014-03-06 08:02 . 2014-04-14 20:45        61952        ----a-w-        c:\windows\system32\iesetup.dll

2014-03-06 08:02 . 2014-04-14 20:45        455168        ----a-w-        c:\windows\system32\vbscript.dll

2014-03-06 08:01 . 2014-04-14 20:45        51200        ----a-w-        c:\windows\system32\ieetwproxystub.dll

2014-03-06 07:46 . 2014-04-14 20:44        4254720        ----a-w-        c:\windows\system32\jscript9.dll

2014-03-06 07:38 . 2014-04-14 20:45        112128        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-03-06 07:38 . 2014-04-14 20:45        108032        ----a-w-        c:\windows\system32\ieetwcollector.exe

2014-03-06 07:36 . 2014-04-14 20:45        592896        ----a-w-        c:\windows\system32\jscript9diag.dll

2014-03-06 07:28 . 2014-04-14 20:45        646144        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-06 07:13 . 2014-04-14 20:45        32256        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll

2014-03-06 06:40 . 2014-04-14 20:45        1967104        ----a-w-        c:\windows\system32\inetcpl.cpl

2014-03-06 05:41 . 2014-04-14 20:45        1789440        ----a-w-        c:\windows\system32\wininet.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2014-02-15 4330432]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]

R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2013-08-19 126976]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013-09-30 38248]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2014-05-12 18552]

S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2014-02-15 4163584]

S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]

S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]

S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2014-05-12 58200]

S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-12-04 50200]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-22 00:44        1091912        ----a-w-        c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-31 19:18]

.

2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-31 19:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.178.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

SafeBoot-CleanHlp

SafeBoot-CleanHlp.sys

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3920)

c:\windows\system32\prnfldr.dll

c:\windows\system32\mssprxy.dll

c:\windows\System32\cscobj.dll

c:\windows\system32\wwanapi.dll

c:\windows\System32\QAgent.dll

.

Zeit der Fertigstellung: 2014-05-24  21:12:48

ComboFix-quarantined-files.txt  2014-05-24 19:12

.

Vor Suchlauf: 10 Verzeichnis(se), 171.967.905.792 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 172.275.707.904 Bytes frei

.

- - End Of File - - 332D11BCC49CB5A67F34A675C5AABC34

 
--- --- ---

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 25.05.2014

Scan Time: 20:15:41

Logfile: Malwarebytes Anti-Malware.txt

Administrator: Yes
 

Version: 2.00.2.1012

Malware Database: v2014.05.25.05

Rootkit Database: v2014.05.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Tina
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 255814

Time Elapsed: 8 min, 6 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 0

(No malicious items detected)
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 0

(No malicious items detected)
 

Files: 0

(No malicious items detected)
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

AdwCleaner Logfile:

Code:

# AdwCleaner v3.210 - Bericht erstellt am 25/05/2014 um 20:30:26

# Aktualisiert 19/05/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)

# Benutzername : Tina - TINA-PC

# Gestartet von : C:\Users\Tina\Downloads\adwcleaner_3.210 (2).exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

Schlüssel Gelöscht : HKCU\Software\OCS
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17041
 
 

-\\ Google Chrome v35.0.1916.114
 

[ Datei : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [787 octets] - [04/02/2014 22:13:53]

AdwCleaner[R1].txt - [1400 octets] - [25/05/2014 20:28:44]

AdwCleaner[S0].txt - [847 octets] - [04/02/2014 22:15:23]

AdwCleaner[S1].txt - [1321 octets] - [25/05/2014 20:30:26]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1381 octets] ##########

--- --- ---

[/CODE]

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x86

Ran by Tina on 25.05.2014 at 20:36:54,89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25.05.2014 at 20:45:30,36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01

Ran by Tina (administrator) on TINA-PC on 25-05-2014 20:59:15

Running from C:\Users\Tina\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF69E7890B81ECF01

SearchScopes: HKLM - DefaultScope value is missing.

BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-12]
 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]

CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]

CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]

CHR Extension: (Google-Suche) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]

CHR Extension: (AdBlock) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-31]

CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]

CHR Extension: (Google Mail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
 

========================== Services (Whitelisted) =================
 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)

R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation)

S3 catchme; \??\C:\Users\Tina\AppData\Local\Temp\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-25 20:59 - 2014-05-25 20:59 - 00000000 ____D () C:\Users\Tina\Downloads\FRST-OlderVersion

2014-05-25 20:45 - 2014-05-25 20:46 - 00000624 _____ () C:\Users\Tina\Desktop\JRT.txt

2014-05-25 20:36 - 2014-05-25 20:36 - 00000000 ____D () C:\Windows\ERUNT

2014-05-25 20:35 - 2014-05-25 20:35 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe

2014-05-25 20:33 - 2014-05-25 20:33 - 00001461 _____ () C:\Users\Tina\Desktop\AdwCleaner[S1].txt

2014-05-25 20:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-25 20:27 - 2014-05-25 20:27 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (3).exe

2014-05-25 20:25 - 2014-05-25 20:25 - 00001074 _____ () C:\Users\Tina\Desktop\mbam.txt.txt

2014-05-25 20:14 - 2014-05-25 20:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-25 20:13 - 2014-05-25 20:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-25 20:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-25 20:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-25 20:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-25 20:11 - 2014-05-25 20:11 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (2).exe

2014-05-25 20:10 - 2014-05-25 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-24 21:12 - 2014-05-24 21:12 - 00007855 _____ () C:\ComboFix.txt

2014-05-24 20:58 - 2014-05-24 21:12 - 00000000 ____D () C:\Qoobox

2014-05-24 20:58 - 2014-05-24 21:11 - 00000000 ____D () C:\Windows\erdnt

2014-05-24 20:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-05-24 20:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-05-24 20:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-05-24 20:57 - 2014-05-24 20:54 - 05200426 ____R (Swearware) C:\Users\Tina\Desktop\ComboFix.exe

2014-05-24 20:53 - 2014-05-24 20:54 - 05200426 _____ (Swearware) C:\Users\Tina\Downloads\ComboFix.exe

2014-05-24 00:20 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Desktop\defogger_disable.log

2014-05-24 00:19 - 2014-05-24 00:19 - 00029455 _____ () C:\Users\Tina\Desktop\gmer.log

2014-05-23 23:54 - 2014-05-23 23:54 - 00380416 _____ () C:\Users\Tina\Downloads\Gmer-19357.exe

2014-05-23 23:52 - 2014-05-23 23:52 - 00019435 _____ () C:\Users\Tina\Desktop\FRST.txt

2014-05-23 23:52 - 2014-05-23 23:52 - 00014893 _____ () C:\Users\Tina\Desktop\Addition.txt

2014-05-23 23:50 - 2014-05-23 23:50 - 00014893 _____ () C:\Users\Tina\Downloads\Addition.txt

2014-05-23 23:49 - 2014-05-25 20:59 - 00007567 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-23 23:49 - 2014-05-25 20:59 - 00000000 ____D () C:\FRST

2014-05-23 23:48 - 2014-05-25 20:59 - 01056256 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:38 - 2014-05-23 23:39 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:36 - 2014-05-23 23:39 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 08:48 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-15 08:48 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-15 08:48 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 18:34 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 18:34 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 18:33 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 18:33 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 18:33 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 18:33 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 18:33 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-14 18:33 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-06 22:27 - 2014-05-15 09:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav

2014-04-26 22:00 - 2014-04-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-04-26 21:59 - 2014-04-26 21:59 - 00884680 _____ (Google Inc.) C:\Users\Tina\Downloads\GoogleEarthSetup.exe

2014-04-26 21:14 - 2014-04-26 21:14 - 01484080 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\WorksConv.exe

2014-04-26 21:05 - 2014-04-26 21:05 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader (1).exe

2014-04-26 21:02 - 2014-04-26 21:02 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader.exe

2014-04-25 22:49 - 2014-04-25 22:50 - 04745216 _____ () C:\Users\Tina\Downloads\Works632_de-DE.msi
 

==================== One Month Modified Files and Folders =======
 

2014-05-25 20:59 - 2014-05-25 20:59 - 00000000 ____D () C:\Users\Tina\Downloads\FRST-OlderVersion

2014-05-25 20:59 - 2014-05-23 23:49 - 00007567 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-25 20:59 - 2014-05-23 23:49 - 00000000 ____D () C:\FRST

2014-05-25 20:59 - 2014-05-23 23:48 - 01056256 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-25 20:46 - 2014-05-25 20:45 - 00000624 _____ () C:\Users\Tina\Desktop\JRT.txt

2014-05-25 20:43 - 2014-01-31 21:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-25 20:40 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-25 20:40 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-25 20:36 - 2014-05-25 20:36 - 00000000 ____D () C:\Windows\ERUNT

2014-05-25 20:36 - 2014-01-31 20:10 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-05-25 20:35 - 2014-05-25 20:35 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe

2014-05-25 20:33 - 2014-05-25 20:33 - 00001461 _____ () C:\Users\Tina\Desktop\AdwCleaner[S1].txt

2014-05-25 20:33 - 2014-01-31 21:18 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-25 20:32 - 2014-02-04 22:11 - 00009588 _____ () C:\Windows\setupact.log

2014-05-25 20:32 - 2014-02-04 22:10 - 00138804 _____ () C:\Windows\PFRO.log

2014-05-25 20:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-25 20:31 - 2014-01-31 15:09 - 01084117 _____ () C:\Windows\WindowsUpdate.log

2014-05-25 20:30 - 2014-02-04 21:57 - 00000000 ____D () C:\AdwCleaner

2014-05-25 20:27 - 2014-05-25 20:27 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (3).exe

2014-05-25 20:25 - 2014-05-25 20:25 - 00001074 _____ () C:\Users\Tina\Desktop\mbam.txt.txt

2014-05-25 20:15 - 2014-05-25 20:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-25 20:13 - 2014-05-25 20:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-25 20:11 - 2014-05-25 20:11 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (2).exe

2014-05-25 20:11 - 2014-05-25 20:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-24 21:12 - 2014-05-24 21:12 - 00007855 _____ () C:\ComboFix.txt

2014-05-24 21:12 - 2014-05-24 20:58 - 00000000 ____D () C:\Qoobox

2014-05-24 21:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default

2014-05-24 21:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public

2014-05-24 21:11 - 2014-05-24 20:58 - 00000000 ____D () C:\Windows\erdnt

2014-05-24 21:10 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini

2014-05-24 20:54 - 2014-05-24 20:57 - 05200426 ____R (Swearware) C:\Users\Tina\Desktop\ComboFix.exe

2014-05-24 20:54 - 2014-05-24 20:53 - 05200426 _____ (Swearware) C:\Users\Tina\Downloads\ComboFix.exe

2014-05-24 00:38 - 2014-02-01 23:39 - 00000226 _____ () C:\Windows\Brownie.ini

2014-05-24 00:19 - 2014-05-24 00:19 - 00029455 _____ () C:\Users\Tina\Desktop\gmer.log

2014-05-23 23:54 - 2014-05-23 23:54 - 00380416 _____ () C:\Users\Tina\Downloads\Gmer-19357.exe

2014-05-23 23:52 - 2014-05-23 23:52 - 00019435 _____ () C:\Users\Tina\Desktop\FRST.txt

2014-05-23 23:52 - 2014-05-23 23:52 - 00014893 _____ () C:\Users\Tina\Desktop\Addition.txt

2014-05-23 23:50 - 2014-05-23 23:50 - 00014893 _____ () C:\Users\Tina\Downloads\Addition.txt

2014-05-23 23:47 - 2014-05-24 00:20 - 00000470 _____ () C:\Users\Tina\Desktop\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:47 - 2014-01-31 15:19 - 00000000 ____D () C:\Users\Tina

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:39 - 2014-05-23 23:38 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:39 - 2014-05-23 23:36 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-23 22:10 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-22 11:36 - 2014-02-01 12:39 - 00000000 ____D () C:\Program Files\Psyprax32

2014-05-21 21:15 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\schreibtisch

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-21 20:56 - 2014-02-10 22:20 - 268594350 _____ () C:\Windows\MEMORY.DMP

2014-05-21 20:56 - 2014-02-03 20:38 - 00000000 ____D () C:\Windows\Minidump

2014-05-19 07:13 - 2014-02-04 21:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 21:46 - 2014-02-01 23:34 - 00000000 ____D () C:\Users\Tina\Documents\Jung-Institut

2014-05-15 09:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-15 09:08 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-15 09:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-15 08:52 - 2014-02-03 20:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-15 08:51 - 2014-02-03 20:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-13 21:49 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\Post

2014-05-12 07:26 - 2014-05-25 20:13 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-05-25 20:13 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:25 - 2014-05-25 20:13 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 21:13 - 2014-02-01 22:14 - 00000000 ____D () C:\Users\Tina\Desktop\To do

2014-05-09 09:06 - 2014-05-14 18:34 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 09:04 - 2014-05-14 18:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav

2014-05-06 05:25 - 2014-05-15 08:48 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 05:07 - 2014-05-15 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 04:10 - 2014-05-15 08:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-03 12:16 - 2014-02-01 14:36 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\vlc

2014-04-26 22:00 - 2014-04-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-04-26 22:00 - 2014-01-31 21:18 - 00000000 ____D () C:\Users\Tina\AppData\Local\Google

2014-04-26 22:00 - 2014-01-31 21:18 - 00000000 ____D () C:\Program Files\Google

2014-04-26 21:59 - 2014-04-26 21:59 - 00884680 _____ (Google Inc.) C:\Users\Tina\Downloads\GoogleEarthSetup.exe

2014-04-26 21:14 - 2014-04-26 21:14 - 01484080 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\WorksConv.exe

2014-04-26 21:14 - 2014-02-01 22:39 - 00000000 ____D () C:\Program Files\MSECache

2014-04-26 21:05 - 2014-04-26 21:05 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader (1).exe

2014-04-26 21:02 - 2014-04-26 21:02 - 00613200 _____ (Chip Digital GmbH) C:\Users\Tina\Downloads\Word Viewer - CHIP-Downloader.exe

2014-04-25 22:50 - 2014-04-25 22:49 - 04745216 _____ () C:\Users\Tina\Downloads\Works632_de-DE.msi
 

Some content of TEMP:

====================

C:\Users\Tina\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe

[2014-05-14 18:33] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-19 07:33
 

==================== End Of Log ============================

--- --- ---

Grüße!
Tina

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo,
anbei die log-Files.
Inzwischen ging mein Word wieder! aber jetzt kommt wieder die gleiche Fehlermeldung. :-(
Was kann das dann noch sein?
Danke!
Tina

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=219eb96024476f48a0f7d7625f78f200

# engine=18420

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-05-26 08:46:37

# local_time=2014-05-26 10:46:37 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 178985 152768388 0 0

# scanned=223712

# found=0

# cleaned=0

# scan_time=5484

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Emsisoft Anti-Malware   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Java 7 Update 55  

 Adobe Reader XI  

 Google Chrome 34.0.1847.137  

 Google Chrome 35.0.1916.114  
 ````````Process Check: objlist.exe by Laurent````````  

 Emsisoft Anti-Malware a2service.exe   

 Emsisoft Anti-Malware a2guard.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Fortsetzung der letzten Antwort
Hallo,
jetzt hab ich nochmal Emsisoft durchlaufen lassen, inkl externer Festplatte und Stick. Und die neueste frst-Logdatei fehlte ja auch noch.
Word läuft immer noch nicht, immer die gleiche Fehlermeldung...
LG!
Tina

Code:

Emsisoft Anti-Malware - Version 8.1

Letztes Update: 27.05.2014 16:52:18

Benutzerkonto: Tina-PC\Tina
 

Scan Einstellungen:
 

Scan Methode: Eigener Scan

Objekte: Rootkits, Speicher, Traces, E:\, F:\, C:\
 

PUPs-Erkennung: An

Archiv Scan: An

ADS Scan: An

Dateitypen-Filter: Aus

Erweitertes Caching: An

Direkter Festplattenzugriff: Aus
 

Scan Beginn:        27.05.2014 17:36:14

Value: HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR         gefunden: Setting.DisableTaskMgr (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS         gefunden: Setting.DisableRegistryTools (A)

Value: HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS         gefunden: Setting.DisableRegistryTools (A)
 

Gescannt        280006

Gefunden        3
 

Scan Ende:        27.05.2014 20:03:32

Scan Zeit:        2:27:18
 

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)

Value: HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)

Value: HKEY_USERS\S-1-5-21-3602274359-194582226-3582035581-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Quarantäne Setting.DisableTaskMgr (A)
 

Quarantäne        3

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01

Ran by Tina (administrator) on TINA-PC on 27-05-2014 20:11:37

Running from C:\Users\Tina\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF69E7890B81ECF01

SearchScopes: HKLM - DefaultScope value is missing.

BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-12]
 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]

CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]

CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]

CHR Extension: (Google-Suche) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]

CHR Extension: (AdBlock) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-31]

CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]

CHR Extension: (Google Mail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
 

========================== Services (Whitelisted) =================
 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)

R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation)

S3 catchme; \??\C:\Users\Tina\AppData\Local\Temp\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-27 11:03 - 2014-05-27 11:03 - 00000773 _____ () C:\Users\Tina\Desktop\checkup.txt

2014-05-27 10:55 - 2014-05-27 10:55 - 00854367 _____ () C:\Users\Tina\Downloads\SecurityCheck.exe

2014-05-26 21:08 - 2014-05-26 21:08 - 00000000 ____D () C:\Program Files\ESET

2014-05-26 21:07 - 2014-05-26 21:05 - 02347384 _____ (ESET) C:\Users\Tina\Desktop\esetsmartinstaller_deu.exe

2014-05-26 21:05 - 2014-05-26 21:05 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_deu.exe

2014-05-25 20:59 - 2014-05-25 20:59 - 00000000 ____D () C:\Users\Tina\Downloads\FRST-OlderVersion

2014-05-25 20:45 - 2014-05-25 20:46 - 00000624 _____ () C:\Users\Tina\Desktop\JRT.txt

2014-05-25 20:36 - 2014-05-25 20:36 - 00000000 ____D () C:\Windows\ERUNT

2014-05-25 20:35 - 2014-05-25 20:35 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe

2014-05-25 20:33 - 2014-05-25 20:33 - 00001461 _____ () C:\Users\Tina\Desktop\AdwCleaner[S1].txt

2014-05-25 20:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-25 20:27 - 2014-05-25 20:27 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (3).exe

2014-05-25 20:25 - 2014-05-25 20:25 - 00001074 _____ () C:\Users\Tina\Desktop\mbam.txt.txt

2014-05-25 20:14 - 2014-05-25 20:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-25 20:13 - 2014-05-25 20:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-25 20:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-25 20:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-25 20:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-25 20:11 - 2014-05-25 20:11 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (2).exe

2014-05-25 20:10 - 2014-05-25 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-24 21:12 - 2014-05-24 21:12 - 00007855 _____ () C:\ComboFix.txt

2014-05-24 20:58 - 2014-05-24 21:12 - 00000000 ____D () C:\Qoobox

2014-05-24 20:58 - 2014-05-24 21:11 - 00000000 ____D () C:\Windows\erdnt

2014-05-24 20:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-05-24 20:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-05-24 20:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-05-24 20:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-05-24 20:57 - 2014-05-24 20:54 - 05200426 ____R (Swearware) C:\Users\Tina\Desktop\ComboFix.exe

2014-05-24 20:53 - 2014-05-24 20:54 - 05200426 _____ (Swearware) C:\Users\Tina\Downloads\ComboFix.exe

2014-05-24 00:20 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Desktop\defogger_disable.log

2014-05-24 00:19 - 2014-05-24 00:19 - 00029455 _____ () C:\Users\Tina\Desktop\gmer.log

2014-05-23 23:54 - 2014-05-23 23:54 - 00380416 _____ () C:\Users\Tina\Downloads\Gmer-19357.exe

2014-05-23 23:52 - 2014-05-25 21:00 - 00025045 _____ () C:\Users\Tina\Desktop\FRST.txt

2014-05-23 23:52 - 2014-05-23 23:52 - 00014893 _____ () C:\Users\Tina\Desktop\Addition.txt

2014-05-23 23:50 - 2014-05-23 23:50 - 00014893 _____ () C:\Users\Tina\Downloads\Addition.txt

2014-05-23 23:49 - 2014-05-27 20:11 - 00007911 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-23 23:49 - 2014-05-27 20:11 - 00000000 ____D () C:\FRST

2014-05-23 23:48 - 2014-05-25 20:59 - 01056256 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:38 - 2014-05-23 23:39 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:36 - 2014-05-23 23:39 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 08:48 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-15 08:48 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-15 08:48 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 18:34 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 18:34 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 18:33 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 18:33 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 18:33 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 18:33 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 18:33 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 18:33 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 18:33 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-14 18:33 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 18:33 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 18:33 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-06 22:27 - 2014-05-15 09:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav
 

==================== One Month Modified Files and Folders =======
 

2014-05-27 20:11 - 2014-05-23 23:49 - 00007911 _____ () C:\Users\Tina\Downloads\FRST.txt

2014-05-27 20:11 - 2014-05-23 23:49 - 00000000 ____D () C:\FRST

2014-05-27 20:03 - 2014-01-31 20:10 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-05-27 19:43 - 2014-01-31 21:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-27 17:32 - 2014-01-31 15:09 - 01126742 _____ () C:\Windows\WindowsUpdate.log

2014-05-27 16:53 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-27 16:53 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-27 11:25 - 2014-01-31 21:18 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-27 11:20 - 2014-02-04 22:11 - 00009700 _____ () C:\Windows\setupact.log

2014-05-27 11:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-27 11:03 - 2014-05-27 11:03 - 00000773 _____ () C:\Users\Tina\Desktop\checkup.txt

2014-05-27 10:55 - 2014-05-27 10:55 - 00854367 _____ () C:\Users\Tina\Downloads\SecurityCheck.exe

2014-05-27 10:54 - 2014-02-01 23:39 - 00000226 _____ () C:\Windows\Brownie.ini

2014-05-26 21:08 - 2014-05-26 21:08 - 00000000 ____D () C:\Program Files\ESET

2014-05-26 21:05 - 2014-05-26 21:07 - 02347384 _____ (ESET) C:\Users\Tina\Desktop\esetsmartinstaller_deu.exe

2014-05-26 21:05 - 2014-05-26 21:05 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_deu.exe

2014-05-26 21:05 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-25 21:16 - 2014-02-01 12:39 - 00000000 ____D () C:\Program Files\Psyprax32

2014-05-25 21:00 - 2014-05-23 23:52 - 00025045 _____ () C:\Users\Tina\Desktop\FRST.txt

2014-05-25 20:59 - 2014-05-25 20:59 - 00000000 ____D () C:\Users\Tina\Downloads\FRST-OlderVersion

2014-05-25 20:59 - 2014-05-23 23:48 - 01056256 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe

2014-05-25 20:46 - 2014-05-25 20:45 - 00000624 _____ () C:\Users\Tina\Desktop\JRT.txt

2014-05-25 20:36 - 2014-05-25 20:36 - 00000000 ____D () C:\Windows\ERUNT

2014-05-25 20:35 - 2014-05-25 20:35 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe

2014-05-25 20:33 - 2014-05-25 20:33 - 00001461 _____ () C:\Users\Tina\Desktop\AdwCleaner[S1].txt

2014-05-25 20:32 - 2014-02-04 22:10 - 00138804 _____ () C:\Windows\PFRO.log

2014-05-25 20:30 - 2014-02-04 21:57 - 00000000 ____D () C:\AdwCleaner

2014-05-25 20:27 - 2014-05-25 20:27 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (3).exe

2014-05-25 20:25 - 2014-05-25 20:25 - 00001074 _____ () C:\Users\Tina\Desktop\mbam.txt.txt

2014-05-25 20:15 - 2014-05-25 20:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-25 20:13 - 2014-05-25 20:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-25 20:13 - 2014-05-25 20:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-25 20:11 - 2014-05-25 20:11 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (2).exe

2014-05-25 20:11 - 2014-05-25 20:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-24 21:12 - 2014-05-24 21:12 - 00007855 _____ () C:\ComboFix.txt

2014-05-24 21:12 - 2014-05-24 20:58 - 00000000 ____D () C:\Qoobox

2014-05-24 21:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default

2014-05-24 21:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public

2014-05-24 21:11 - 2014-05-24 20:58 - 00000000 ____D () C:\Windows\erdnt

2014-05-24 21:10 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini

2014-05-24 20:54 - 2014-05-24 20:57 - 05200426 ____R (Swearware) C:\Users\Tina\Desktop\ComboFix.exe

2014-05-24 20:54 - 2014-05-24 20:53 - 05200426 _____ (Swearware) C:\Users\Tina\Downloads\ComboFix.exe

2014-05-24 00:19 - 2014-05-24 00:19 - 00029455 _____ () C:\Users\Tina\Desktop\gmer.log

2014-05-23 23:54 - 2014-05-23 23:54 - 00380416 _____ () C:\Users\Tina\Downloads\Gmer-19357.exe

2014-05-23 23:52 - 2014-05-23 23:52 - 00014893 _____ () C:\Users\Tina\Desktop\Addition.txt

2014-05-23 23:50 - 2014-05-23 23:50 - 00014893 _____ () C:\Users\Tina\Downloads\Addition.txt

2014-05-23 23:47 - 2014-05-24 00:20 - 00000470 _____ () C:\Users\Tina\Desktop\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log

2014-05-23 23:47 - 2014-05-23 23:47 - 00000000 _____ () C:\Users\Tina\defogger_reenable

2014-05-23 23:47 - 2014-01-31 15:19 - 00000000 ____D () C:\Users\Tina

2014-05-23 23:45 - 2014-05-23 23:45 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe

2014-05-23 23:39 - 2014-05-23 23:38 - 01326389 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210 (1).exe

2014-05-23 23:39 - 2014-05-23 23:36 - 00682171 _____ () C:\Users\Tina\Downloads\adwcleaner_3.210.exe

2014-05-21 21:15 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\schreibtisch

2014-05-21 20:56 - 2014-05-21 20:56 - 01508368 _____ () C:\Windows\Minidump\052114-23852-01.dmp

2014-05-21 20:56 - 2014-02-10 22:20 - 268594350 _____ () C:\Windows\MEMORY.DMP

2014-05-21 20:56 - 2014-02-03 20:38 - 00000000 ____D () C:\Windows\Minidump

2014-05-19 07:13 - 2014-02-04 21:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-17 12:08 - 2014-05-17 12:08 - 01509840 _____ () C:\Windows\Minidump\051714-19468-01.dmp

2014-05-15 21:46 - 2014-02-01 23:34 - 00000000 ____D () C:\Users\Tina\Documents\Jung-Institut

2014-05-15 09:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-15 09:08 - 2014-05-06 22:27 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-15 09:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-15 08:52 - 2014-02-03 20:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-15 08:51 - 2014-02-03 20:47 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-13 21:49 - 2014-02-01 23:35 - 00000000 ____D () C:\Users\Tina\Documents\Post

2014-05-12 07:26 - 2014-05-25 20:13 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-05-25 20:13 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:25 - 2014-05-25 20:13 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 21:13 - 2014-02-01 22:14 - 00000000 ____D () C:\Users\Tina\Desktop\To do

2014-05-09 09:06 - 2014-05-14 18:34 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 09:04 - 2014-05-14 18:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-06 22:26 - 2014-05-06 22:26 - 00000520 _____ () C:\Users\Tina\Documents\spider.sav

2014-05-06 05:25 - 2014-05-15 08:48 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 05:07 - 2014-05-15 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 04:10 - 2014-05-15 08:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-03 12:16 - 2014-02-01 14:36 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\vlc
 

Some content of TEMP:

====================

C:\Users\Tina\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe

[2014-05-14 18:33] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-19 07:33
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hallo,
hab das Windows repair durchgeführt. Wenn ich die Batterie vom Laptop rausnehme und den Startknopf ein paar mal drücke und dann die Batterie wieder rein tue, geht Windows wieder - aber nur für eine Weile... Nach dem Windows repair ging es nicht mehr, jetzt habe ich die Batterie wieder raus - rein, jetzt geht word gerde wieder. Komisch, oder?
LG und immer wieder Danke!
Tina

Code:



System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Professional

OS Architecture: 32-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: TINA-PC

Windows Drive: C:\

Windows Path: C:\Windows

Current Profile: C:\Users\Tina

Current Profile SID: S-1-5-21-3602274359-194582226-3582035581-1000

Current Profile Classes: S-1-5-21-3602274359-194582226-3582035581-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Tina\AppData\Local

--------------------------------------------------------------------------------
 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:29:41
 

Process Count: 45

Commit Total: 1,19 GB

Commit Limit: 5,74 GB

Commit Peak: 1,31 GB

Handle Count: 13087

Kernel Total: 178,91 MB

Kernel Paged: 144,77 MB

Kernel Non Paged: 34,14 MB

System Cache: 1,74 GB

Thread Count: 576

--------------------------------------------------------------------------------
 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 2,87 GB

Memory Used: 739,71 MB(25,1602%)

Memory Avail.: 2,15 GB

--------------------------------------------------------------------------------
 

Cleaning Memory Before Starting Repairs...
 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 2,87 GB

Memory Used: 602,72 MB(20,5008%)

Memory Avail.: 2,28 GB

--------------------------------------------------------------------------------
 

Starting Repairs...

   Start (28.05.2014 21:30:00)
 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (28.05.2014 21:30:03)

   Running Repair Under Current User Account

   Done (28.05.2014 21:30:29)
 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (28.05.2014 21:30:29)

   Running Repair Under System Account

   Done (28.05.2014 21:39:50)
 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (28.05.2014 21:39:50)

   Running Repair Under System Account

   Done (28.05.2014 21:43:07)
 

03 - Reset Service Permissions

   Start (28.05.2014 21:43:07)

   Running Repair Under System Account

   Done (28.05.2014 21:43:18)
 

04 - Register System Files

   Start (28.05.2014 21:43:18)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:44:00)
 

05 - Repair WMI

   Start (28.05.2014 21:44:00)
 

   Starting Security Center So We Can Export The Security Info.
 

   Exporting Antivirus Info...

   Emsisoft Anti-Malware Exported.
 

   Exporting AntiSpyware Info...

   Windows Defender Exported.

   Emsisoft Anti-Malware Exported.
 

   Exporting 3rd Party Firewall Info...

   No Firewall Products Reported.
 

   Running Repair Under Current User Account

   Done (28.05.2014 21:49:41)
 

06 - Repair Windows Firewall

   Start (28.05.2014 21:49:41)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:50:30)
 

07 - Repair Internet Explorer

   Start (28.05.2014 21:50:30)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:51:09)
 

08 - Repair MDAC/MS Jet

   Start (28.05.2014 21:51:09)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:51:22)
 

09 - Repair Hosts File

   Start (28.05.2014 21:51:22)

   Running Repair Under System Account

   Done (28.05.2014 21:51:25)
 

10 - Remove Policies Set By Infections

   Start (28.05.2014 21:51:25)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:51:29)
 

11 - Repair Start Menu Icons Removed By Infections

   Start (28.05.2014 21:51:30)

   Running Repair Under System Account

   Done (28.05.2014 21:51:32)
 

12 - Repair Icons

   Start (28.05.2014 21:51:32)

   Running Repair Under Current User Account

   Done (28.05.2014 21:51:35)
 

13 - Repair Winsock & DNS Cache

   Start (28.05.2014 21:51:36)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:52:00)
 

15 - Repair Proxy Settings

   Start (28.05.2014 21:52:00)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:52:05)
 

17 - Repair Windows Updates

   Start (28.05.2014 21:52:05)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:52:51)
 

18 - Repair CD/DVD Missing/Not Working

   Start (28.05.2014 21:52:51)

   iTunes was found, adding UpperFilters for iTunes Reg Key

   UpperFilters added?: Wahr

   Done (28.05.2014 21:52:51)
 

19 - Repair Volume Shadow Copy Service

   Start (28.05.2014 21:52:51)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:14)
 

21 - Repair MSI (Windows Installer)

   Start (28.05.2014 21:53:14)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:40)
 

23.01 - Repair bat Association

   Start (28.05.2014 21:53:40)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:45)
 

23.02 - Repair cmd Association

   Start (28.05.2014 21:53:45)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:50)
 

23.03 - Repair com Association

   Start (28.05.2014 21:53:50)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:55)
 

23.04 - Repair Directory Association

   Start (28.05.2014 21:53:55)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:53:59)
 

23.05 - Repair Drive Association

   Start (28.05.2014 21:53:59)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:04)
 

23.06 - Repair exe Association

   Start (28.05.2014 21:54:04)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:09)
 

23.07 - Repair Folder Association

   Start (28.05.2014 21:54:09)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:14)
 

23.08 - Repair inf Association

   Start (28.05.2014 21:54:14)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:19)
 

23.09 - Repair lnk (Shortcuts) Association

   Start (28.05.2014 21:54:19)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:24)
 

23.10 - Repair msc Association

   Start (28.05.2014 21:54:24)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:28)
 

23.11 - Repair reg Association

   Start (28.05.2014 21:54:29)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:33)
 

23.12 - Repair scr Association

   Start (28.05.2014 21:54:33)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:38)
 

24 - Repair Windows Safe Mode

   Start (28.05.2014 21:54:38)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:54:43)
 

25 - Repair Print Spooler

   Start (28.05.2014 21:54:43)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:55:11)
 

26 - Restore Important Windows Services

   Start (28.05.2014 21:55:11)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:55:36)
 

27 - Set Windows Services To Default Startup

   Start (28.05.2014 21:55:36)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (28.05.2014 21:55:54)
 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1
 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1
 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1
 

Cleaning up empty logs...
 

All Selected Repairs Done.

   Done (28.05.2014 21:55:54)

   Total Repair Time: 00:25:56
 
 

...YOU MUST RESTART YOUR SYSTEM...

   Running Repair Under Current User Account

was genua meinst du mit Batterie?

Hallo,
also wenn ich den Laptop vom Stromkabel trenne und den Akku rausnehme und vorher runtergefahren habe und dann alles wieder anschließe und hochfahre, geht Word, sobald ich den Laptop einmal normal runterfahre und wieder starte, geht es nicht mehr und es kommt die altbekannte Fehlermeldung.
???
Das Windows-Repair-Programm hat daran leider auch nichts geändert....
LG!
Tina

Nimm den Akku raus, lass ihn draussen, und arbeite nur mit Ladekabel.

Hallo,
mit Ladekabel ohne Akku geht Word auch nicht, es kommt wieder die Fehlermeldung und ich kann es nicht öffnen.
Gibt es noch irgendetwas, was ich probieren könnte?
Grüße!
Tina

So langsam gehen mir die Ideen aus.....Word hast Du schon mal neu installiert?

Hallo,
also, das Rätsels Lösung war, dass mein Virenprogramm Emsisoft Word unter Beobachtung gestellt hat und blockiert hat. Hab das dann rückgängig gemacht, jetzt geht es wieder.
War eine Infektion der Grund dafür, dass Emsisoft das Programm komplett geblockt hat?
Vielen Dank für Deine Mühe jedenfalls!!! Ich schick eine Spende...
Herzliche Grüße!
Tina