Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   auf meinem Stick kopierte Dateien werden sofort Verknüpfungen, die nicht mehr löschbar sind ? (https://www.trojaner-board.de/158808-meinem-stick-kopierte-dateien-sofort-verknuepfungen-mehr-loeschbar.html)

Aljanuschka 17.09.2014 11:20
auf meinem Stick kopierte Dateien werden sofort Verknüpfungen, die nicht mehr löschbar sind ?
 
Hallo,

Immer wenn ich Dateien auf meinem Stick kopiere, werden diese sofort zu Verknüpfungen. Wenn ich diese löschen möchte tauchen sie gleich wieder aus dem nichts auf. Ich habe meinen Stick auch schon mehrmals formatiert. Dann sind die alten Dateien zwar weg, aber bei den neuen Dateien geht das selbe Spiel von vorne los.

Mir wurde gesagt, dass könnte ein Trojaner sein...
Meine Vierenscans zeigen jedoch nichts verdächtiges an ?

Vor ab ,ich habe Windows 7 auf meinem Rechner.

Was kann ich tun?

Grüße.

cosinus 17.09.2014 11:36
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Aljanuschka 18.09.2014 11:52
hi,beim letzten avira-scan wurden 13 dubiose sachen gefunden und in quarantäne gesteckt....ich weiß jetzt nicht wie ich dir das schicken soll.

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Erna (administrator) on ERNA-PC on 18-09-2014 12:47:38
Running from C:\Users\Erna\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-06-14] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [101694776 2014-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-22] (Lenovo)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [Amazon Music] => C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Erna\AppData\Roaming\SysBackUp.vbs"
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\MountPoints2: {431718c6-9e7b-11e3-b8b0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\MountPoints2: {de1cf4ac-1d31-11e4-849a-c454443d5b72} - F:\SETUP.EXE
Startup: C:\Users\Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysBackUp.vbs ()
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9499EF76-5ADE-4EFC-8AE2-1C865957D5BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9499EF76-5ADE-4EFC-8AE2-1C865957D5BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default
FF Homepage: hxxp://www.hintergrund.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: Adblock Plus - C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-06] () [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-22] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-06-14] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-06] (Disc Soft Ltd)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-22] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-16] (Intel Corporation)
R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [178904 2013-11-05] (Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\Windows\System32\DRIVERS\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation)
R3 RtkAvrcpCtrlr; C:\Windows\System32\DRIVERS\RtkAvrcpCtrlr.sys [66904 2013-06-21] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [554712 2013-11-04] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2974424 2013-08-03] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 12:47 - 2014-09-18 12:47 - 02105856 _____ (Farbar) C:\Users\Erna\Desktop\FRST64.exe
2014-09-18 12:47 - 2014-09-18 12:47 - 00016058 _____ () C:\Users\Erna\Desktop\FRST.txt
2014-09-18 12:43 - 2014-09-18 12:43 - 00000000 ____D () C:\Users\Erna\Desktop\Neuer Ordner
2014-09-17 10:01 - 2014-09-17 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 11:26 - 2014-09-16 11:26 - 00000000 ____D () C:\Users\Erna\AppData\Local\Adobe
2014-09-15 13:58 - 2013-12-08 22:21 - 00234620 ___SH () C:\Users\Erna\AppData\Roaming\SysBackUp.vbs
2014-09-12 11:50 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 11:50 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 11:50 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 11:50 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 11:50 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 11:50 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 11:50 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 11:50 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 11:50 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 11:50 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 11:50 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 11:50 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 11:50 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 11:50 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 11:50 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 11:50 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 11:50 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 11:50 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 11:50 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 11:50 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 11:50 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 11:50 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 11:50 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 11:50 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 11:50 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 11:50 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 11:50 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 11:50 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 11:50 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 11:50 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 11:50 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 11:50 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 11:50 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 11:50 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 11:50 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 11:50 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 11:50 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 11:50 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 11:50 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 11:50 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 11:50 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 11:50 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 11:50 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 11:50 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 11:50 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 11:50 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 11:50 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 11:50 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 11:50 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 11:50 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 09:32 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 09:32 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 09:32 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 09:32 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 09:32 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:01 - 2014-09-10 14:01 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\Documents\My Bluetooth
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\My Bluetooth
2014-08-28 10:05 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:05 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:05 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 11:39 - 2014-08-26 11:39 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\pdfforge
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-26 11:35 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-08-26 11:35 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-08-26 11:35 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-08-26 11:35 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-08-26 11:35 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-08-26 11:35 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-08-26 11:35 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 12:48 - 2014-09-18 12:47 - 00016058 _____ () C:\Users\Erna\Desktop\FRST.txt
2014-09-18 12:47 - 2014-09-18 12:47 - 02105856 _____ (Farbar) C:\Users\Erna\Desktop\FRST64.exe
2014-09-18 12:47 - 2014-06-26 11:26 - 00000000 ____D () C:\FRST
2014-09-18 12:43 - 2014-09-18 12:43 - 00000000 ____D () C:\Users\Erna\Desktop\Neuer Ordner
2014-09-18 12:37 - 2014-05-11 10:44 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Skype
2014-09-18 12:01 - 2014-05-12 13:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 11:57 - 2014-07-01 14:57 - 00000288 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-09-18 11:56 - 2014-05-09 14:46 - 01554006 _____ () C:\Users\Erna\AppData\Local\BTServer.log
2014-09-18 11:56 - 2009-07-14 06:51 - 00107747 _____ () C:\Windows\setupact.log
2014-09-18 11:00 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 11:00 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 10:58 - 2014-02-26 10:41 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-09-18 10:58 - 2014-02-26 10:41 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-09-18 10:58 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 10:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 04:33 - 2014-02-26 02:20 - 01965912 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 10:01 - 2014-09-17 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-17 10:01 - 2014-05-11 10:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 10:00 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 11:26 - 2014-09-16 11:26 - 00000000 ____D () C:\Users\Erna\AppData\Local\Adobe
2014-09-16 01:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-15 07:35 - 2014-08-06 09:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 11:49 - 2014-02-26 02:28 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 11:46 - 2014-05-12 14:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 11:46 - 2014-05-10 17:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 14:19 - 2014-08-04 20:00 - 00000000 ____D () C:\Users\Erna\AppData\Local\SoulseekQt
2014-09-10 14:01 - 2014-09-10 14:01 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 14:01 - 2014-05-12 13:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:01 - 2014-05-12 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 14:01 - 2014-05-12 13:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:58 - 2014-05-12 00:25 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-04 14:55 - 2014-05-11 12:26 - 00000000 ____D () C:\Users\Erna\Documents\Schule
2014-08-28 18:15 - 2014-05-10 14:39 - 00000000 ____D () C:\Users\Erna\Desktop\Olalá
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\Documents\My Bluetooth
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\My Bluetooth
2014-08-28 12:15 - 2009-07-14 06:45 - 00438744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 11:39 - 2014-08-26 11:39 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\pdfforge
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-26 11:27 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Adobe
2014-08-26 04:35 - 2014-08-04 12:29 - 00018364 _____ () C:\Users\Erna\Documents\Vermieter BULLSHIT.odt
2014-08-25 23:12 - 2014-05-10 11:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Nitro PDF
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 10:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 10:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 10:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-12 11:50 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-12 11:50 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-12 11:50 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-12 11:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-12 11:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-12 11:50 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-12 11:50 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-12 11:50 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-12 11:50 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-12 11:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-12 11:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-12 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-12 11:50 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-12 11:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-12 11:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-12 11:50 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-12 11:50 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-12 11:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-12 11:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

Some content of TEMP:
====================
C:\Users\Erna\AppData\Local\Temp\avgnt.exe
C:\Users\Erna\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Erna\AppData\Local\Temp\ose00000.exe
C:\Users\Erna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 01:44

==================== End Of Log ============================
--- --- ---




aber hier das von FRST:

FRST Logfile:



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Erna at 2014-09-18 12:51:17
Running from C:\Users\Erna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.62.2 - Lenovo Group Limited)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.514.32 - Vimicro)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.0.5.11 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111213 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30161 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0225 - REALTEK Semiconductor Corp.)
Sausage Software Common Files Package (HKLM-x32\...\HSCF) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.45.0 - Lenovo)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/16/2013 12.8.1.1000) (HKLM\...\55452E592301CAC9072BC127374B10BC52DEADDB) (Version: 08/16/2013 12.8.1.1000 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.00.02 (04/17/2013 1.67.00.02) (HKLM\...\907DA143458FE258EFEB416B946DE8DF2B87A0BA) (Version: 04/17/2013 1.67.00.02 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-09-2014 12:25:54 Windows Update
06-09-2014 10:13:41 Windows Update
12-09-2014 07:25:27 Windows Update
12-09-2014 09:45:49 Windows Update
16-09-2014 08:29:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {175003D1-7BD7-4A09-9145-491CC9A0421E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2988E227-6AC8-4271-86E5-3538F992CFC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {2DB2584B-CF6B-4E4E-8CB0-7783D68A64BD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {329BFE77-6A19-423A-AC98-9C6AFEDE3975} - System32\Tasks\Rocket Updater => C:\Users\Erna\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3358F892-7D5C-4115-A5EF-8D89E4C360FE} - System32\Tasks\AppCloudUpdater => C:\Users\Erna\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5677BA22-6517-4FED-B75F-16338F1C0D83} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6236FF9D-03CD-4F35-8697-9D6FFAB669CF} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {6DA7FDBB-E67E-4CAC-9114-DD41BA5D85A5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-07-27] (Realtek Semiconductor)
Task: {75FD7964-B017-4091-84AB-253E6675BE4B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {85F44004-A80C-4CCD-88C1-FC46AED0E9BB} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-07-05] (Lenovo Group Limited)
Task: {89760DF7-0974-4849-89F6-1E9764A014EC} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {8A2C94D5-F0C8-40D2-B293-40BC475FEAE2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {AE561559-304A-42EE-A0EC-4A6FE390EBC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {AF041AFE-1065-4A65-98FB-3582A26BC110} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {DE217547-8B9D-4BD0-B073-87AEE96769D0} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {FF5F01CE-F58E-4821-BE55-0F9EE9971FC1} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Erna\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Erna\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-26 02:35 - 2013-11-06 22:24 - 00066560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-02-26 02:42 - 2013-07-05 16:02 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-07-14 15:41 - 2014-07-01 20:58 - 03162944 _____ () C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-02-26 02:35 - 2013-05-29 11:41 - 00265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2013-03-11 11:17 - 2013-03-11 11:17 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-02-26 02:45 - 2012-11-22 03:49 - 00033072 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2014-02-26 02:43 - 2011-08-02 21:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-02-26 02:43 - 2011-08-02 21:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-08-05 11:47 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Erna\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-06 09:07 - 2014-09-15 07:35 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-26 02:32 - 2013-07-03 20:40 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 17:55 - 2010-01-12 17:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 17:55 - 2010-01-12 17:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2013-03-07 13:53 - 2013-03-07 13:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-16 13:16 - 2010-12-16 13:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-18 00:34 - 2010-01-18 00:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 13:55 - 2013-03-07 13:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 13:58 - 2013-03-07 13:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 13:54 - 2013-03-07 13:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 10:53:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 01:01:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 11:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 00:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xcf4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (09/17/2014 09:58:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 10:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 10:11:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 08:33:34 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (09/15/2014 08:33:34 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{431718c5-9e7b-11e3-b8b0-806e6f6e6963} - 0000000000000138,0x0053c010,0000000000262070,0,0000000000263080,4096,[0]).


Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (09/15/2014 07:48:48 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "Q:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (09/18/2014 10:53:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (09/18/2014 04:33:03 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (09/18/2014 04:32:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioSrv erreicht.

Error: (09/18/2014 01:00:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (09/18/2014 00:59:40 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (09/18/2014 00:54:12 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (09/18/2014 00:54:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioSrv erreicht.

Error: (09/17/2014 01:49:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/17/2014 11:49:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/17/2014 11:49:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3865.09 MB
Available physical RAM: 1806.79 MB
Total Pagefile: 7728.37 MB
Available Pagefile: 5075.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:464.29 GB) (Free:397.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Der Prozess DVD1) (CDROM) (Total:7.73 GB) (Free:0 GB) UDF
Drive f: (OFFICE12) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C12FF667)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 18.09.2014 12:25
Zitat:
hi,beim letzten avira-scan wurden 13 dubiose sachen gefunden und in quarantäne gesteckt....ich weiß jetzt nicht wie ich dir das schicken soll.
Anleitung lesen => http://www.trojaner-board.de/125889-...tml#post941534

Aljanuschka 18.09.2014 12:32
ich hoffe das ist es was du brauchst.

Code:
Exportierte Ereignisse:

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\updatewebget.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51d4494e.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\utilwebget.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5fcb798a.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\webget.BrowserAdapter.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2e754028.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\webgetBAApp.dll.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b415785.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\webget.PurBrowse64.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42296c1f.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\{55685567-4840-4a91-962b-49a412e9485a}.dll.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '76287939.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.dll.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0a00396e.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\plugins\webget.BrowserAdapterS.dll.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '39a026b0.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\Program Files
      (x86)\webget\bin\plugins\webget.BroStats.dll.vir'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46bb14d1.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\FRST\Quarantine\C\Program Files
      (x86)\webget\bin\webget.BrowserAdapter.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1a134453.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Cherished.oia'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7cd40b84.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\FRST\Quarantine\C\Program Files
      (x86)\webget\bin\{55685567-4840-4a91-962b-49a412e9485a}.dll'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e830ce.qua'
      verschoben!

15.09.2014 09:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\FRST\Quarantine\C\Program Files (x86)\webget\bin\webgetBAApp.dll'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '484c1eba.qua'
      verschoben!

20.08.2014 19:17 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Erna\Music\clemens.lnk'
      enthielt einen Virus oder unerwünschtes Programm 'VBS/Jenxcus.M' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '513147d2.qua'
      verschoben!

20.08.2014 19:17 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Erna\Music\clemens.lnk'
      wurde ein Virus oder unerwünschtes Programm 'VBS/Jenxcus.M' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus 18.09.2014 14:15
Du hast in unserem letzten Fall offensichtlich kein delfix benutzt. Dann das hätte zum Schluss die Ordner C:\Adwcleaner und C:\FRST vernichtet

C:\AdwCleaner\Quarantine => Quarantäneordner von adwCleaner, hierhin verschiebt der adwCleaner gefunde Ad-/Junkware-Objekte, das gleiche hat FRST auch


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Aljanuschka 19.09.2014 07:44
Code:
ComboFix 14-09-18.01 - Erna 19.09.2014  8:30.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3865.1701 [GMT 2:00]
ausgeführt von:: c:\users\Erna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erna\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Erna\AppData\Roaming\SysBackUp.vbs
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-19 bis 2014-09-19  ))))))))))))))))))))))))))))))
.
.
2014-09-17 08:01 . 2014-09-17 08:01        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-09-16 09:26 . 2014-09-16 09:26        --------        d-----w-        c:\users\Erna\AppData\Local\Adobe
2014-09-15 11:58 . 2013-12-08 20:21        234620        --sha-w-        c:\users\Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysBackUp.vbs
2014-09-15 05:35 . 2014-09-15 05:35        3231696        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-12 07:32 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-12 07:32 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-12 07:32 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-12 07:32 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-12 07:32 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-10 12:01 . 2014-09-10 12:01        10036224        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-04 19:28 . 2014-09-09 20:13        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-09-04 19:28 . 2014-09-09 20:12        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-09-04 07:33 . 2014-09-12 07:33        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-08-28 10:33 . 2014-08-28 10:33        --------        d-----w-        c:\users\Erna\AppData\Roaming\My Bluetooth
2014-08-28 08:05 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-28 08:05 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-28 08:05 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-26 09:39 . 2014-08-26 09:39        --------        d-----w-        c:\users\Erna\AppData\Roaming\PDF Architect 2
2014-08-26 09:36 . 2014-08-26 09:36        --------        d-----w-        c:\program files (x86)\PDF Architect 2
2014-08-26 09:35 . 2014-08-26 09:35        --------        d-----w-        c:\programdata\PDF Architect 2
2014-08-26 09:35 . 2014-08-26 09:35        --------        d-----w-        c:\users\Erna\AppData\Roaming\pdfforge
2014-08-26 09:35 . 2014-04-25 15:44        110264        ----a-w-        c:\windows\system32\pdfcmon.dll
2014-08-26 09:35 . 2014-04-25 15:44        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2014-08-26 09:35 . 2014-04-25 15:44        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2014-08-26 09:35 . 2014-04-25 15:44        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2014-08-26 09:35 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2014-08-26 09:35 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2014-08-26 09:35 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2014-08-26 09:35 . 2014-08-26 09:36        --------        d-----w-        c:\program files (x86)\PDFCreator
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 09:46 . 2014-05-12 12:36        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-09-12 07:34 . 2014-06-06 11:32        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-09-12 07:33 . 2014-06-06 11:31        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-09-10 12:01 . 2014-05-12 11:11        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 12:01 . 2014-05-12 11:11        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-08 21:22 . 2014-06-06 11:31        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-08-25 04:53 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-11 23:34 . 2014-07-01 09:14        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-06 06:45 . 2014-08-06 06:45        283064        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 22:40        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 22:40        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-14 22:39        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 22:39        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-07-08 10:22 . 2014-06-03 09:02        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-01 13:31 . 2014-05-25 12:12        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-15 01:01        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-15 01:01        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Music"="c:\users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-01 3162944]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"SysBackUp"="wscript.exe" [2013-10-12 141824]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2013-05-14 552960]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-07-05 6618920]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-06-01 4315872]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-11-22 1085744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\users\Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SysBackUp.vbs [2013-12-8 234620]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RtkA2dp;Realtek Bluetooth A2dp Source Service;c:\windows\system32\drivers\RtkA2dp.sys;c:\windows\SYSNATIVE\drivers\RtkA2dp.sys [x]
S3 RtkAvrcp;Realtek Bluetooth A/V Remote Control Target;c:\windows\system32\DRIVERS\RtkAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\RtkAvrcp.sys [x]
S3 RtkAvrcpCtrlr;Realtek Bluetooth A/V Remote Control Controller Device Driver;c:\windows\system32\DRIVERS\RtkAvrcpCtrlr.sys;c:\windows\SYSNATIVE\DRIVERS\RtkAvrcpCtrlr.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12 12:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-16 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-16 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-16 444400]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-10-21 280576]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-06-14 293672]
"MRT"="c:\windows\system32\MRT.exe" [2014-09-12 101694776]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hintergrund.de/
FF - user.js: extensions.nspdlrckt.aflt - rckt_dsites02_14_27_ff
FF - user.js: extensions.nspdlrckt.instlRef - 142905_b
FF - user.js: extensions.nspdlrckt.cr - 542855383
FF - user.js: extensions.nspdlrckt.cd - 2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtA0DyD0ByBtBtC0C0BtBtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtCyCtCyBtBtDzztG0D0B0FyCtG0CtA0C0CtG0EyEzz0EtGyEzyzzyD0EyEyEyC0AyBtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0CyD0AyE0FtCtGtDtB0FtCtGzz0BtBtCtGzyzytD0DtGtByEyC0CyB0FtC0FyEtCyDyD2Q
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HSCF - c:\windows\System32\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-19  08:41:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-19 06:41
.
Vor Suchlauf: 13 Verzeichnis(se), 426.536.972.288 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 426.165.006.336 Bytes frei
.
- - End Of File - - 6E3456FE69DBB1DA29FA92791DD8FF71
3B524701E01013A664367F17C8778798

cosinus 19.09.2014 08:27
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Aljanuschka 19.09.2014 12:40
Hi, schon beim ersten schritt kommen fragen auf.

AdwCleaner hat "Dienste" nichts gefunden...bei den anderen unterpunkten allerdings schon...soll ich da was löschen ? :balla:

LG.

zwischen " hat" und "dienste" soll ein " bei" stehen.

cosinus 19.09.2014 13:11
Anleitung bitte richtig lesen :D

Aljanuschka 19.09.2014 19:50
tschuldige :stirn:

Code:
# AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 14:28:54
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Erna - ERNA-PC
# Gestartet von : C:\Users\Erna\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Windows\Util
Ordner Gelöscht : C:\Users\Erna\AppData\Roaming\AppCloudUpdater
Ordner Gelöscht : C:\Users\Erna\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Erna\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\Erna\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\sasnative64.exe
Datei Gelöscht : C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Advanced System Protector
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : AppCloudUpdater
Task Gelöscht : RegClean Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\AppCloudUpdater
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WSE Rocket
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [16734 octets] - [26/06/2014 12:58:38]
AdwCleaner[R1].txt - [1577 octets] - [01/07/2014 14:07:50]
AdwCleaner[R2].txt - [4811 octets] - [01/07/2014 15:09:10]
AdwCleaner[R3].txt - [2949 octets] - [17/07/2014 04:39:30]
AdwCleaner[R4].txt - [3161 octets] - [04/08/2014 15:08:49]
AdwCleaner[R5].txt - [3363 octets] - [06/08/2014 08:23:44]
AdwCleaner[R6].txt - [3429 octets] - [12/08/2014 01:35:14]
AdwCleaner[R7].txt - [3661 octets] - [19/09/2014 13:35:15]
AdwCleaner[S0].txt - [15018 octets] - [26/06/2014 12:59:18]
AdwCleaner[S1].txt - [3253 octets] - [19/09/2014 14:28:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3313 octets] ##########
der rest

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Professional x64
Ran by Erna on 19.09.2014 at 14:34:59,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Erna\AppData\Roaming\mozilla\firefox\profiles\xahwhl1t.default\minidumps [72 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 14:39:21,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Erna (administrator) on ERNA-PC on 19-09-2014 14:40:57
Running from C:\Users\Erna\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-06-14] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [101694776 2014-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-22] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [Amazon Music] => C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Erna\AppData\Roaming\SysBackUp.vbs"
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysBackUp.vbs ()
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9499EF76-5ADE-4EFC-8AE2-1C865957D5BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
SearchScopes: HKLM-x32 - {9499EF76-5ADE-4EFC-8AE2-1C865957D5BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default
FF Homepage: hxxp://www.hintergrund.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: Adblock Plus - C:\Users\Erna\AppData\Roaming\Mozilla\Firefox\Profiles\xahwhl1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-06] () [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-22] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-06-14] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-06] (Disc Soft Ltd)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-22] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-16] (Intel Corporation)
R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [178904 2013-11-05] (Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\Windows\System32\DRIVERS\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation)
R3 RtkAvrcpCtrlr; C:\Windows\System32\DRIVERS\RtkAvrcpCtrlr.sys [66904 2013-06-21] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [554712 2013-11-04] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2974424 2013-08-03] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 14:39 - 2014-09-19 14:39 - 00001007 _____ () C:\Users\Erna\Desktop\JRT.txt
2014-09-19 14:34 - 2014-09-19 14:34 - 01019328 _____ (Thisisu) C:\Users\Erna\Desktop\JRT.exe
2014-09-19 13:34 - 2014-09-19 13:34 - 01373475 _____ () C:\Users\Erna\Desktop\AdwCleaner_3.310.exe
2014-09-19 08:41 - 2014-09-19 08:41 - 00019099 _____ () C:\ComboFix.txt
2014-09-19 08:29 - 2014-09-19 08:41 - 00000000 ____D () C:\ComboFix
2014-09-19 08:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-19 08:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-19 08:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-19 08:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-19 08:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-19 08:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-19 08:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-19 08:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-19 08:26 - 2014-09-19 08:41 - 00000000 ____D () C:\Qoobox
2014-09-19 08:26 - 2014-09-19 08:40 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 08:25 - 2014-09-19 08:25 - 05578824 ____R (Swearware) C:\Users\Erna\Desktop\ComboFix.exe
2014-09-18 13:30 - 2014-09-18 13:30 - 00011448 _____ () C:\Users\Erna\Desktop\Ereignisse.txt
2014-09-18 12:51 - 2014-09-18 12:51 - 00026921 _____ () C:\Users\Erna\Desktop\Addition.txt
2014-09-18 12:47 - 2014-09-19 14:41 - 00015051 _____ () C:\Users\Erna\Desktop\FRST.txt
2014-09-18 12:47 - 2014-09-18 12:47 - 02105856 _____ (Farbar) C:\Users\Erna\Desktop\FRST64.exe
2014-09-18 12:43 - 2014-09-18 12:43 - 00000000 ____D () C:\Users\Erna\Desktop\Neuer Ordner
2014-09-17 10:01 - 2014-09-17 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 11:26 - 2014-09-16 11:26 - 00000000 ____D () C:\Users\Erna\AppData\Local\Adobe
2014-09-12 11:50 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 11:50 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 11:50 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 11:50 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 11:50 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 11:50 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 11:50 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 11:50 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 11:50 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 11:50 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 11:50 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 11:50 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 11:50 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 11:50 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 11:50 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 11:50 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 11:50 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 11:50 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 11:50 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 11:50 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 11:50 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 11:50 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 11:50 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 11:50 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 11:50 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 11:50 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 11:50 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 11:50 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 11:50 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 11:50 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 11:50 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 11:50 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 11:50 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 11:50 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 11:50 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 11:50 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 11:50 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 11:50 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 11:50 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 11:50 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 11:50 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 11:50 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 11:50 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 11:50 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 11:50 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 11:50 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 11:50 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 11:50 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 11:50 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 11:50 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 11:50 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 11:50 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 09:32 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 09:32 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 09:32 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 09:32 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 09:32 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:01 - 2014-09-10 14:01 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\Documents\My Bluetooth
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\My Bluetooth
2014-08-28 10:05 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:05 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:05 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 11:39 - 2014-08-26 11:39 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-26 11:35 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-08-26 11:35 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-08-26 11:35 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-08-26 11:35 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-08-26 11:35 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-08-26 11:35 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-08-26 11:35 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 14:41 - 2014-09-18 12:47 - 00015051 _____ () C:\Users\Erna\Desktop\FRST.txt
2014-09-19 14:40 - 2014-06-26 11:26 - 00000000 ____D () C:\FRST
2014-09-19 14:39 - 2014-09-19 14:39 - 00001007 _____ () C:\Users\Erna\Desktop\JRT.txt
2014-09-19 14:39 - 2014-08-06 09:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 14:38 - 2014-05-11 10:44 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Skype
2014-09-19 14:38 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:38 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:35 - 2014-02-26 02:20 - 02035261 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 14:34 - 2014-09-19 14:34 - 01019328 _____ (Thisisu) C:\Users\Erna\Desktop\JRT.exe
2014-09-19 14:31 - 2014-05-09 14:46 - 01667829 _____ () C:\Users\Erna\AppData\Local\BTServer.log
2014-09-19 14:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 14:30 - 2009-07-14 06:51 - 00108363 _____ () C:\Windows\setupact.log
2014-09-19 14:29 - 2014-06-26 12:58 - 00000000 ____D () C:\AdwCleaner
2014-09-19 14:29 - 2010-11-21 05:47 - 00427282 _____ () C:\Windows\PFRO.log
2014-09-19 14:01 - 2014-05-12 13:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 13:34 - 2014-09-19 13:34 - 01373475 _____ () C:\Users\Erna\Desktop\AdwCleaner_3.310.exe
2014-09-19 13:34 - 2014-05-16 16:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 08:43 - 2014-02-26 10:41 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-09-19 08:43 - 2014-02-26 10:41 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-09-19 08:43 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 08:41 - 2014-09-19 08:41 - 00019099 _____ () C:\ComboFix.txt
2014-09-19 08:41 - 2014-09-19 08:29 - 00000000 ____D () C:\ComboFix
2014-09-19 08:41 - 2014-09-19 08:26 - 00000000 ____D () C:\Qoobox
2014-09-19 08:40 - 2014-09-19 08:26 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 08:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-19 08:25 - 2014-09-19 08:25 - 05578824 ____R (Swearware) C:\Users\Erna\Desktop\ComboFix.exe
2014-09-18 20:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-18 13:30 - 2014-09-18 13:30 - 00011448 _____ () C:\Users\Erna\Desktop\Ereignisse.txt
2014-09-18 12:51 - 2014-09-18 12:51 - 00026921 _____ () C:\Users\Erna\Desktop\Addition.txt
2014-09-18 12:47 - 2014-09-18 12:47 - 02105856 _____ (Farbar) C:\Users\Erna\Desktop\FRST64.exe
2014-09-18 12:43 - 2014-09-18 12:43 - 00000000 ____D () C:\Users\Erna\Desktop\Neuer Ordner
2014-09-17 10:01 - 2014-09-17 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-17 10:01 - 2014-05-11 10:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 10:01 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 11:26 - 2014-09-16 11:26 - 00000000 ____D () C:\Users\Erna\AppData\Local\Adobe
2014-09-16 01:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 11:49 - 2014-02-26 02:28 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 11:46 - 2014-05-12 14:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 11:46 - 2014-05-10 17:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 14:19 - 2014-08-04 20:00 - 00000000 ____D () C:\Users\Erna\AppData\Local\SoulseekQt
2014-09-10 14:01 - 2014-09-10 14:01 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 14:01 - 2014-05-12 13:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:01 - 2014-05-12 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 14:01 - 2014-05-12 13:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:58 - 2014-05-12 00:25 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-04 14:55 - 2014-05-11 12:26 - 00000000 ____D () C:\Users\Erna\Documents\Schule
2014-08-28 18:15 - 2014-05-10 14:39 - 00000000 ____D () C:\Users\Erna\Desktop\Olalá
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\Documents\My Bluetooth
2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\My Bluetooth
2014-08-28 12:15 - 2009-07-14 06:45 - 00438744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 11:39 - 2014-08-26 11:39 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-08-26 11:36 - 2014-08-26 11:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-26 11:35 - 2014-08-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-26 11:27 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Adobe
2014-08-26 04:35 - 2014-08-04 12:29 - 00018364 _____ () C:\Users\Erna\Documents\Vermieter BULLSHIT.odt
2014-08-25 23:12 - 2014-05-10 11:33 - 00000000 ____D () C:\Users\Erna\AppData\Roaming\Nitro PDF
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 10:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 10:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 10:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Erna\AppData\Local\Temp\avgnt.exe
C:\Users\Erna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 01:44

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Ran by Erna at 2014-09-19 14:42:06
Running from C:\Users\Erna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.62.2 - Lenovo Group Limited)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.514.32 - Vimicro)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.0.5.11 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111213 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30161 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0225 - REALTEK Semiconductor Corp.)
Sausage Software Common Files Package (HKLM-x32\...\HSCF) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.45.0 - Lenovo)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/16/2013 12.8.1.1000) (HKLM\...\55452E592301CAC9072BC127374B10BC52DEADDB) (Version: 08/16/2013 12.8.1.1000 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.00.02 (04/17/2013 1.67.00.02) (HKLM\...\907DA143458FE258EFEB416B946DE8DF2B87A0BA) (Version: 04/17/2013 1.67.00.02 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-09-2014 12:25:54 Windows Update
06-09-2014 10:13:41 Windows Update
12-09-2014 07:25:27 Windows Update
12-09-2014 09:45:49 Windows Update
16-09-2014 08:29:25 Windows Update
19-09-2014 06:27:17 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-19 08:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {175003D1-7BD7-4A09-9145-491CC9A0421E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2988E227-6AC8-4271-86E5-3538F992CFC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {2DB2584B-CF6B-4E4E-8CB0-7783D68A64BD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {5677BA22-6517-4FED-B75F-16338F1C0D83} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6DA7FDBB-E67E-4CAC-9114-DD41BA5D85A5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-07-27] (Realtek Semiconductor)
Task: {75FD7964-B017-4091-84AB-253E6675BE4B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {85F44004-A80C-4CCD-88C1-FC46AED0E9BB} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-07-05] (Lenovo Group Limited)
Task: {8A2C94D5-F0C8-40D2-B293-40BC475FEAE2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {AE561559-304A-42EE-A0EC-4A6FE390EBC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {AF041AFE-1065-4A65-98FB-3582A26BC110} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {DE217547-8B9D-4BD0-B073-87AEE96769D0} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-26 02:35 - 2013-11-06 22:24 - 00066560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-07-14 15:41 - 2014-07-01 20:58 - 03162944 _____ () C:\Users\Erna\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-02-26 02:42 - 2013-07-05 16:02 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-02-26 02:45 - 2012-11-22 03:49 - 00033072 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2014-02-26 02:43 - 2011-08-02 21:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-02-26 02:43 - 2011-08-02 21:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-19 13:31 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Erna\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-26 02:32 - 2013-07-03 20:40 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-06 09:07 - 2014-09-19 14:39 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-19 08:35:28.019
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-19 08:35:27.959
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3865.09 MB
Available physical RAM: 2028.62 MB
Total Pagefile: 7728.37 MB
Available Pagefile: 5612.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:464.29 GB) (Free:396.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Der Prozess DVD1) (CDROM) (Total:7.73 GB) (Free:0 GB) UDF
Drive f: (OFFICE12) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C12FF667)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
hallo, ich bin wahrscheinlich erst ab Montag wieder in Internetnähe. nicht wundern.

schönes we erstmal.

cosinus 19.09.2014 22:32
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Erna\AppData\Roaming\SysBackUp.vbs"
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Aljanuschka 21.09.2014 12:36
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Erna at 2014-09-21 13:29:41 Run:3
Running from C:\Users\Erna\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-803746185-1275731524-2233151690-1000\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Erna\AppData\Roaming\SysBackUp.vbs"
EmptyTemp:
*****************

HKU\S-1-5-21-803746185-1275731524-2233151690-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SysBackUp => value deleted successfully.
EmptyTemp: => Removed 472.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 21.09.2014 17:23
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Aljanuschka 22.09.2014 15:06
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0358c6c8784aec46bda215e8366834d6
# engine=20244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-09-22 02:00:49
# local_time=2014-09-22 04:00:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 79078 11767447 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 286419 163024299 0 0
# scanned=138093
# found=45
# cleaned=0
# scan_time=12027
sh=A7A358A1F2E7C85D2E73E424BCAA8B4F2F4D5A90 ft=1 fh=c71c0011905dfd23 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll.vir"
sh=E1B8DB844C6D1876F8FAC760A847536048485EBF ft=1 fh=34edeb907fdc1fb5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe.vir"
sh=68BF1E0437E11832B4DC5E9923DCA5FFB92914AC ft=1 fh=fe3fcc60a0369b2a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=74ADF35C3A3456993B5D72F70AE1EDEB28987C80 ft=1 fh=90d7e36e3b85c7e4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=4929EB5864840E7F5A0ACA7FA5723D703F4B5E73 ft=1 fh=ce188f0b56e64136 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C1C4A9783C1F509E37A328A0C16F556C2F8DDFA2 ft=1 fh=afa1bf8c8fc4ffe1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=8A0819C25BB2568FF451BED451955B4E69E724D7 ft=1 fh=7bc6a5dd57c41934 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=53BD46E5463C07C3BBDFD087401F2E08A08688A3 ft=1 fh=d7610d97dff53ad1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=D0A19C8A6E8262E5A49AD278DB110F8521CA6BD9 ft=1 fh=b7d04a9494a7c178 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=01E8A066B023DAACD6FE9CBC35372A56BE6EC5B1 ft=1 fh=832dcd421f4cfd2d vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=FB7948E63D42672E50D4A521CDB6DBACD615D773 ft=1 fh=fc81cec60cf9c6da vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=FCD66E27D30EDEDD6ABE11C70DD7BF08532767F5 ft=1 fh=70fb3384296e3ad9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.Bromon.dll.vir"
sh=451ACE67F99D590AC2C4FFE2042253549F7D523F ft=1 fh=c1d56af8db747086 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.CompatibilityChecker.dll.vir"
sh=2C13F9D40B933F6D64CB33441433746ACE2F2918 ft=1 fh=43bb8aec40ae0a6e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.FeSvc.dll.vir"
sh=ADF955316D9E0BDA10173F965774519197F13488 ft=1 fh=70321b8969563f18 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.Repmon.dll.vir"
sh=D6213CD04B8D651C427DF7FD415827689B38C687 ft=1 fh=6ab0c488b9eb77d5 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\webgetUninstall.exe.vir"
sh=EAB8B9C62E91D5DB21E165879599E883E2A7E26A ft=1 fh=d55dcd28b48ee477 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=8E324EFF88541685373A637FBDEF5C8E5451C616 ft=1 fh=c71c0011353fc84c vn="Variante von Win32/AdWare.OxyPumper.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\DM.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsb9B4D.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsbA0CA.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsm3E4C.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsw41E5.exe.xBAD"
sh=FA0A84A102325374F455A7B12EB1C998E8719D11 ft=1 fh=54b63c39bab0ee86 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\optprosetup.exe.xBAD"
sh=FB98EEEE1B51AE4C7BEEB5337B0E86FE66247A17 ft=1 fh=467a55130ae7e1f2 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Audiograbber_TSA13RM88\a5341d14905fc5805bbfa609c55cbf50_agsetup183se.exe.xBAD"
sh=E3F82333B989408B83D6A3D8E378803C97887202 ft=1 fh=e09bf12e97620ecb vn="Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Audiograbber_TSA13RM88.exe.xBAD"
sh=31C5786FFF14D65DB1DDA855B6FF5410639E2B31 ft=1 fh=e4702e5c53c1bf6d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Partition Wizard Bootable CD - CHIP-Downloader.exe.xBAD"
sh=E939F65F36FE6A1870AF2358F8D91EC6B75CB6C2 ft=1 fh=210d7675176d9164 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\SoftonicDownloader_fuer_partition-wizard-bootable-cd.exe.xBAD"
sh=278DC517AC7914E7DE88044AA9DFCD79545234D0 ft=1 fh=a52d7b749cc70704 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys.xBAD"
sh=B3BBC3BE2D88F5F8FB2B3DEC3FEF9068FF5DB26D ft=1 fh=5868f0ccf7722e1c vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys.xBAD"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\sweetpacks bundle uninstaller_Audiograbber_1426999\uninstaller.exe"
sh=64458E7A4DB4E767711BCB0E9D473E5A03ABBEAA ft=0 fh=0000000000000000 vn="VBS/Agent.NET Wurm" ac=I fn="C:\Qoobox\Quarantine\C\Users\Erna\AppData\Roaming\SysBackUp.vbs.vir"
sh=9E99F973FAA2BE6734059FB15B56631914B2D830 ft=0 fh=0000000000000000 vn="LNK/Agent.AK Trojaner" ac=I fn="C:\Users\Erna\Desktop\Neuer Ordner\Unbenannt 1.lnk"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Erna\Desktop\Olalá\DTLite4491-0356.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Erna\Desktop\Olalá\PDFCreator-1_7_3_setup.exe"
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0358c6c8784aec46bda215e8366834d6
# engine=20244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-09-22 02:00:49
# local_time=2014-09-22 04:00:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 79078 11767447 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 286419 163024299 0 0
# scanned=138093
# found=45
# cleaned=0
# scan_time=12027
sh=A7A358A1F2E7C85D2E73E424BCAA8B4F2F4D5A90 ft=1 fh=c71c0011905dfd23 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll.vir"
sh=E1B8DB844C6D1876F8FAC760A847536048485EBF ft=1 fh=34edeb907fdc1fb5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe.vir"
sh=68BF1E0437E11832B4DC5E9923DCA5FFB92914AC ft=1 fh=fe3fcc60a0369b2a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=74ADF35C3A3456993B5D72F70AE1EDEB28987C80 ft=1 fh=90d7e36e3b85c7e4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=4929EB5864840E7F5A0ACA7FA5723D703F4B5E73 ft=1 fh=ce188f0b56e64136 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C1C4A9783C1F509E37A328A0C16F556C2F8DDFA2 ft=1 fh=afa1bf8c8fc4ffe1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=8A0819C25BB2568FF451BED451955B4E69E724D7 ft=1 fh=7bc6a5dd57c41934 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=53BD46E5463C07C3BBDFD087401F2E08A08688A3 ft=1 fh=d7610d97dff53ad1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=D0A19C8A6E8262E5A49AD278DB110F8521CA6BD9 ft=1 fh=b7d04a9494a7c178 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=01E8A066B023DAACD6FE9CBC35372A56BE6EC5B1 ft=1 fh=832dcd421f4cfd2d vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=FB7948E63D42672E50D4A521CDB6DBACD615D773 ft=1 fh=fc81cec60cf9c6da vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=FCD66E27D30EDEDD6ABE11C70DD7BF08532767F5 ft=1 fh=70fb3384296e3ad9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.Bromon.dll.vir"
sh=451ACE67F99D590AC2C4FFE2042253549F7D523F ft=1 fh=c1d56af8db747086 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.CompatibilityChecker.dll.vir"
sh=2C13F9D40B933F6D64CB33441433746ACE2F2918 ft=1 fh=43bb8aec40ae0a6e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.FeSvc.dll.vir"
sh=ADF955316D9E0BDA10173F965774519197F13488 ft=1 fh=70321b8969563f18 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.Repmon.dll.vir"
sh=D6213CD04B8D651C427DF7FD415827689B38C687 ft=1 fh=6ab0c488b9eb77d5 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\webgetUninstall.exe.vir"
sh=EAB8B9C62E91D5DB21E165879599E883E2A7E26A ft=1 fh=d55dcd28b48ee477 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=8E324EFF88541685373A637FBDEF5C8E5451C616 ft=1 fh=c71c0011353fc84c vn="Variante von Win32/AdWare.OxyPumper.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\DM.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsb9B4D.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsbA0CA.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsm3E4C.exe.xBAD"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\nsw41E5.exe.xBAD"
sh=FA0A84A102325374F455A7B12EB1C998E8719D11 ft=1 fh=54b63c39bab0ee86 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\AppData\Local\Temp\optprosetup.exe.xBAD"
sh=FB98EEEE1B51AE4C7BEEB5337B0E86FE66247A17 ft=1 fh=467a55130ae7e1f2 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Audiograbber_TSA13RM88\a5341d14905fc5805bbfa609c55cbf50_agsetup183se.exe.xBAD"
sh=E3F82333B989408B83D6A3D8E378803C97887202 ft=1 fh=e09bf12e97620ecb vn="Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Audiograbber_TSA13RM88.exe.xBAD"
sh=31C5786FFF14D65DB1DDA855B6FF5410639E2B31 ft=1 fh=e4702e5c53c1bf6d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\Partition Wizard Bootable CD - CHIP-Downloader.exe.xBAD"
sh=E939F65F36FE6A1870AF2358F8D91EC6B75CB6C2 ft=1 fh=210d7675176d9164 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Erna\Downloads\What ever\SoftonicDownloader_fuer_partition-wizard-bootable-cd.exe.xBAD"
sh=278DC517AC7914E7DE88044AA9DFCD79545234D0 ft=1 fh=a52d7b749cc70704 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys.xBAD"
sh=B3BBC3BE2D88F5F8FB2B3DEC3FEF9068FF5DB26D ft=1 fh=5868f0ccf7722e1c vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys.xBAD"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\sweetpacks bundle uninstaller_Audiograbber_1426999\uninstaller.exe"
sh=64458E7A4DB4E767711BCB0E9D473E5A03ABBEAA ft=0 fh=0000000000000000 vn="VBS/Agent.NET Wurm" ac=I fn="C:\Qoobox\Quarantine\C\Users\Erna\AppData\Roaming\SysBackUp.vbs.vir"
sh=9E99F973FAA2BE6734059FB15B56631914B2D830 ft=0 fh=0000000000000000 vn="LNK/Agent.AK Trojaner" ac=I fn="C:\Users\Erna\Desktop\Neuer Ordner\Unbenannt 1.lnk"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Erna\Desktop\Olalá\DTLite4491-0356.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Erna\Desktop\Olalá\PDFCreator-1_7_3_setup.exe"


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:07 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131