Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   SystemCare Antivirus auf Laptop (https://www.trojaner-board.de/137720-systemcare-antivirus-laptop.html)

Anfänger341 04.07.2013 20:11
SystemCare Antivirus auf Laptop
 
Hallo,
das Laptop meiner Tochter wurde von System Care Antivirus infiziert. Es läuft jetzt nur noch sehr langsam und Programme wie Skype funktionieren nicht mehr. Auch Optionen wie "Systemwiederherstellung" können nicht mehr ausgeführt werden. Der genaue Name des Programms lautet "System Care Antivirus 3.7.33". Könnt ihr mir bzw. meiner Tochter helfen?

Danke im Voraus
Anfänger341

schrauber 04.07.2013 20:11
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Anfänger341 04.07.2013 20:53
Hallo schrauber,
hier die Dateien:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Anja (administrator) on 04-07-2013 21:51:32
Running from C:\Users\Anja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-12-27] (Google Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2CQ230JF05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [282624 2009-07-07] (BlazeVideo Company)
HKCU\...\Run: [Xaxi] C:\Users\Anja\AppData\Roaming\Vouc\xaxi.exe [297472 2012-12-31] (Paragon Software Group®)
HKCU\...\RunOnce: [FA2DE05D5D072E120000FA2CE63734D0] C:\ProgramData\FA2DE05D5D072E120000FA2CE63734D0\FA2DE05D5D072E120000FA2CE63734D0.exe [462848 2013-07-03] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe" [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" [x]
HKLM-x32\...\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe" [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1519680 2013-07-01] (1und1 Mail und Media GmbH)
Startup: C:\ProgramData\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {429F5671-2B20-4E30-9D4C-641F8CF5C91F} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {58218040-07C8-4FB0-8F4C-2FF3C3C58300} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {6750ED6E-5E34-4919-8691-8A51F3192E8B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f0d38547-6f4c-477e-bf87-dd625c41de69&apn_sauid=8C77D94A-0779-49EC-8B8B-D0721AF0E600
SearchScopes: HKCU - {9DB21D8A-CB78-49B8-9619-94A3D21DD55D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F0C31161-4ABC-4701-BA50-D465404445F1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR RestoreOnStartup:        "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Amazon for Chrome) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-25] (Avira Operations GmbH & Co. KG)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-03 21:33 - 2013-07-03 21:34 - 00000000 ____D C:\ProgramData\FA2DE05D5D072E120000FA2CE63734D0
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-07-01 15:43 - 2013-07-02 06:55 - 00000000 ____D C:\Users\Anja\AppData\Local\{33320A0F-91F7-CC47-6970-E08247191937}
2013-06-26 07:56 - 2013-07-01 10:04 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-25 18:13 - 2013-06-25 18:13 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-06-25 18:11 - 2013-07-02 21:37 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-06-25 18:11 - 2013-06-25 18:11 - 00002070 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 18:10 - 2013-06-25 18:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Users\Anja\AppData\Local\AskToolbar
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Users\Anja\AppData\Local\APN
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:10 - 2013-06-25 18:09 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 18:10 - 2013-06-25 18:09 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 18:10 - 2013-06-25 18:09 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-15 16:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:28 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 16:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:58 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:58 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:58 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:41 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:41 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:41 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:41 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:41 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:41 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:41 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:41 - 2013-06-08 16:49 - 00009534 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-04 21:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:35 - 2009-07-14 06:51 - 00065035 ____A C:\Windows\setupact.log
2013-07-04 20:58 - 2012-12-27 18:18 - 01967289 ____A C:\Windows\WindowsUpdate.log
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-03 21:34 - 2013-07-03 21:33 - 00000000 ____D C:\ProgramData\FA2DE05D5D072E120000FA2CE63734D0
2013-07-03 21:32 - 2013-01-11 16:26 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Skype
2013-07-02 21:37 - 2013-06-25 18:11 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-07-02 18:43 - 2011-02-10 21:25 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-07-02 18:43 - 2011-02-10 21:25 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-07-02 18:43 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 15:55 - 2012-12-27 20:57 - 00000000 ____D C:\Users\Anja\Desktop\Alles
2013-07-02 06:55 - 2013-07-01 15:43 - 00000000 ____D C:\Users\Anja\AppData\Local\{33320A0F-91F7-CC47-6970-E08247191937}
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-02 06:51 - 2012-12-27 18:20 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 06:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 22:50 - 2012-12-27 18:20 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 22:32 - 2012-12-27 23:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-07-01 19:21 - 2012-12-27 19:58 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-07-01 10:04 - 2013-06-26 07:56 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-26 19:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 18:13 - 2013-06-25 18:13 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-06-25 18:11 - 2013-06-25 18:11 - 00002070 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 18:11 - 2013-06-25 18:10 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Users\Anja\AppData\Local\AskToolbar
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Users\Anja\AppData\Local\APN
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:09 - 2013-06-25 18:10 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 18:09 - 2013-06-25 18:10 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 18:09 - 2013-06-25 18:10 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-25 17:56 - 2010-11-21 05:47 - 00055014 ____A C:\Windows\PFRO.log
2013-06-21 21:34 - 2012-12-27 19:27 - 00000000 ____D C:\Users\Anja\AppData\Local\Google
2013-06-20 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:43 - 2013-02-10 12:13 - 00000000 ____D C:\Users\Anja\AppData\Local\Microsoft Games
2013-06-17 15:21 - 2013-02-01 16:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-17 15:21 - 2013-01-11 16:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 16:14 - 2012-12-27 18:25 - 00000000 ____D C:\Users\Anja\AppData\Local\VirtualStore
2013-06-12 22:59 - 2011-02-10 22:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 16:49 - 2013-06-08 16:41 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:08 - 2013-06-15 16:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:28 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:28 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:40 - 2013-06-15 16:27 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:13 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-20 17:46

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---




FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Anja at 2013-07-04 21:53:42
Running from C:\Users\Anja\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615)
Amazon Browser Bar (x32 Version: 3.0)
Ask Toolbar (x32 Version: 1.15.26.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
Bing Bar (x32 Version: 7.1.355.0)
BlazeDTV 6.0 (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
CyberLink LabelPrint (x32 Version: 2.5.2602)
CyberLink MediaShow (x32 Version: 5.0.1410a)
CyberLink MediaShow Espresso (x32 Version: 5.5.1412_24021a)
CyberLink PhotoNow (x32 Version: 1.1.6904)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3101)
CyberLink PowerDVD 9 (x32 Version: 9.0.2925.52)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerProducer (x32 Version: 5.0.2.2326)
CyberLink YouCam (x32 Version: 3.0.2626)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Fotogalerie (x32 Version: 16.4.3505.0912)
Fotogalerija (x32 Version: 16.4.3505.0912)
Fotograf Galerisi (x32 Version: 16.4.3505.0912)
Fotótár (x32 Version: 16.4.3505.0912)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galeria fotografii (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Haali Media Splitter (x32)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet 4620 series Hilfe (x32 Version: 6.0.0)
HP Photo Creations (x32 Version: 1.0.0.9572)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2279)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 23 (64-bit) (Version: 6.0.230)
Java(TM) 6 Update 23 (x32 Version: 6.0.230)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Launch Manager (x32 Version: 1.5.1.3)
Medion Home Cinema (x32 Version: 8.0.1505)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MuseScore 1.3 (x32 Version: 1.3.0)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta uslugi Windows Live (x32 Version: 16.4.3505.0912)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)
Pošta Windows Live (x32 Version: 16.4.3505.0912)
PriMus Free 1.1 (Build 10306) (x32)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0148)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
S?????? f?t???af??? (x32 Version: 16.4.3505.0912)
Skype™ 6.5 (x32 Version: 6.5.158)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (Version: 28.0.1315.0)
SUSTANIA Client (HKCU)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
TIPP10 Version 2.1.0 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Vektoris3D 2.0 (x32 Version: 2.0)
Versandhelfer (x32 Version: 0.9.511)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
watchmi (x32 Version: 2.5.0)
WEB.DE MailCheck für Internet Explorer (x32 Version: 2.3.0.2)
WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.54)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
X10 Hardware(TM) (x32)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)

==================== Restore Points  =========================

28-05-2013 13:30:42 Windows Update
02-06-2013 11:35:06 Windows Update
07-06-2013 11:45:44 Windows Update
08-06-2013 14:20:33 Windows Update
08-06-2013 14:40:55 Windows Update
12-06-2013 20:57:43 Windows Update
15-06-2013 14:27:32 Windows Update
21-06-2013 13:57:49 Windows Update
25-06-2013 08:01:18 Windows Update
26-06-2013 21:00:15 Windows Update
02-07-2013 19:39:50 Windows Update
04-07-2013 19:50:47 Windows Defender Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {35F4C1BD-5F99-4838-8CAA-36C4BD3E3D94} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3DD38696-DDDE-43BF-B48A-27FAA3CA17B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {56DF61CA-240A-4420-8767-32EB481B61A0} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {6B3DAF70-0224-4B75-82EB-AAC076E5C2C6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {6BC39FC6-9370-4D4D-BFF5-E295DD05AA47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {73A4389D-BB41-4C12-9834-F4BE6757730C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {8F8A175C-5DB8-4CDA-A6A6-23E375FFC7DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {8F9CA6DB-FC3A-42A0-BEC7-BFEAD13A2925} - System32\Tasks\{3565B26E-D753-4480-9315-66D32D50083C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {AA06BD84-6C6C-4AB3-987B-F56D2C8A8817} - System32\Tasks\{3BBED7DF-B980-4B6F-829D-9BDF7011A1CF} => C:\program files\internet explorer\iexplore.exe [2013-05-17] (Microsoft Corporation)
Task: {D177904A-EEB7-41CF-BE98-CEB2954A395B} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-05-28] (1&1 Mail & Media GmbH)
Task: {D7E963FE-26E9-4EF2-B581-4FFAD945A7E7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {EDD7DD84-C555-43C2-ABC5-5B6DF63ADCBE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F6FECF7B-872B-4BD3-9A8F-6F5C2FA76CD6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 09:50:47 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {2aa465a1-4a48-4e77-a9c0-97d225e559c9}

Error: (07/04/2013 09:38:30 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f94

Startzeit: 01ce78eddc5640ad

Endzeit: 16

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 49ac994b-e4e1-11e2-8f49-00262dc3bc91

Error: (07/04/2013 09:37:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:54:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 09:57:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 09:50:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611, Zeitstempel: 0x5191e7aa
Name des fehlerhaften Moduls: AviraCallingIDhelper.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x51801597
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73687b41
ID des fehlerhaften Prozesses: 0x9e8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/03/2013 09:49:52 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 133c

Startzeit: 01ce78265aecd235

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/03/2013 09:49:00 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 390

Startzeit: 01ce78262dbe93e1

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/03/2013 09:45:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 06:00:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/04/2013 09:44:08 PM) (Source: DCOM) (User: Anja-Notebook)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Anja-NotebookAnjaS-1-5-21-1628196527-747584120-2221820558-1000LocalHost (unter Verwendung von LRPC)

Error: (07/04/2013 09:38:33 PM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (07/03/2013 10:04:31 PM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (07/03/2013 09:59:46 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (07/03/2013 09:56:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/03/2013 09:56:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (07/03/2013 09:50:25 PM) (Source: DCOM) (User: )
Description: {43AB7B5D-4C40-4103-A549-7002A116A7D5}

Error: (07/03/2013 09:49:03 PM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (07/03/2013 09:43:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/03/2013 09:43:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.


Microsoft Office Sessions:
=========================
Error: (07/04/2013 09:50:47 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {2aa465a1-4a48-4e77-a9c0-97d225e559c9}

Error: (07/04/2013 09:38:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16611f9401ce78eddc5640ad16C:\Program Files\Internet Explorer\iexplore.exe49ac994b-e4e1-11e2-8f49-00262dc3bc91

Error: (07/04/2013 09:37:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:54:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 09:57:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 09:50:56 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.166115191e7aaAviraCallingIDhelper.dll_unloaded0.0.0.051801597c000000573687b419e801ce78266d2b1e0eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEAviraCallingIDhelper.dlldff0751c-e419-11e2-926e-00262dc3bc91

Error: (07/03/2013 09:49:52 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16611133c01ce78265aecd2350C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/03/2013 09:49:00 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1661139001ce78262dbe93e10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/03/2013 09:45:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 06:00:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3893.49 MB
Available physical RAM: 2406.32 MB
Total Pagefile: 7785.16 MB
Available Pagefile: 6095.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:555.07 GB) (Free:485.22 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:17.11 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 107A737B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=555 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---


Hallo schrauber,
der Virus scheint jetzt von meinem Laptop verschwunden zu sein, ich kann auch alle Dateien wieder normal ausführen und die Geschwindigkeit ist deutlich höher. Ich habe aber nichts gemacht außer das, was du gesagt hattest. Ist das normal? Hat sich der Virus vllt. noch irgendwo versteckt?

Mit freundlichen Grüßen,
die Tochter von Anfänger341

schrauber 05.07.2013 07:34
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Anfänger341 05.07.2013 13:20
Hallo schrauber,
hier die Datei:



Combofix Logfile:
Code:
ComboFix 13-07-04.01 - Anja 05.07.2013  14:09:42.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3893.2051 [GMT 2:00]
ausgeführt von:: c:\users\Anja\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FA2DE05D5D072E120000FA2CE63734D0
c:\programdata\FA2DE05D5D072E120000FA2CE63734D0\FA2DE05D5D072E120000FA2CE63734D0
c:\programdata\FA2DE05D5D072E120000FA2CE63734D0\FA2DE05D5D072E120000FA2CE63734D0.exe
c:\programdata\FA2DE05D5D072E120000FA2CE63734D0\FA2DE05D5D072E120000FA2CE63734D0.ico
c:\users\Anja\AppData\Roaming\Kajod
c:\users\Anja\AppData\Roaming\Kajod\yqhia.exe
c:\users\Anja\AppData\Roaming\Vouc
c:\users\Anja\AppData\Roaming\Vouc\xaxi.exe
c:\users\Public\AlexaNSISPlugin.6812.dll
c:\users\Public\sdelevURL.tmp
c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
c:\windows\SysWow64\systeminfo.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-05 bis 2013-07-05  ))))))))))))))))))))))))))))))
.
.
2013-07-05 12:17 . 2013-07-05 12:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-05 12:13 . 2013-07-05 12:13        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A78C0737-E10C-4A16-A60B-AEA837FA0324}\offreg.dll
2013-07-04 19:51 . 2013-07-04 19:51        --------        d-----w-        C:\FRST
2013-07-02 19:40 . 2013-06-12 03:08        9552976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A78C0737-E10C-4A16-A60B-AEA837FA0324}\mpengine.dll
2013-07-02 04:52 . 2013-07-02 04:52        --------        d-----w-        c:\program files\WEB.DE MailCheck
2013-07-02 04:52 . 2013-07-02 04:52        --------        d-----w-        c:\program files (x86)\WEB.DE MailCheck
2013-07-01 17:21 . 2013-07-01 17:21        --------        d-----w-        c:\programdata\UUdb
2013-06-25 16:11 . 2013-07-05 12:00        --------        d-----w-        c:\users\Anja\AppData\Local\DoNotTrackPlus
2013-06-25 16:10 . 2013-06-25 16:10        --------        d-----w-        c:\users\Anja\AppData\Local\AskToolbar
2013-06-25 16:10 . 2013-06-25 16:10        --------        d-----w-        c:\program files (x86)\Ask.com
2013-06-25 16:10 . 2013-06-25 16:10        --------        d-----w-        C:\Firefox
2013-06-25 16:10 . 2013-06-25 16:10        --------        d-----w-        c:\users\Anja\AppData\Local\APN
2013-06-25 16:10 . 2013-07-05 12:01        --------        d-----w-        c:\programdata\Avira
2013-06-12 15:42 . 2013-05-08 06:39        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-06-08 14:42 . 2013-06-08 14:42        97280        ----a-w-        c:\windows\system32\mshtmled.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 20:59 . 2011-02-10 20:56        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-11 20:33 . 2012-12-27 21:52        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:33 . 2012-12-27 21:52        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-27 18:39 . 2012-12-28 18:06        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-27 18:39 . 2012-12-28 18:05        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-27 18:39 . 2012-12-28 18:05        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-19 19:03 . 2012-12-28 16:25        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-15 06:52 . 2013-05-14 19:51        1652        ----a-w-        c:\windows\system32\ASOROSet.bin
2013-05-11 19:26 . 2013-05-11 19:25        28672        ----a-w-        c:\windows\system32\AF15BDAEX.dll
2013-05-11 19:26 . 2013-05-11 19:25        154        ----a-w-        c:\windows\system32\AF15IRTBL.bin
2013-05-11 19:26 . 2009-06-02 22:58        507392        ----a-w-        c:\windows\system32\drivers\AF15BDA.sys
2013-05-09 07:45 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-28 12:07 . 2013-04-28 12:07        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 10:45        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:45        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:45        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:45        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:45        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:45        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 15:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 10:45        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:45        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:44        3153920        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02        1521800        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-08-15 19:35        2162272        ----a-w-        c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-08-15 2162272]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-11 15:23        220632        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-11 15:23        220632        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-11 15:23        220632        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-27 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"BlazeServoTool"="c:\program files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2010-12-15 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2010-03-03 171104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-07-01 1519680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
R3 mod7764;TV Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 14:53        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 20:33]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27 16:20]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-11 15:23        244696        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-11 15:23        244696        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-11 15:23        244696        ----a-w-        c:\users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11548264]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 418328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Xaxi - c:\users\Anja\AppData\Roaming\Vouc\xaxi.exe
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05  14:20:57
ComboFix-quarantined-files.txt  2013-07-05 12:20
.
Vor Suchlauf: 9 Verzeichnis(se), 521.185.898.496 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 521.952.239.616 Bytes frei
.
- - End Of File - - 5712AD4A56F8188CF139D48F01898A7A
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

schrauber 05.07.2013 17:14
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte :)

Anfänger341 05.07.2013 17:42
Hallo schrauber,

hier das Log von AdwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v2.304 - Datei am 05/07/2013 um 18:24:54 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Anja - ANJA-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anja\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Updater Service for AMZN

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Amazon Browser Bar
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Amazon Browser Bar
Ordner Gelöscht : C:\Users\Anja\AppData\Local\APN
Ordner Gelöscht : C:\Users\Anja\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\f57ecf404a4fede2
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2211] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",

*************************

AdwCleaner[S1].txt - [14808 octets] - [05/07/2013 18:24:54]

########## EOF - C:\AdwCleaner[S1].txt - [14869 octets] ##########
--- --- ---



Das Log von JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anja on 05.07.2013 at 18:33:16,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6750ED6E-5E34-4919-8691-8A51F3192E8B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Anja\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{03A1AA99-C071-4F6E-9ABE-12BF94C83049}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A72F3AD-7966-4C4F-B055-8C0E479A4F30}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1B279E31-47CB-4C89-96BB-4F89E8ECDF7C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{30EF7E92-612D-4C2A-91D9-5E1321A0B800}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33320A0F-91F7-CC47-6970-E08247191937}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3838DCDC-2852-45E6-AB81-20F682E420B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{39EEB6B3-2667-496C-88A9-703F2BB5FAEE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42EB7840-6F72-49C8-BD20-5939E98AF494}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{447969D2-2D44-4844-93B6-061AE6BB19F3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4572D757-1F75-4CD9-8635-31052C288767}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{48ECB76F-D3AF-48B9-A1AA-D90295DEB2FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4A3347B9-CCD9-4121-92CF-80CA1992D1CF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{637117D8-CC95-4E43-9BC2-C3E5E8274E44}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6E43660D-44D9-41FA-A69B-148DC7258B3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{85E5B74F-1ABF-4863-9C49-F3EFA1DB464C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93E17B62-BEBA-4F27-A68B-57DE62316519}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{960D8B36-A290-4ED4-873A-A1D18DE23B54}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AF9B2BEB-6211-44A1-9BA3-19BFA7351A60}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BDDEEDBE-4E9F-44B2-B8AB-F07BA6FB0412}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C1ED9436-792D-4344-B547-5669D0715AD9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD09CD56-434E-4EBC-BB32-55A7792988F2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DE3606DF-42D8-4D5E-96EE-E62972899FED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E0D12CD2-9A01-45F4-A2B4-63826E1FBE3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E6E5A6E2-4610-436C-9A5A-96E73D9B6DB7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA54110A-F8A0-4C12-B2C7-BD5003791E24}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F22D997D-9FC5-4453-A219-FBE7FEC70CFD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F5B4654F-BBF7-45A6-BC39-319BD23A6C61}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.07.2013 at 18:38:53,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




und das neue FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Anja (administrator) on 05-07-2013 18:39:42
Running from C:\Users\Anja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(BlazeVideo Company) C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\PROGRA~2\MICROS~3\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-12-27] (Google Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2CQ230JF05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [282624 2009-07-07] (BlazeVideo Company)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe" [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe" [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1519680 2013-07-01] (1und1 Mail und Media GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {429F5671-2B20-4E30-9D4C-641F8CF5C91F} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {58218040-07C8-4FB0-8F4C-2FF3C3C58300} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9DB21D8A-CB78-49B8-9619-94A3D21DD55D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F0C31161-4ABC-4701-BA50-D465404445F1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup:        "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Amazon for Chrome) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0

==================== Services (Whitelisted) =================

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-05 18:38 - 2013-07-05 18:38 - 00004042 ____A C:\Users\Anja\Desktop\JRT.txt
2013-07-05 18:33 - 2013-07-05 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 18:31 - 2013-07-05 18:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Anja\Desktop\JRT.exe
2013-07-05 18:31 - 2013-07-05 18:31 - 00000000 ____D C:\JRT
2013-07-05 18:24 - 2013-07-05 18:25 - 00014891 ____A C:\AdwCleaner[S1].txt
2013-07-05 18:24 - 2013-07-05 18:24 - 00650027 ____A C:\Users\Anja\Desktop\adwcleaner.exe
2013-07-05 14:20 - 2013-07-05 14:20 - 00023624 ____A C:\ComboFix.txt
2013-07-05 14:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 14:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 14:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 13:50 - 2013-07-05 14:21 - 00000000 ____D C:\Qoobox
2013-07-05 13:50 - 2013-07-05 14:19 - 00000000 ____D C:\Windows\erdnt
2013-07-05 13:45 - 2013-07-05 13:46 - 05085494 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-07-04 21:53 - 2013-07-04 21:54 - 00022351 ____A C:\Users\Anja\Desktop\Addition.txt
2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-06-25 18:11 - 2013-07-05 14:00 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-06-25 18:10 - 2013-07-05 14:01 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-15 16:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:28 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 16:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:58 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:58 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:58 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:41 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:41 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:41 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:41 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:41 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:41 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:41 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:41 - 2013-06-08 16:49 - 00009534 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-05 18:38 - 2013-07-05 18:38 - 00004042 ____A C:\Users\Anja\Desktop\JRT.txt
2013-07-05 18:34 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 18:34 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 18:33 - 2013-07-05 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 18:33 - 2013-01-11 16:26 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Skype
2013-07-05 18:32 - 2012-12-27 20:57 - 00000000 ____D C:\Users\Anja\Desktop\Alles
2013-07-05 18:31 - 2013-07-05 18:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Anja\Desktop\JRT.exe
2013-07-05 18:31 - 2013-07-05 18:31 - 00000000 ____D C:\JRT
2013-07-05 18:26 - 2010-11-21 05:47 - 00056660 ____A C:\Windows\PFRO.log
2013-07-05 18:26 - 2009-07-14 06:51 - 00065203 ____A C:\Windows\setupact.log
2013-07-05 18:25 - 2013-07-05 18:24 - 00014891 ____A C:\AdwCleaner[S1].txt
2013-07-05 18:25 - 2012-12-27 18:18 - 02011550 ____A C:\Windows\WindowsUpdate.log
2013-07-05 18:24 - 2013-07-05 18:24 - 00650027 ____A C:\Users\Anja\Desktop\adwcleaner.exe
2013-07-05 14:21 - 2013-07-05 13:50 - 00000000 ____D C:\Qoobox
2013-07-05 14:21 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-05 14:20 - 2013-07-05 14:20 - 00023624 ____A C:\ComboFix.txt
2013-07-05 14:19 - 2013-07-05 13:50 - 00000000 ____D C:\Windows\erdnt
2013-07-05 14:17 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-05 14:01 - 2013-06-25 18:10 - 00000000 ____D C:\ProgramData\Avira
2013-07-05 14:00 - 2013-06-25 18:11 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-07-05 13:46 - 2013-07-05 13:45 - 05085494 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-07-04 21:54 - 2013-07-04 21:53 - 00022351 ____A C:\Users\Anja\Desktop\Addition.txt
2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-02 18:43 - 2011-02-10 21:25 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-07-02 18:43 - 2011-02-10 21:25 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-07-02 18:43 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-02 06:51 - 2012-12-27 18:20 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 06:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 22:50 - 2012-12-27 18:20 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 22:32 - 2012-12-27 23:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-07-01 19:21 - 2012-12-27 19:58 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-26 19:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-21 21:34 - 2012-12-27 19:27 - 00000000 ____D C:\Users\Anja\AppData\Local\Google
2013-06-20 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:43 - 2013-02-10 12:13 - 00000000 ____D C:\Users\Anja\AppData\Local\Microsoft Games
2013-06-17 15:21 - 2013-02-01 16:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-17 15:21 - 2013-01-11 16:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 16:14 - 2012-12-27 18:25 - 00000000 ____D C:\Users\Anja\AppData\Local\VirtualStore
2013-06-12 22:59 - 2011-02-10 22:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 16:49 - 2013-06-08 16:41 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:08 - 2013-06-15 16:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:28 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:28 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:40 - 2013-06-15 16:27 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:13 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-20 17:46

==================== End Of Log ============================
--- --- ---

schrauber 05.07.2013 17:56
Schon besser :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log. Noch Probleme? :)

Anfänger341 05.07.2013 20:18
Hallo schrauber,

hier ist schon mal das von Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e58e27be3b96c42af2bdc4264548de7
# engine=14283
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-05 06:55:32
# local_time=2013-07-05 08:55:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 8308 124680382 0 0
# scanned=159582
# found=4
# cleaned=0
# scan_time=6044
sh=104B7244DB41860C85F2051571FC4CB510D6E3E2 ft=1 fh=ca3aabc50c0da6c1 vn="a variant of Win32/Kryptik.BFAM trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\FA2DE05D5D072E120000FA2CE63734D0\FA2DE05D5D072E120000FA2CE63734D0.exe.vir"
sh=43906915832B802A48FE0521C6C626D0FAE2B6ED ft=1 fh=fee85871b5c62a34 vn="a variant of Win32/Kryptik.BDOT trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Anja\AppData\Roaming\Kajod\yqhia.exe.vir"
sh=F5B6C73E3342A262E35C010B074E2AF40E155979 ft=1 fh=1b61eaf5d15fc643 vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Anja\AppData\Roaming\Vouc\xaxi.exe.vir"
sh=B9A541AE3F5A4C60FC8AFF160FA9882823BDAE18 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.ONZ trojan" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6b03ddfa-42de7571"

Hallo schrauber,
ich wollte grade den SecurityCheck ausführen, aber ich bekommen immer nur die Meldung:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

Was hab ich falsch gemacht und wie bekomme ich das wieder hin?

Mit freundlichen Grüßen,
die Tochter von Anfänger341

schrauber 06.07.2013 08:48
Das ist halb so wild, Securitycheck zickt manchmal. Frisches FRST log bitte. Noch probleme? :)

Anfänger341 06.07.2013 10:43
Hallo schrauber,
hier das FRSt und Probleme habe ich nicht mehr :dankeschoen:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Anja (administrator) on 06-07-2013 11:43:59
Running from C:\Users\Anja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(BlazeVideo Company) C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-12-27] (Google Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2CQ230JF05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [282624 2009-07-07] (BlazeVideo Company)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe" [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe" [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1519680 2013-07-01] (1und1 Mail und Media GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {429F5671-2B20-4E30-9D4C-641F8CF5C91F} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {58218040-07C8-4FB0-8F4C-2FF3C3C58300} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9DB21D8A-CB78-49B8-9619-94A3D21DD55D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F0C31161-4ABC-4701-BA50-D465404445F1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup:        "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Amazon for Chrome) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0

==================== Services (Whitelisted) =================

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-05 22:52 - 2013-07-05 22:52 - 01526948 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-05 21:34 - 2013-07-05 21:34 - 00890988 ____A C:\Users\Anja\Desktop\SecurityCheck.exe
2013-07-05 19:12 - 2013-07-05 19:12 - 02347384 ____A (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-07-05 18:38 - 2013-07-05 18:38 - 00004042 ____A C:\Users\Anja\Desktop\JRT.txt
2013-07-05 18:33 - 2013-07-05 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 18:31 - 2013-07-05 18:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Anja\Desktop\JRT.exe
2013-07-05 18:31 - 2013-07-05 18:31 - 00000000 ____D C:\JRT
2013-07-05 18:24 - 2013-07-05 18:25 - 00014891 ____A C:\AdwCleaner[S1].txt
2013-07-05 18:24 - 2013-07-05 18:24 - 00650027 ____A C:\Users\Anja\Desktop\adwcleaner.exe
2013-07-05 14:20 - 2013-07-05 14:20 - 00023624 ____A C:\ComboFix.txt
2013-07-05 14:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 14:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 14:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 14:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 13:50 - 2013-07-05 14:21 - 00000000 ____D C:\Qoobox
2013-07-05 13:50 - 2013-07-05 14:19 - 00000000 ____D C:\Windows\erdnt
2013-07-05 13:45 - 2013-07-05 13:46 - 05085494 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-07-04 21:53 - 2013-07-04 21:54 - 00022351 ____A C:\Users\Anja\Desktop\Addition.txt
2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-06-25 18:11 - 2013-07-05 14:00 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-06-25 18:10 - 2013-07-05 14:01 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-15 16:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:28 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 16:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:58 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:58 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:58 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:58 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:58 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:41 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:41 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:41 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:41 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:41 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:41 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:41 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:41 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:41 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:41 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:41 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:41 - 2013-06-08 16:49 - 00009534 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-06 11:41 - 2013-01-11 16:26 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Skype
2013-07-06 11:41 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:41 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:33 - 2010-11-21 05:47 - 00057486 ____A C:\Windows\PFRO.log
2013-07-06 11:33 - 2009-07-14 06:51 - 00065259 ____A C:\Windows\setupact.log
2013-07-06 01:15 - 2012-12-27 18:18 - 02020353 ____A C:\Windows\WindowsUpdate.log
2013-07-05 22:52 - 2013-07-05 22:52 - 01526948 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-05 22:52 - 2011-02-10 21:25 - 00657676 ____A C:\Windows\System32\perfh007.dat
2013-07-05 22:52 - 2011-02-10 21:25 - 00131016 ____A C:\Windows\System32\perfc007.dat
2013-07-05 21:34 - 2013-07-05 21:34 - 00890988 ____A C:\Users\Anja\Desktop\SecurityCheck.exe
2013-07-05 21:09 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 19:12 - 2013-07-05 19:12 - 02347384 ____A (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-07-05 18:38 - 2013-07-05 18:38 - 00004042 ____A C:\Users\Anja\Desktop\JRT.txt
2013-07-05 18:33 - 2013-07-05 18:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 18:32 - 2012-12-27 20:57 - 00000000 ____D C:\Users\Anja\Desktop\Alles
2013-07-05 18:31 - 2013-07-05 18:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Anja\Desktop\JRT.exe
2013-07-05 18:31 - 2013-07-05 18:31 - 00000000 ____D C:\JRT
2013-07-05 18:25 - 2013-07-05 18:24 - 00014891 ____A C:\AdwCleaner[S1].txt
2013-07-05 18:24 - 2013-07-05 18:24 - 00650027 ____A C:\Users\Anja\Desktop\adwcleaner.exe
2013-07-05 14:21 - 2013-07-05 13:50 - 00000000 ____D C:\Qoobox
2013-07-05 14:21 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-05 14:20 - 2013-07-05 14:20 - 00023624 ____A C:\ComboFix.txt
2013-07-05 14:19 - 2013-07-05 13:50 - 00000000 ____D C:\Windows\erdnt
2013-07-05 14:17 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-05 14:01 - 2013-06-25 18:10 - 00000000 ____D C:\ProgramData\Avira
2013-07-05 14:00 - 2013-06-25 18:11 - 00000000 ____D C:\Users\Anja\AppData\Local\DoNotTrackPlus
2013-07-05 13:46 - 2013-07-05 13:45 - 05085494 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-07-04 21:54 - 2013-07-04 21:53 - 00022351 ____A C:\Users\Anja\Desktop\Addition.txt
2013-07-04 21:51 - 2013-07-04 21:51 - 00000000 ____D C:\FRST
2013-07-04 21:50 - 2013-07-04 21:50 - 01934636 ____A (Farbar) C:\Users\Anja\Desktop\FRST64.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 06604352 ____A (AVAST Software) C:\Users\Anja\Desktop\avast_free_antivirus_setup_online.exe
2013-07-03 21:41 - 2013-07-03 21:41 - 00000002 ____A C:\AvastSetup.log
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 06:52 - 2013-07-02 06:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-02 06:51 - 2012-12-27 18:20 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 06:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 22:50 - 2012-12-27 18:20 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 22:32 - 2012-12-27 23:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 19:21 - 2013-07-01 19:21 - 00000000 ____D C:\ProgramData\UUdb
2013-07-01 19:21 - 2012-12-27 19:58 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-26 19:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 18:10 - 2013-06-25 18:10 - 00000000 ____D C:\Firefox
2013-06-25 18:06 - 2013-06-25 18:06 - 02092792 ____A C:\Users\Anja\Downloads\avira_free_antivirus.exe
2013-06-21 21:34 - 2012-12-27 19:27 - 00000000 ____D C:\Users\Anja\AppData\Local\Google
2013-06-20 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:43 - 2013-02-10 12:13 - 00000000 ____D C:\Users\Anja\AppData\Local\Microsoft Games
2013-06-17 15:21 - 2013-02-01 16:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-17 15:21 - 2013-01-11 16:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 16:14 - 2012-12-27 18:25 - 00000000 ____D C:\Users\Anja\AppData\Local\VirtualStore
2013-06-12 22:59 - 2011-02-10 22:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:33 - 2012-12-27 23:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 16:49 - 2013-06-08 16:41 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-08 16:42 - 2013-06-08 16:42 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 16:42 - 2013-06-08 16:42 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 16:42 - 2013-06-08 16:42 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 16:42 - 2013-06-08 16:42 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 16:42 - 2013-06-08 16:42 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 16:42 - 2013-06-08 16:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 16:08 - 2013-06-15 16:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:28 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:28 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:28 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:28 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:40 - 2013-06-15 16:27 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:13 - 2013-06-15 16:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-20 17:46

==================== End Of Log ============================
--- --- ---

schrauber 06.07.2013 10:45
Fertig :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Anfänger341 06.07.2013 14:18
Hallo schrauber,
ich hab alles erledigt, vielen Dank für deine Hilfe

Die TOchter von Anfänger341

schrauber 06.07.2013 17:21
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19