Trojaner-Board - Windows 7: Avira findet TR/Emotet.A.67 nach Telekom-Rechnung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7: Avira findet TR/Emotet.A.67 nach Telekom-Rechnung (https://www.trojaner-board.de/162117-windows-7-avira-findet-tr-emotet-a-67-telekom-rechnung.html)

Windows 7: Avira findet TR/Emotet.A.67 nach Telekom-Rechnung

Hallo zusammen,

nach dem Klick auf einen Link in einer vermeintlichen Telekom-Rechnung, hat mein Avira Free Antivirus den Trojaner TR/Emotet.A.67 gefunden und in die Quarantäne verschoben.
Ich habe bereits mit FRST und GMER einen Scan durchgeführt.
Welche weiteren Schritte sind nötig, um sicher zu sein, dass der Trojaner gänzlich entfernt wurde?
Die Log-Files von Avira und GMER befinden sich im Anhang.

Vielen Dank bereits für eure Hilfe!

MfG sonja_

FRST.txt:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014

Ran by Sonja (administrator) on ASUS-SONJA on 23-12-2014 19:28:27

Running from C:\Users\Sonja\Desktop

Loaded Profile: Sonja (Available profiles: Sonja)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe

() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

(ASUS) C:\Windows\AsScrPro.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

() C:\Program Files (x86)\TV IR\TV IR.exe

() C:\Program Files (x86)\TV IR\shutTask.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-04-18] (ASUS)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-17] ()

HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [177664 2012-04-16] ()

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [] => [X]

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [phonostarTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2014-01-11] ()

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2014-01-11] ()

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\RunOnce: [Adobe Speed Launcher] => 1419359017

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

URLSearchHook: [S-1-5-21-4224836468-2737801480-210023977-1001] ATTENTION ==> Default URLSearchHook is missing.

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4224836468-2737801480-210023977-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )

FF user.js: detected! => C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\user.js

FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS5D05\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )

S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)

S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [56960 2011-03-06] (Siano)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-23 19:28 - 2014-12-23 19:30 - 00015555 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-12-23 19:28 - 2014-12-23 19:28 - 00000000 ____D () C:\FRST

2014-12-23 19:26 - 2014-12-23 19:26 - 02122240 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-12-22 23:28 - 2014-12-22 23:28 - 00057274 _____ () C:\Users\Sonja\Desktop\AVSCAN-20141222-204932-1F2AECB1.LOG

2014-12-18 12:17 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 12:17 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 14:14 - 2014-12-17 14:14 - 00001150 _____ () C:\Users\Sonja\Desktop\Amazon Music.lnk

2014-12-17 14:12 - 2014-12-17 14:13 - 39565896 _____ (Amazon) C:\Users\Sonja\Downloads\AmazonMusicInstaller.exe

2014-12-11 18:33 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 18:33 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 10:40 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-11 10:40 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-11 10:40 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-11 10:40 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-11 10:40 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-11 10:40 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-11 10:40 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-11 10:40 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-11 10:40 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-11 10:40 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-11 10:40 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-11 10:40 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-11 10:40 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-11 10:40 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-11 10:40 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-11 10:40 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-11 10:40 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-11 10:40 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-11 10:40 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-11 10:40 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-11 10:40 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-11 10:40 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-11 10:39 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-11 10:39 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-11 10:39 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-11 10:39 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-11 10:39 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-11 10:38 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-11 10:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 18:36 - 2014-12-09 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-04 20:00 - 2014-12-04 20:04 - 00000000 ____D () C:\Users\Public\Documents\scannen 141204

2014-12-04 09:46 - 2014-12-04 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-12-03 15:03 - 2014-12-03 15:03 - 00150134 _____ () C:\Users\Sonja\Documents\Phishing 141202.odt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-23 19:26 - 2011-04-18 01:45 - 01514967 _____ () C:\Windows\WindowsUpdate.log

2014-12-23 19:23 - 2013-12-14 14:46 - 00127136 _____ () C:\Windows\setupact.log

2014-12-23 19:23 - 2013-12-13 23:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-23 19:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-23 14:04 - 2013-03-23 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-23 13:45 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-23 13:45 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-22 19:47 - 2011-07-12 19:59 - 00000000 ____D () C:\Users\Sonja\Documents\2 Sonja firma

2014-12-22 19:27 - 2011-07-07 18:27 - 00000000 ____D () C:\Users\Sonja\Documents\1 hospodarjenje

2014-12-20 10:35 - 2009-08-04 10:51 - 00711378 _____ () C:\Windows\system32\perfh007.dat

2014-12-20 10:35 - 2009-08-04 10:51 - 00153826 _____ () C:\Windows\system32\perfc007.dat

2014-12-20 10:35 - 2009-07-14 06:13 - 01652604 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-19 13:59 - 2014-09-07 19:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc

2014-12-18 17:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-16 19:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 18:40 - 2013-07-17 18:17 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 18:34 - 2011-06-26 15:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:04 - 2013-03-23 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 19:04 - 2012-04-07 10:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 19:04 - 2011-06-26 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 22:59 - 2012-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-09 19:12 - 2013-12-14 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-11-24 14:04 - 2011-06-26 16:06 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\avgnt.exe

C:\Users\Sonja\AppData\Local\Temp\HPInstaller.exe

C:\Users\Sonja\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Sonja\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Sonja\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Sonja\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Sonja\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Sonja\AppData\Local\Temp\NOSEventMessages.dll

C:\Users\Sonja\AppData\Local\Temp\nv3DVStreaming.dll

C:\Users\Sonja\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Sonja\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\Sonja\AppData\Local\Temp\nvStInst.exe

C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.1-win64.exe

C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.2-win64.exe

C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-16 19:48
 

==================== End Of Log ============================

Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014

Ran by Sonja at 2014-12-23 19:30:33

Running from C:\Users\Sonja\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)

Amazon Music (HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)

ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.374 - ArcSoft)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)

Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 12.3.2.6814k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

MD86351 driver install (HKLM-x32\...\InstallShield_{8F09C270-2407-4EC5-9AA3-E0735EC745C6}) (Version: 6.3.6.1 - Ihr Firmenname)

MD86351 driver install (x32 Version: 6.3.6.1 - Ihr Firmenname) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)

No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)

Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)

Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)

Nokia Ovi Suite (x32 Version: 2.2.0.245 - Nokia) Hidden

Nokia Ovi Suite Software Updater (HKLM-x32\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Ovi Desktop Sync Engine (x32 Version: 1.4.78.0 - Nokia) Hidden

OviMPlatform (x32 Version: 2.6.195.0 - Nokia) Hidden

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PC Connectivity Solution (HKLM-x32\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)

PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

phonostar-Player Version 3.03.3 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6294 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.1 - MEDION)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

18-12-2014 17:01:08 Windows Update

23-12-2014 13:43:54 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {18CE4AB6-E499-40F8-8A49-1C5A676AF330} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {5D9EE729-695A-46FF-AAD1-C4A6C0E5C63F} - System32\Tasks\{F7FCB6D1-084B-4772-BF55-F92C34E77338} => pcalua.exe -a C:\Users\Sonja\Downloads\avira_antivir_personal_de.exe -d C:\Users\Sonja\Downloads

Task: {8D711C35-A44E-444C-BC6C-6CD1B04F9DF4} - System32\Tasks\DSite => C:\Users\Sonja\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {8ECF9EF8-3344-43E0-B982-975C6B624088} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {907447B0-87CC-4FB7-88A1-17ADD2F823C8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {94D32C22-CD86-487A-A9A9-F341C796B5CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DSite.job => C:\Users\Sonja\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-13 23:03 - 2014-07-02 21:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2013-12-13 23:19 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2011-04-18 01:20 - 2011-04-18 01:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-07-14 20:33 - 2014-01-11 14:01 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe

2014-12-17 14:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

2012-05-03 19:50 - 2012-04-17 16:11 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe

2012-05-03 19:50 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll

2012-05-03 19:50 - 2012-04-16 20:47 - 00177664 _____ () C:\Program Files (x86)\TV IR\shutTask.exe

2013-12-13 23:03 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2014-12-09 18:36 - 2014-12-09 18:36 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-4224836468-2737801480-210023977-500 - Administrator - Disabled)

Gast (S-1-5-21-4224836468-2737801480-210023977-501 - Limited - Disabled)

Sonja (S-1-5-21-4224836468-2737801480-210023977-1001 - Administrator - Enabled) => C:\Users\Sonja
 

==================== Faulty Device Manager Devices =============
 

Name: ASUS USB2.0 WebCam

Description: USB-Videogerät

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/21/2014 07:56:17 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 

Error: (12/19/2014 01:59:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000018e5d

ID des fehlerhaften Prozesses: 0x14ec

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3
 

Error: (12/19/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000018e5d

ID des fehlerhaften Prozesses: 0xec4

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3
 

Error: (12/18/2014 01:59:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000018e5d

ID des fehlerhaften Prozesses: 0xb4c

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3
 

Error: (12/15/2014 09:16:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 

Error: (12/09/2014 07:11:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: Asus-Sonja)

Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (12/08/2014 07:31:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 

Error: (11/30/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 

Error: (11/24/2014 01:49:16 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 
 

System errors:

=============

Error: (12/22/2014 08:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (12/22/2014 08:50:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (12/22/2014 08:50:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (12/17/2014 06:53:55 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (12/06/2014 05:44:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
 

Error: (11/22/2014 00:07:39 PM) (Source: iaStor) (EventID: 9) (User: )

Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
 

Error: (11/19/2014 07:45:52 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (11/17/2014 04:17:51 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (11/14/2014 07:23:41 AM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (10/30/2014 06:29:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
 
 

Microsoft Office Sessions:

=========================

Error: (12/21/2014 07:56:17 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 

Error: (12/19/2014 01:59:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d14ec01d01b88bc24cbbcC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlld3b86ab4-877e-11e4-bb36-f46d04231209
 

Error: (12/19/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5dec401d01b668b6a39bbC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlla0863fc4-875c-11e4-bb36-f46d04231209
 

Error: (12/18/2014 01:59:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5db4c01d01abfbd8cce39C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllb828fe6e-86b5-11e4-9f6e-f46d04231209
 

Error: (12/15/2014 09:16:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 

Error: (12/09/2014 07:11:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: Asus-Sonja)

Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
 

Error: (12/08/2014 07:31:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 

Error: (11/30/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 

Error: (11/24/2014 01:49:16 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 31%

Total physical RAM: 6055.77 MB

Available physical RAM: 4142.97 MB

Total Pagefile: 12109.73 MB

Available Pagefile: 10115.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:12.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (DATA) (Fixed) (Total:202.08 GB) (Free:152.86 GB) NTFS

Drive r: (RECOVERY) (Fixed) (Total:21.48 GB) (Free:11.46 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)

Partition 1: (Not Active) - (Size=21.5 GB) - (Type=0C)

Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Trotz Deaktivierung von Avira, erschien eine Meldung, dass mich das Programm vor Zugriff auf Registrierungsschlüssel geschützt habe. Combofix kommentierte das nicht.

Code:

ComboFix 14-12-23.01 - Sonja 23.12.2014  23:19:50.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4451 [GMT 1:00]

ausgeführt von:: c:\users\Sonja\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\phonostar-Player\phonostarTimer.exe

c:\users\Sonja\AppData\Local\lame_enc.dll

c:\users\Sonja\AppData\Local\no23xwrapper.dll

c:\users\Sonja\AppData\Local\ogg.dll

c:\users\Sonja\AppData\Local\Temp\7zS5D05\HPSLPSVC64.DLL

c:\users\Sonja\AppData\Local\uninst.tmp

c:\users\Sonja\AppData\Local\vorbis.dll

c:\users\Sonja\AppData\Local\vorbisenc.dll

c:\users\Sonja\AppData\Local\vorbisfile.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HPSLPSVC

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-11-23 bis 2014-12-23  ))))))))))))))))))))))))))))))

.

.

2014-12-23 22:27 . 2014-12-23 22:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-12-23 18:28 . 2014-12-23 18:35        --------        d-----w-        C:\FRST

2014-12-23 12:45 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAC8C048-7ADA-433B-B9F5-4E4160836615}\mpengine.dll

2014-12-18 11:17 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-12-18 11:17 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2014-12-17 13:13 . 2014-12-17 13:14        --------        d-----w-        c:\users\Sonja\AppData\Local\Amazon Music

2014-12-11 17:33 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll

2014-12-11 17:33 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll

2014-12-11 09:39 . 2014-11-11 03:09        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2014-12-11 09:38 . 2014-11-08 03:16        2048        ----a-w-        c:\windows\system32\tzres.dll

2014-12-11 09:38 . 2014-11-08 02:45        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2014-12-04 08:46 . 2014-12-04 10:41        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-11 17:34 . 2011-06-26 14:56        112710672        ----a-w-        c:\windows\system32\MRT.exe

2014-12-10 18:04 . 2012-04-07 09:24        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-12-10 18:04 . 2011-06-26 16:48        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-11-24 13:04 . 2011-06-26 15:06        275080        ------w-        c:\windows\system32\MpSigStub.exe

2014-11-11 03:08 . 2014-11-19 09:06        241152        ----a-w-        c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-19 09:06        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-19 09:06        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-19 09:06        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-10-25 01:57 . 2014-11-13 08:37        77824        ----a-w-        c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-13 08:37        67584        ----a-w-        c:\windows\SysWow64\packager.dll

2014-10-18 02:05 . 2014-11-13 08:37        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-13 08:37        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2014-10-15 17:04 . 2014-10-15 17:05        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-10-14 11:37 . 2013-12-24 13:05        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2014-10-14 11:37 . 2013-12-24 13:05        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2014-10-14 11:37 . 2013-12-24 13:05        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2014-10-14 02:16 . 2014-11-13 08:38        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2014-10-14 02:13 . 2014-11-13 08:38        683520        ----a-w-        c:\windows\system32\termsrv.dll

2014-10-14 02:13 . 2014-11-13 08:37        3241984        ----a-w-        c:\windows\system32\msi.dll

2014-10-14 02:12 . 2014-11-13 08:38        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-10-14 02:09 . 2014-11-13 08:38        146432        ----a-w-        c:\windows\system32\msaudite.dll

2014-10-14 02:07 . 2014-11-13 08:38        681984        ----a-w-        c:\windows\system32\adtschema.dll

2014-10-14 01:50 . 2014-11-13 08:38        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-10-14 01:50 . 2014-11-13 08:37        2363904        ----a-w-        c:\windows\SysWow64\msi.dll

2014-10-14 01:49 . 2014-11-13 08:38        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-10-14 01:47 . 2014-11-13 08:38        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll

2014-10-14 01:46 . 2014-11-13 08:38        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll

2014-10-10 00:57 . 2014-11-13 08:37        3198976        ----a-w-        c:\windows\system32\win32k.sys

2014-10-03 02:12 . 2014-11-13 08:37        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll

2014-10-03 02:11 . 2014-11-13 08:37        284672        ----a-w-        c:\windows\system32\EncDump.dll

2014-10-03 02:11 . 2014-11-13 08:37        680960        ----a-w-        c:\windows\system32\audiosrv.dll

2014-10-03 02:11 . 2014-11-13 08:37        440832        ----a-w-        c:\windows\system32\AudioEng.dll

2014-10-03 02:11 . 2014-11-13 08:37        296448        ----a-w-        c:\windows\system32\AudioSes.dll

2014-10-03 01:44 . 2014-11-13 08:37        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll

2014-10-03 01:44 . 2014-11-13 08:37        374784        ----a-w-        c:\windows\SysWow64\AudioEng.dll

2014-10-03 01:44 . 2014-11-13 08:37        195584        ----a-w-        c:\windows\SysWow64\AudioSes.dll

2014-09-25 02:08 . 2014-10-01 16:58        371712        ----a-w-        c:\windows\system32\qdvd.dll

2014-09-25 01:40 . 2014-10-01 16:58        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll

2009-05-26 07:26 . 2009-05-26 07:26        97336        ----a-w-        c:\program files (x86)\bass.dll

2009-05-26 07:26 . 2009-05-26 07:26        64000        ----a-w-        c:\program files (x86)\vorbisenc.dll

2009-05-26 07:26 . 2009-05-26 07:26        623616        ----a-w-        c:\program files (x86)\No23 Recorder.exe

2009-05-26 07:26 . 2009-05-26 07:26        29184        ----a-w-        c:\program files (x86)\no23xwrapper.dll

2009-05-26 07:26 . 2009-05-26 07:26        19456        ----a-w-        c:\program files (x86)\vorbisfile.dll

2009-05-26 07:26 . 2009-05-26 07:26        15872        ----a-w-        c:\program files (x86)\ogg.dll

2009-05-26 07:26 . 2009-05-26 07:26        155136        ----a-w-        c:\program files (x86)\lame_enc.dll

2009-05-26 07:26 . 2009-05-26 07:26        143872        ----a-w-        c:\program files (x86)\vorbis.dll

2009-05-26 07:26 . 2009-05-26 07:26        13872        ----a-w-        c:\program files (x86)\basscd.dll

2009-05-26 07:26 . 2009-05-26 07:26        102912        ----a-w-        c:\program files (x86)\CDRip.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Amazon Music"="c:\users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-18 3058304]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"TVPro Control"="c:\program files (x86)\TV IR\TV IR.EXE" [2012-04-17 1454592]

"TVPro Task"="c:\program files (x86)\TV IR\shutTask.exe" [2012-04-16 177664]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys;c:\windows\SYSNATIVE\drivers\ccdcmbox64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys;c:\windows\SYSNATIVE\drivers\ccdcmbx64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 smsbda;DVB-T TV Stick;c:\windows\system32\drivers\smsbda.sys;c:\windows\SYSNATIVE\drivers\smsbda.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2014-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2188904]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-18 11775592]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]

"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\

FF - ExtSQL: !HIDDEN! 2013-10-15 14:47; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

.

------- Dateityp-Verknüpfung -------

.

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Syncables - c:\program files (x86)\syncables\syncables desktop\Syncables.exe

Wow6432Node-HKCU-Run-phonostarTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe

Wow6432Node-HKCU-Run-phonostar-PlayerTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe

Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe

Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-12-23  23:35:27 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-12-23 22:35

.

Vor Suchlauf: 9 Verzeichnis(se), 12.737.097.728 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 17.067.028.480 Bytes frei

.

- - End Of File - - 127A97D2D6907CDDB54EAAA715660C48

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MBAM:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 24.12.2014

Suchlauf-Zeit: 23:46:21

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2014.12.24.13

Rootkit Datenbank: v2014.12.23.02

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Sonja
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 363196

Verstrichene Zeit: 15 Min, 29 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 2

PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [b7f697cf7c0066d0fb960b06ce35fa06], 

PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [b7f697cf7c0066d0fb960b06ce35fa06], 
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 1

PUP.Optional.Updater.A, C:\Users\Sonja\AppData\Roaming\DSite\UpdateProc, In Quarantäne, [119c0363b9c3eb4b4a7ddd655fa45aa6], 
 

Dateien: 2

PUP.Optional.Updater.A, C:\Users\Sonja\AppData\Roaming\DSite\UpdateProc\config.dat, In Quarantäne, [119c0363b9c3eb4b4a7ddd655fa45aa6], 

PUP.Optional.Updater.A, C:\Users\Sonja\AppData\Roaming\DSite\UpdateProc\TTL.DAT, In Quarantäne, [119c0363b9c3eb4b4a7ddd655fa45aa6], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Adw:

Code:

# AdwCleaner v4.106 - Bericht erstellt am 25/12/2014 um 00:14:11

# Aktualisiert 21/12/2014 von Xplode

# Database : 2014-12-21.4 [Live]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Sonja - ASUS-SONJA

# Gestartet von : C:\Users\Sonja\Desktop\AdwCleaner_4.106.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\DSite

Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\user.js
 

***** [ Tasks ] *****
 

Task Gelöscht : DSite
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
 

***** [ Browser ] *****
 

-\\ Internet Explorer v0.0.0.0
 
 

-\\ Mozilla Firefox v34.0.5 (x86 de)
 
 

*************************
 

AdwCleaner[R0].txt - [1815 octets] - [25/12/2014 00:11:54]

AdwCleaner[S0].txt - [1620 octets] - [25/12/2014 00:14:11]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1680 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Home Premium x64

Ran by Sonja on 25.12.2014 at  0:19:53,96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4224836468-2737801480-210023977-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\4s8gnecb.default\minidumps [389 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25.12.2014 at  0:23:06,87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und noch einmal ein FRST log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014

Ran by Sonja (administrator) on ASUS-SONJA on 25-12-2014 00:29:42

Running from C:\Users\Sonja\Desktop

Loaded Profile: Sonja (Available profiles: Sonja)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

(ASUS) C:\Windows\AsScrPro.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

() C:\Program Files (x86)\TV IR\TV IR.exe

() C:\Program Files (x86)\TV IR\shutTask.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-04-18] (ASUS)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-17] ()

HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [177664 2012-04-16] ()

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\RunOnce: [Adobe Speed Launcher] => 1419463715

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)

AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4224836468-2737801480-210023977-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )

FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )

S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)

S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [56960 2011-03-06] (Siano)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-25 00:29 - 2014-12-25 00:30 - 00014095 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-12-25 00:23 - 2014-12-25 00:23 - 00001617 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-12-25 00:19 - 2014-12-25 00:19 - 00000000 ____D () C:\Windows\ERUNT

2014-12-25 00:17 - 2014-12-25 00:17 - 00001768 _____ () C:\Users\Sonja\Desktop\AdwCleaner[S0].txt

2014-12-25 00:11 - 2014-12-25 00:14 - 00000000 ____D () C:\AdwCleaner

2014-12-25 00:09 - 2014-12-25 00:09 - 00001807 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-12-24 23:49 - 2014-12-24 23:49 - 01707646 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-12-24 23:47 - 2014-12-24 23:48 - 02173952 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.106.exe

2014-12-24 23:43 - 2014-12-25 00:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 23:42 - 2014-12-24 23:42 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-24 23:40 - 2014-12-24 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe

2014-12-23 23:36 - 2014-12-23 23:36 - 00021281 _____ () C:\Users\Sonja\Desktop\combofix.txt

2014-12-23 23:35 - 2014-12-23 23:35 - 00021281 _____ () C:\ComboFix.txt

2014-12-23 23:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-23 23:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-23 23:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-23 23:17 - 2014-12-23 23:35 - 00000000 ____D () C:\Qoobox

2014-12-23 23:17 - 2014-12-23 23:34 - 00000000 ____D () C:\Windows\erdnt

2014-12-23 23:15 - 2014-12-23 23:15 - 05603465 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe

2014-12-23 20:09 - 2014-12-23 20:09 - 00012432 _____ () C:\Users\Sonja\Desktop\Log.zip

2014-12-23 19:48 - 2014-12-23 19:48 - 00113311 _____ () C:\Users\Sonja\Desktop\gmer.log

2014-12-23 19:39 - 2014-12-23 19:39 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-12-23 19:30 - 2014-12-23 19:35 - 00022992 _____ () C:\Users\Sonja\Desktop\Addition1.txt

2014-12-23 19:28 - 2014-12-25 00:29 - 00000000 ____D () C:\FRST

2014-12-23 19:28 - 2014-12-23 19:35 - 00029669 _____ () C:\Users\Sonja\Desktop\FRST1.txt

2014-12-23 19:26 - 2014-12-23 19:26 - 02122240 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-12-22 23:28 - 2014-12-22 23:28 - 00057274 _____ () C:\Users\Sonja\Desktop\AVSCAN.LOG

2014-12-18 12:17 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 12:17 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 14:14 - 2014-12-17 14:14 - 00001150 _____ () C:\Users\Sonja\Desktop\Amazon Music.lnk

2014-12-17 14:12 - 2014-12-17 14:13 - 39565896 _____ (Amazon) C:\Users\Sonja\Downloads\AmazonMusicInstaller.exe

2014-12-11 18:33 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 18:33 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 10:40 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-11 10:40 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-11 10:40 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-11 10:40 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-11 10:40 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-11 10:40 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-11 10:40 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-11 10:40 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-11 10:40 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-11 10:40 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-11 10:40 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-11 10:40 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-11 10:40 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-11 10:40 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-11 10:40 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-11 10:40 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-11 10:40 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-11 10:40 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-11 10:40 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-11 10:40 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-11 10:40 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-11 10:40 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-11 10:39 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-11 10:39 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-11 10:39 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-11 10:39 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-11 10:39 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-11 10:38 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-11 10:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 18:36 - 2014-12-09 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-04 20:00 - 2014-12-04 20:04 - 00000000 ____D () C:\Users\Public\Documents\scannen 141204

2014-12-04 09:46 - 2014-12-04 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-12-03 15:03 - 2014-12-03 15:03 - 00150134 _____ () C:\Users\Sonja\Documents\Phishing 141202.odt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-25 00:28 - 2013-12-14 14:46 - 00128480 _____ () C:\Windows\setupact.log

2014-12-25 00:28 - 2013-12-13 23:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-25 00:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-25 00:27 - 2011-04-18 01:45 - 01568731 _____ () C:\Windows\WindowsUpdate.log

2014-12-25 00:23 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-25 00:23 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-25 00:16 - 2011-04-18 02:49 - 00465000 _____ () C:\Windows\PFRO.log

2014-12-25 00:04 - 2013-03-23 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-24 23:45 - 2009-08-04 10:51 - 00711378 _____ () C:\Windows\system32\perfh007.dat

2014-12-24 23:45 - 2009-08-04 10:51 - 00153826 _____ () C:\Windows\system32\perfc007.dat

2014-12-24 23:45 - 2009-07-14 06:13 - 01652604 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-23 23:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-23 23:29 - 2009-07-14 03:34 - 78905344 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-12-23 23:27 - 2011-07-14 20:33 - 00000000 ____D () C:\Program Files (x86)\phonostar-Player

2014-12-22 19:47 - 2011-07-12 19:59 - 00000000 ____D () C:\Users\Sonja\Documents\2 Sonja firma

2014-12-22 19:27 - 2011-07-07 18:27 - 00000000 ____D () C:\Users\Sonja\Documents\1 hospodarjenje

2014-12-19 13:59 - 2014-09-07 19:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc

2014-12-18 17:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-16 19:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 18:40 - 2013-07-17 18:17 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 18:34 - 2011-06-26 15:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:04 - 2013-03-23 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 19:04 - 2012-04-07 10:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 19:04 - 2011-06-26 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 22:59 - 2012-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-09 19:12 - 2013-12-14 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\avgnt.exe

C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe

C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-16 19:48
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014

Ran by Sonja at 2014-12-25 00:30:45

Running from C:\Users\Sonja\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)

Amazon Music (HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)

ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.374 - ArcSoft)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)

Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 12.3.2.6814k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MD86351 driver install (HKLM-x32\...\InstallShield_{8F09C270-2407-4EC5-9AA3-E0735EC745C6}) (Version: 6.3.6.1 - Ihr Firmenname)

MD86351 driver install (x32 Version: 6.3.6.1 - Ihr Firmenname) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)

No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)

Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)

Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)

Nokia Ovi Suite (x32 Version: 2.2.0.245 - Nokia) Hidden

Nokia Ovi Suite Software Updater (HKLM-x32\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Ovi Desktop Sync Engine (x32 Version: 1.4.78.0 - Nokia) Hidden

OviMPlatform (x32 Version: 2.6.195.0 - Nokia) Hidden

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PC Connectivity Solution (HKLM-x32\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)

PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

phonostar-Player Version 3.03.3 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6294 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.1 - MEDION)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

18-12-2014 17:01:08 Windows Update

23-12-2014 13:43:54 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-23 23:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {18CE4AB6-E499-40F8-8A49-1C5A676AF330} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {5D9EE729-695A-46FF-AAD1-C4A6C0E5C63F} - System32\Tasks\{F7FCB6D1-084B-4772-BF55-F92C34E77338} => pcalua.exe -a C:\Users\Sonja\Downloads\avira_antivir_personal_de.exe -d C:\Users\Sonja\Downloads

Task: {8ECF9EF8-3344-43E0-B982-975C6B624088} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {907447B0-87CC-4FB7-88A1-17ADD2F823C8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {94D32C22-CD86-487A-A9A9-F341C796B5CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-13 23:19 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2011-04-18 01:20 - 2011-04-18 01:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-12-17 14:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

2012-05-03 19:50 - 2012-04-17 16:11 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe

2012-05-03 19:50 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll

2012-05-03 19:50 - 2012-04-16 20:47 - 00177664 _____ () C:\Program Files (x86)\TV IR\shutTask.exe

2013-12-13 23:03 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-4224836468-2737801480-210023977-500 - Administrator - Disabled)

Gast (S-1-5-21-4224836468-2737801480-210023977-501 - Limited - Disabled)

Sonja (S-1-5-21-4224836468-2737801480-210023977-1001 - Administrator - Enabled) => C:\Users\Sonja
 

==================== Faulty Device Manager Devices =============
 

Name: ASUS USB2.0 WebCam

Description: USB-Videogerät

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-12-23 23:27:12.195

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-23 23:27:12.180

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 25%

Total physical RAM: 6055.77 MB

Available physical RAM: 4496.11 MB

Total Pagefile: 12109.73 MB

Available Pagefile: 10498.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:15.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (DATA) (Fixed) (Total:202.08 GB) (Free:152.86 GB) NTFS

Drive r: (RECOVERY) (Fixed) (Total:21.48 GB) (Free:11.46 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)

Partition 1: (Not Active) - (Size=21.5 GB) - (Type=0C)

Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

An dieser Stelle schon einmal herzlichen Dank für deine Hilfe!
Meine offenen Fragen:
- war der Trojaner aktiv?
- kann ich Programme wie MBAM, AdwCleaner und JRT präventiv einsetzen (z.B. einmal wöchentlich/monatlich)?
- welche weiteren Maßnahmen sind empfehlenswert?
Danke nochmal für die Unterstützung!!

ESET-Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=7aa289685858384daaed4f48a345c432

# engine=21710

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-12-26 03:22:30

# local_time=2014-12-26 04:22:30 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 100 10113 33025512 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 10112 171237200 0 0

# scanned=184576

# found=0

# cleaned=0

# scan_time=8911

SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 71  

  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  

 Adobe Reader XI  

 Mozilla Firefox (34.0.5) 

 Mozilla Thunderbird (31.3.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014

Ran by Sonja (administrator) on ASUS-SONJA on 26-12-2014 19:13:45

Running from C:\Users\Sonja\Desktop

Loaded Profile: Sonja (Available profiles: Sonja)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

(ASUS) C:\Windows\AsScrPro.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

() C:\Program Files (x86)\TV IR\TV IR.exe

() C:\Program Files (x86)\TV IR\shutTask.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-04-18] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-04-18] (ASUS)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-17] ()

HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [177664 2012-04-16] ()

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)

AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4224836468-2737801480-210023977-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4224836468-2737801480-210023977-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )

FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\4s8gnecb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )

S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)

S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [56960 2011-03-06] (Siano)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-26 19:13 - 2014-12-26 19:14 - 00013978 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-12-26 19:13 - 2014-12-26 19:13 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion

2014-12-26 19:11 - 2014-12-26 19:11 - 00000955 _____ () C:\Users\Sonja\Desktop\checkup.txt

2014-12-26 19:08 - 2014-12-26 19:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-26 19:05 - 2014-12-26 19:05 - 00852505 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe

2014-12-26 13:46 - 2014-12-26 13:46 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-12-26 13:45 - 2014-12-26 13:46 - 02347384 _____ (ESET) C:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe

2014-12-25 00:30 - 2014-12-25 00:31 - 00015260 _____ () C:\Users\Sonja\Desktop\Addition2.txt

2014-12-25 00:29 - 2014-12-25 00:31 - 00031276 _____ () C:\Users\Sonja\Desktop\FRST2.txt

2014-12-25 00:23 - 2014-12-25 00:23 - 00001617 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-12-25 00:19 - 2014-12-25 00:19 - 00000000 ____D () C:\Windows\ERUNT

2014-12-25 00:17 - 2014-12-25 00:17 - 00001768 _____ () C:\Users\Sonja\Desktop\AdwCleaner[S0].txt

2014-12-25 00:11 - 2014-12-25 00:14 - 00000000 ____D () C:\AdwCleaner

2014-12-25 00:09 - 2014-12-25 00:09 - 00001807 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-12-24 23:49 - 2014-12-24 23:49 - 01707646 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-12-24 23:47 - 2014-12-24 23:48 - 02173952 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.106.exe

2014-12-24 23:43 - 2014-12-25 00:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 23:42 - 2014-12-24 23:42 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 23:42 - 2014-12-24 23:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-24 23:40 - 2014-12-24 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe

2014-12-23 23:36 - 2014-12-23 23:36 - 00021281 _____ () C:\Users\Sonja\Desktop\combofix.txt

2014-12-23 23:35 - 2014-12-23 23:35 - 00021281 _____ () C:\ComboFix.txt

2014-12-23 23:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-23 23:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-23 23:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-23 23:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-23 23:17 - 2014-12-23 23:35 - 00000000 ____D () C:\Qoobox

2014-12-23 23:17 - 2014-12-23 23:34 - 00000000 ____D () C:\Windows\erdnt

2014-12-23 23:15 - 2014-12-23 23:15 - 05603465 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe

2014-12-23 20:09 - 2014-12-23 20:09 - 00012432 _____ () C:\Users\Sonja\Desktop\Log.zip

2014-12-23 19:48 - 2014-12-23 19:48 - 00113311 _____ () C:\Users\Sonja\Desktop\gmer.log

2014-12-23 19:39 - 2014-12-23 19:39 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-12-23 19:30 - 2014-12-23 19:35 - 00022992 _____ () C:\Users\Sonja\Desktop\Addition1.txt

2014-12-23 19:28 - 2014-12-26 19:13 - 00000000 ____D () C:\FRST

2014-12-23 19:28 - 2014-12-23 19:35 - 00029669 _____ () C:\Users\Sonja\Desktop\FRST1.txt

2014-12-23 19:26 - 2014-12-26 19:13 - 02122752 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-12-22 23:28 - 2014-12-22 23:28 - 00057274 _____ () C:\Users\Sonja\Desktop\AVSCAN.LOG

2014-12-18 12:17 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 12:17 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 14:14 - 2014-12-17 14:14 - 00001150 _____ () C:\Users\Sonja\Desktop\Amazon Music.lnk

2014-12-17 14:12 - 2014-12-17 14:13 - 39565896 _____ (Amazon) C:\Users\Sonja\Downloads\AmazonMusicInstaller.exe

2014-12-11 18:33 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 18:33 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 10:40 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-11 10:40 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-11 10:40 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-11 10:40 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-11 10:40 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-11 10:40 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-11 10:40 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-11 10:40 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-11 10:40 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-11 10:40 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-11 10:40 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-11 10:40 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-11 10:40 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-11 10:40 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-11 10:40 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-11 10:40 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-11 10:40 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-11 10:40 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-11 10:40 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-11 10:40 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-11 10:40 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-11 10:40 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-11 10:40 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-11 10:40 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-11 10:40 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-11 10:40 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-11 10:40 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-11 10:40 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-11 10:40 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-11 10:40 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-11 10:40 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-11 10:40 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-11 10:40 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-11 10:40 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-11 10:40 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-11 10:40 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-11 10:39 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-11 10:39 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-11 10:39 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-11 10:39 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-11 10:39 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-11 10:39 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-11 10:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-11 10:39 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-11 10:38 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-11 10:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 18:36 - 2014-12-09 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-04 20:00 - 2014-12-04 20:04 - 00000000 ____D () C:\Users\Public\Documents\scannen 141204

2014-12-04 09:46 - 2014-12-04 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-12-03 15:03 - 2014-12-03 15:03 - 00150134 _____ () C:\Users\Sonja\Documents\Phishing 141202.odt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-26 19:10 - 2011-04-18 01:45 - 01612454 _____ () C:\Windows\WindowsUpdate.log

2014-12-26 19:07 - 2013-12-14 14:46 - 00128816 _____ () C:\Windows\setupact.log

2014-12-26 19:06 - 2013-12-13 23:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-26 19:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-26 19:04 - 2013-03-23 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-26 14:10 - 2009-08-04 10:51 - 00711378 _____ () C:\Windows\system32\perfh007.dat

2014-12-26 14:10 - 2009-08-04 10:51 - 00153826 _____ () C:\Windows\system32\perfc007.dat

2014-12-26 14:10 - 2009-07-14 06:13 - 01652604 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-26 13:35 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-26 13:35 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-25 00:16 - 2011-04-18 02:49 - 00465000 _____ () C:\Windows\PFRO.log

2014-12-23 23:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-23 23:29 - 2009-07-14 03:34 - 78905344 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-12-23 23:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-12-23 23:27 - 2011-07-14 20:33 - 00000000 ____D () C:\Program Files (x86)\phonostar-Player

2014-12-22 19:47 - 2011-07-12 19:59 - 00000000 ____D () C:\Users\Sonja\Documents\2 Sonja firma

2014-12-22 19:27 - 2011-07-07 18:27 - 00000000 ____D () C:\Users\Sonja\Documents\1 hospodarjenje

2014-12-19 13:59 - 2014-09-07 19:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc

2014-12-18 17:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-16 19:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 18:40 - 2013-07-17 18:17 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 18:34 - 2011-06-26 15:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 19:04 - 2013-03-23 19:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 19:04 - 2012-04-07 10:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 19:04 - 2011-06-26 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 22:59 - 2012-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-09 19:12 - 2013-12-14 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\avgnt.exe

C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe

C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-26 16:53
 

==================== End Of Log ============================

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014

Ran by Sonja at 2014-12-26 19:14:35

Running from C:\Users\Sonja\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)

Amazon Music (HKU\S-1-5-21-4224836468-2737801480-210023977-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)

ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.374 - ArcSoft)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)

Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 12.3.2.6814k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MD86351 driver install (HKLM-x32\...\InstallShield_{8F09C270-2407-4EC5-9AA3-E0735EC745C6}) (Version: 6.3.6.1 - Ihr Firmenname)

MD86351 driver install (x32 Version: 6.3.6.1 - Ihr Firmenname) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)

No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)

Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)

Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)

Nokia Ovi Suite (x32 Version: 2.2.0.245 - Nokia) Hidden

Nokia Ovi Suite Software Updater (HKLM-x32\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Ovi Desktop Sync Engine (x32 Version: 1.4.78.0 - Nokia) Hidden

OviMPlatform (x32 Version: 2.6.195.0 - Nokia) Hidden

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PC Connectivity Solution (HKLM-x32\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)

PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

phonostar-Player Version 3.03.3 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6294 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.1 - MEDION)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

26-12-2014 17:00:04 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-23 23:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {18CE4AB6-E499-40F8-8A49-1C5A676AF330} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {5D9EE729-695A-46FF-AAD1-C4A6C0E5C63F} - System32\Tasks\{F7FCB6D1-084B-4772-BF55-F92C34E77338} => pcalua.exe -a C:\Users\Sonja\Downloads\avira_antivir_personal_de.exe -d C:\Users\Sonja\Downloads

Task: {8ECF9EF8-3344-43E0-B982-975C6B624088} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {907447B0-87CC-4FB7-88A1-17ADD2F823C8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {94D32C22-CD86-487A-A9A9-F341C796B5CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {FC7BA37F-6B86-4025-A938-F78A11ED067D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-13 23:19 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2011-04-18 01:20 - 2011-04-18 01:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-12-17 14:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe

2012-05-03 19:50 - 2012-04-17 16:11 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe

2012-05-03 19:50 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll

2012-05-03 19:50 - 2012-04-16 20:47 - 00177664 _____ () C:\Program Files (x86)\TV IR\shutTask.exe

2013-12-13 23:03 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2014-12-09 18:36 - 2014-12-09 18:36 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-4224836468-2737801480-210023977-500 - Administrator - Disabled)

Gast (S-1-5-21-4224836468-2737801480-210023977-501 - Limited - Disabled)

Sonja (S-1-5-21-4224836468-2737801480-210023977-1001 - Administrator - Enabled) => C:\Users\Sonja
 

==================== Faulty Device Manager Devices =============
 

Name: ASUS USB2.0 WebCam

Description: USB-Videogerät

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]
 

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]
 

Error: (12/26/2014 06:47:04 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/26/2014 04:53:48 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/26/2014 01:46:17 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/26/2014 01:46:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/26/2014 01:46:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/26/2014 01:46:10 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 

System errors:

=============

Error: (12/26/2014 02:17:01 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 

Microsoft Office Sessions:

=========================

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]
 

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 

Error: (12/26/2014 07:07:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]
 

Error: (12/26/2014 06:47:04 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (12/26/2014 04:53:48 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (12/26/2014 01:46:17 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe
 

Error: (12/26/2014 01:46:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe
 

Error: (12/26/2014 01:46:14 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe
 

Error: (12/26/2014 01:46:10 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-12-23 23:27:12.195

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-23 23:27:12.180

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 33%

Total physical RAM: 6055.77 MB

Available physical RAM: 4044.96 MB

Total Pagefile: 12109.73 MB

Available Pagefile: 10073.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:19.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (DATA) (Fixed) (Total:202.08 GB) (Free:152.86 GB) NTFS

Drive f: () (Removable) (Total:1.85 GB) (Free:1.62 GB) FAT

Drive g: (UDISK) (Removable) (Total:7.58 GB) (Free:3.33 GB) FAT32

Drive h: () (Removable) (Total:1.88 GB) (Free:1.06 GB) FAT

Drive r: (RECOVERY) (Fixed) (Total:21.48 GB) (Free:11.46 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)

Partition 1: (Not Active) - (Size=21.5 GB) - (Type=0C)

Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7.6 GB) - (Type=0C)
 

========================================================

Disk: 2 (Size: 1.9 GB) (Disk ID: 8D86389E)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 

========================================================

Disk: 3 (Size: 1.9 GB) (Disk ID: 04DD5721)

Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
 

==================== End Of Log ============================

sieht aus als war er aktiv, also Passwörter ändern ist Pflicht.

Müssen noch kurz was checken:

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

cmd: type c:\programdata\SetWallpaper.cmd

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Kannst du mir bitte noch meine beiden anderen Fragen beantworten:
- kann ich Programme wie MBAM, AdwCleaner und JRT präventiv einsetzen (z.B. einmal wöchentlich/monatlich)?
- welche weiteren Maßnahmen sind empfehlenswert?
Danke.

FSS:

Code:

Farbar Service Scanner Version: 21-07-2014

Ran by Sonja (administrator) on 28-12-2014 at 10:58:31

Running from "C:\Users\Sonja\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed
 
 

**** End of log ****

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014

Ran by Sonja at 2014-12-28 11:01:23 Run:1

Running from C:\Users\Sonja\Desktop

Loaded Profile: Sonja (Available profiles: Sonja)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

cmd: type c:\programdata\SetWallpaper.cmd

*****************
 
 

=========  type c:\programdata\SetWallpaper.cmd =========
 

Das System kann die angegebene Datei nicht finden.
 

========= End of CMD: =========
 
 

==== End of Fixlog 11:01:23 ====

Die Fragen sollten nach dem folgenden Text eigentlich beantwortet sein :)

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.